device behind firewall connect via ssh

There have been a few questions like this around the place but none have really answered my question specifically.(for example Connecting to device behind firewall )

What I want is a central server, that receives a heartbeat from multiple ( say 100's) embedded devices behind personal firewalls. These devices need to be able to do two things.

1. Grab new config from the server. I suspect I can just do this via a http get from the device to the server and pull down some XML, then reload its own config.
2. Open an ssh connection to the server to allow an admin to login to the command line of the device and do maintenance and troubleshooting remotely.ie device => server <= admin and admin can get to bash command line or equivalent.

the device is a low powered embedded device that will be running linux. A solution in python would be preferable (im thinking something with paramiko for the ssh) but im open to other solutions. The main thing is there is there will be no technical users in the private network, so it should be able to plug into a consumer grade ADSL modem, get a DHCP address and all this should work. I can preload the device with anything before hand, for example ssh certificates for passwordless ssh etc.

anybody go开发者_如何学Got any idea's?

Cheers

Mark

You can setup ssh tunnel (from python script or from console):

ssh -NR10022:localhost:22 foo@mainserver.com

Then you can simply login to main server and then ssh bar@localhost -p 10022

You should have ssh keys, so you don't have to put password (google about "ssh without password").

A more elaborate method might be some type of firewall hole punching.

On second though, maybe this is not necessary, since there is only one firewall involved. The trick is to get your embedded device to initiate an outbound connection first.