Brief overview:

I know you can't use the SSH server to do a direct connection to the N900 from a PC when the N900 is on GPRS. But, is there any workable solution? What I'd like is to be able to get to the terminal remotely on the N900 while it is on GPRS connection.

Perhaps there's a fairly easy way to do this?

Longer overview:

We currently use Blackberries within the office and have an application that our employees can't remove or shut down (ok, "can't" is a mighty strong word). It will allow us to track their GPS coordinates on command as well as do backups at predefined intervals. This is primarily used for delivery tracking (knowing when to have our warehouse people ready to unload a truck, knowing if a truck gets stuck at the border, etc.), and to be able to have all data backed up in case of phone loss or failure.

Due to other capabilities with the N900, we are looking at the feasability of switching. I have been using one phone to work with and try to get working. What I was hoping to do is either have a way to have a PC script log into the N900 at predefined intervals and pull GPS location from it (as well as have backups pulled), or to have something on the phone that isn't uninstallable or shutdown easily (and that starts at bootup) to send coordinates/backup information to our servers at predefined intervals.

GPRS/EDGE is a relayed connection and is not very useful for prolonged socket connections, tho in theory if your provider is not into ports blocking it should work, but if all you need is just to periodically connect to a specific device and pull some data from it there are plenty of ways to do it. Probably the simplest one would be to use an always-on deamon that will report to your servers IP of the each device whenever it changes - that way you'll always know how to get to any specific device. A simple custom bind solution could do all that automatically.

However, such an approach seems a bit overkill, and it won't work if the ports are blocked, and it's tedious work to log into each device separetly just to perform a simple GPS check. It would be wiser to write a simple web service, and a to write a script/app for N900 that will gather all the needed data, pack it, and send it to your service on predefined periods (simple cron would do the trick here). Yes, you won't have a direct access to the target device in that case, but do you really need to?

As for the uninstallable part, well, there are ways to make it difficult to uninstall, but if those delivery guys are a bit techie they'll find a way - they have root access after all. If those guys have no idea what xterm is, simple cron execution is more than enough to 'conceal' it. However, I wouldn't worry about it anyways - if they don't want to be tracked they can always disable internet connection on the device, or even turn off all the radios (airplane mode) and then all your efforts are in vain.

This is exactly what I was thinking/hoping as well. Problem is, I've got a huge learning curve here...and a fairly short period of time to work with...If anyone wants a cool project to work on for a couple of days let me know

This may not be exactly what you're looking for, but I wanted to be able to ssh in to the n900 over gprs and my carrier seems to be blocking all incoming ports.

What I ended up doing was setup an openvpn connection to a server I have access to. Since it's an outgoing connection the carrier doesn't limit it. Then, I can use that server as an intermediate hop to ssh into the phone via the vpn.

An added bonus is that openvpn is very resilient to sporadic connection errors and will auto reconnect if gprs drops for a bit.

I'll be glad to post the config files for openvpn and detailed instructions if you'd like them. I used the openvpn package as well as the openvpn-applet to provide a statusbar control for it.

could you not use vnc? the n900 can act as a server or client for this...

Ta

The problem is that with VNC as well as SSH, the IP on GPRS is not a public IP - so connections to the device from outside are not easily done.

I like the idea of doing this through VPN, and would love to see what you have done to see if I can modify it for our needs...my concern is that the devices still need internet connectivity - and if they are on our VPN and allowing an ssh tunnel through that way, I think we will eliminate their internet access, but I need to confirm this.

But couldn't you just set a root password that the user doesn't know?

You could, but that still wouldn't stop them to kill internet connection anyways, and even then, they can install OpenSSH Server from the App Manager which will run on root privileges and ask them to type a new password.

You can, in theory, lock them out from removing your script by locking them from using several features of the device, but that's just an overkill. After all, you'd know if they've disabled the tracking and you can fire them for that.

I don't see how an OpenSSH server would enable you to change the root password. To log in with ssh, you'd still need the root password. What's more, you could remove the SetUID-Bit from the App Manager, so it would be unusable without the root password.

I'd rather consider that an overkill.

When installing OpenSSH Server, it prompts you to enter a new root password, and since it's installing as root, it can change the already set password.

And if your workers are aware that they are tracked, and that it's a requirement for their job, trying to prevent that should result in them loosing their jobs. If they are not aware, you'd better hope they don't find out or they can sue you for hefty amount of money and jail time for nonconsensual privacy invading.