Piku,
You would not need to give them ssh access to anywhere.
Simply ping a URL on some public webserver you have.
Pass the location as parameters to the page and have the page store the location in a database.

Nothing more, nothing less.

We aren't saying we can get the machine back but at least knowing where it is might help.

You are right about the gps lag time, but since we can send the last known location it at least narrows down the search. depending on how they use it and what is logged you should get a good idea of location more than simply an ip address ping.

Also, I believe you overestimate the intelligence of your common criminal, watch My Name is Earl for examples