I have had a couple of requirements recently where I have needed to leave a device onsite for remote access. I initially thought that the best way to handle this would be to put a pi onsite that joined my VPN and then I could connect to all the machines on the remote network and do my troubleshooting like that…
I looked at my pi shelf and there looking all little and shiny was a Pi Zero… At this point I thought to myself… what do I actually need from this device.
I have a couple of Emergency Linux VMs on dedicated servers that run a lightweight GUI with pretty much just a web browser. These emergency VMs work with VNC, but VNC isn’t running all the time. You SSH into them and as part of the login it fires up a VNC session and when you log off it tears the connection down. So you SSH in with 2FA, this starts the VNC Server (with a password), when you finish you log out and it clears down the VNC session. I also installed a cron job that checks the devices external IP address and emails you when it changes (for when it goes into a residential setting).
Here’s how it’s setup
- Install Raspberry OS (with desktop)
- Enable SSH
- Add to .bashrc
if [[ -n $SSH_CONNECTION ]] ;
vncserver
fi
- Add to .bash_logout
vncserver kill :1
- Enable 2FA for SSH login
- Install the following script for emails if IP changes
When you arrive onsite, connect the pi zero to the network, add a port forward for port 22 and 5901 to the pi. Check the IP emailer works (see link above).