[ANN] Peerbox project

#21

As far as i know you can disable ssh by your own in the command window and that should be secure enough. But how should you use 2 sd cards in a raspberry pi and why should it be more secure ???

#22

[quote=“Sentinelrv, post:20, topic:2485”]This was posted on Reddit, in case it makes any sense to you…

"would be possible to make an ultra secure version? i'm thinking something that cannot be accessed from outside (no ssh, etc...) just the ppc port open. one could put 2 sd cards, one with the OS and one with the wallet."
[/quote]

For now ssh is there only for monitoring and controlling daemon (as it is written in my release announcement). In future releases when I move the control of daemon from localhost to localnet Ssh will loose it purpose and might get deactivated. But I don’t see Ssh as security failure, as user can use ssh-keys already and I plan to add 2factor authentication (the one with google app like on exchanges).

About two cards / two disks. I see why you want it, I guess.
Ok, this is peace of cake. SD card will be used for OS and if wallet is present on USB drive it will be used by the OS.
However, you will have to use wallet somehow. So it Ssh or web wallet.

#23

Although I would prefer stripped ssh or webwallet as you suggest, I think you could still do without both by just executing wallet commands in terminal mode locally. Attach keyboard and monitor to rpi and off you go 8)

#24

And as long as the firmware on your keyboard or mouse hasn’t been compromised, you’re good to go!

I’m joking … probably.

#25

I never planed to support GUI, it seems overkill to me. And it is clumsy.
Safe webwallet communicating with Peerbox via http requests is safe enough (if done properly and only on LAN), and it eliminates need for ssh.

#26

I’ve set up Peerbox on my Pi and everything is looking good. It’s been hovering around 9 or 10 connections for most of the day.

#27

I never planed to support GUI, it seems overkill to me. And it is clumsy.
Safe webwallet communicating with Peerbox via http requests is safe enough (if done properly and only on LAN), and it eliminates need for ssh.[/quote]
Sorry for the confusion, but I was not referring to GUI, just the command line.

#28

Could there be a consolidated instruction only for peerbox, starting from opening packaging of a new Raspi?

#29

there will be, but after I finish with major features

#30

there will be, but after I finish with major features[/quote]

Take your time.

#31

Status update

Main focus of development recently was to introduce Grsecurity patch to Raspberry Pi kernel.
That is finally accomplished, there was bounty for 0.5 BTC to fix this problem.

Bounty was accepted by one of Grsecurity developer (author of grsec patch actually), and we got fix needed.
We brought Grsecurity to Raspberry Pi!

This is no mere fix, this is long - term solution since kernel that will be used for Peerbox (rpi-3.14.x) will be the same version that will be supported by Grsecurity guys long term (grsecurity-3.0-3.14.x).

Grsec author:

Our 3.14 kernel will track the longterm upstream 3.14, just as our 3.2 kernel does.
If ever there's a problem in the future just let me know via xxx@grsecurity.net and I'll get it taken care of, since I do want to make sure grsec works fine on ARM.

Developer provided the patch:
https://grsecurity.net/grsecurity-3.0-3.14.6-rpi-201406301600.patch

And another patch if I ever need it to make raspberry pi kernel working with grsec:
https://grsecurity.net/~spender/rpi-3.14.patch

I have also asked developer to think about Peercoin in the future, since they accept crypto donations via Bitcoin already.
However I did not get response yet, I will update the post if they accept the proposal.

[center]=================================================[/center]

I will release second image this weekend, changes will include all completed features until now beside new grsec enable kernel.
Also, there will be change in naming the releases.
New image will be v0.11, since 0.1 branch will be without grsec.

When I test the new kernel enough and implement other features related to Grsecurity I will release new v0.2 image.

See you on weekend, Peerchemist.
8)

#32

Wow, that’s great news!

Thanx for all the work done.

#33

I wanted to post this for peerchemist, which I found in another thread…

[quote=“Cybnate”]All threads try to reduce the risks or make minting more attractive. What hasn’t been addressed properly in my opinion is the risk of bringing coins on-line, especially for non-technical users. Although Peerbox is going in right direction and is very promising it is still not accessible for the non-technical users. Non-technical users would only be 100% confident if someone just guarantees the safety of their coins and make it dead easy (Peerbox may come close) and someone is able to back that up with payouts when compromised. That is how the banks do it.

So I see a business model with Peerbox and an insurance on top to fix it all without changing the Peercoin protocol, say 10% premium of the 1% reward payable to guarantee Peerbox minting wallets up to 10000 PPC/Peerbox. Part of the premium goes into further testing and strengthening Peerbox, part to a fund to cover the odd compromised wallet and part goes to dividends for Peershares holders.
Issue is the proof that Peerbox wallet has been compromised to prevent false claims, need to think about that, but that is good for another thread.

Edit: Looking at it, maybe the 1% reward is just too low in the current economic environment to encourage more than 10% of the PPC stake to mint. It might not be the risk/reward factor but the hassle/reward factor. Peerbox might fix this if they can provide a plug-and-play box (no ip and network config etc.). It might not be possible yet due to lack of standards in this area.

My apologies for going slightly off-topic here.[/quote]

#34

@Sentinelrv

Thanks, all of this was already thought about. Along with many more features that if implemented will ease mind of any merchant accepting Peercoins.

For more info, stay tuned :stuck_out_tongue:

#35

[size=14pt]BUMP![/size]

New release!

http://peerbox.me/download/peerbox-raspi-v0.11.img.gz

For more info and changelog check first message in thread!

Looking for mirrors!!

#36

This is really great, a future with a dedicated usb for peercoin, would be awsome!

#37

[quote=“peerchemist, post:35, topic:2485”][size=14pt]BUMP![/size]

Looking for mirrors!![/quote]

http://coinno.de/mirror/peerbox-raspi-v0.11.img.gz

Enjoy!

#38

I wrote a quick guide for Peerbox. @Peerchemist and others, please review this guide for mistakes and give suggestions for how to improve it.

Guide for setting up a full node on Raspberry Pi using Peerbox

Download the latest Peerbox image from https://peerbox.me/

Extract the file. You can do this automatically on Mac, or with software such as 7-zip on Windows.

Write the Peerbox image onto your SD card by using software such as Win32DiskImager (Windows) or PiWriter (Mac). Locate the image file, select the drive letter of the SD card, and press “write”.

Eject your SD card, and place it in your Raspberry Pi. Connect your Raspberry Pi to your router via Ethernet cable, and boot your Pi by connecting the power supply.

Now you need to find the IP address your Raspberry Pi has been assigned within your local network, so you can connect to it remotely. You can find this by logging into your router. Open a browser and input the IP address of the router into the URL bar. This address can often be found on the back of the router, as well as the username and password. If not, open the command prompt and enter [font=courier]ipconfig[/font], your router’s address will be visible beside “Default Gateway” (Windows), or go to System Pref>Network>Ethernet and look at the “Router” field (Mac).

Peerbox should be visible under connected devices or something similar. Note the IP address it has been assigned, it will be in the format 192.168.x.x or 10.0.x.x

Another easy method is by using network scanning software such as Fing, which should detect which device is the Raspberry Pi and show you its address.

Connect to your Pi using SSH. You will need a client for this, one option is a browser extension such as FireSSH for Firefox, or Secure Shell for Chrome. The host is the Peerbox IP address you found in the previous step. The port is 22, the username is sunny, and the password is sunny.

You should now be connected. You can change your password if desired by entering the [font=courier]passwd[/font] command. Check the status of your Peerbox with the [font=courier]peerbox-info[/font] command. This will show you when the blockchain is synced, how many connections you have to the Peercoin network, as well as your Raspberry Pi’s serial number.

If you would like to use wifi instead of ethernet, you can now plug in a compatible wifi adapter and configure a wireless connection with the [font=courier]wifi-menu[/font] command.

Finally, set up port forwarding on your router so that your Peerbox can accept incoming connections. This allows you to distribute the Peercoin blockchain to others. Peerbox will send a request to your router to forward the relevant port, so this may happen automatically. However, if this doesn’t work with your router, you can set it up manually. Login to your router following the same steps as before. Each router is different, but you need to find the option for enabling port forwarding, and open the 9901 TCP port for Peerbox.

Within a few hours, you should have 9 or more connections on your Peerbox (indicating that you are successfully port forwarding). You can continue to check on its status whenever you want by connecting via SSH, and entering the [font=courier]peerbox-info[/font] command.

Please also check the original post of this thread and the Peerbox board for more information and up-to-date changes.

#39

[quote=“river333, post:38, topic:2485”]I wrote a quick guide for Peerbox. @Peerchemist and others, please review this guide for mistakes and give suggestions for how to improve it.

Guide for setting up a full node on Raspberry Pi using Peerbox

Download the latest Peerbox image from http://peerbox.me/download.html

Extract the file. You can do this automatically on Mac, or with software such as 7-zip on Windows.

Write the Peerbox image onto your SD card by using software such as Win32DiskImager (Windows) or PiWriter (Mac). Locate the image file, select the drive letter of the SD card, and press “write”.

Eject your SD card, and place it in your Raspberry Pi. Connect your Raspberry Pi to your router via Ethernet cable, and boot your Pi by connecting the power supply.

Now you need to find the IP address your Raspberry Pi has been assigned within your local network, so you can connect to it remotely. You can find this by logging into your router. Open a browser and input the IP address of the router into the URL bar. This address can often be found on the back of the router, as well as the username and password. If not, open the command prompt and enter [font=courier]ipconfig[/font], your router’s address will be visible beside “Default Gateway” (Windows), or go to System Pref>Network>Ethernet and look at the “Router” field (Mac).

Peerbox should be visible under connected devices or something similar. Note the IP address it has been assigned, it will be in the format 192.168.x.x or 10.0.x.x

Connect to your Pi using SSH. You will need a client for this, one option is a browser extension such as FireSSH for Firefox, or Secure Shell for Chrome. The host is the Peerbox IP address you found in the previous step. The port is 22, and both the username and password is root.

You should now be connected. You can change your password if desired by entering the [font=courier]passwd[/font] command. Check the status of your Peerbox with the [font=courier]peerbox-info[/font] command. This will show you when the blockchain is synced, how many connections you have to the Peercoin network, as well as your Raspberry Pi’s serial number.

Finally, set up port forwarding on your router so that your Peerbox can accept incoming connections. This allows you to distribute the Peercoin blockchain to others. Login to your router following the same steps as before. Each router is different, but you need to find the option for enabling port forwarding, and open the 9901 TCP port for Peerbox.

Within a few hours, you should have 9 or more connections on your Peerbox (indicating that you are successfully port forwarding). You can continue to check on its status whenever you want by connecting via SSH, and entering the [font=courier]peerbox-info[/font] command.[/quote]

Nice, thanks river333.

I will add just a few things.

To ease finding IP of your Peerbox instance one can also use some sort of Network Scanner software. Even though it is proprietary software I prefer Fing by Overlook Software (http://www.overlooksoft.com/fing). It works on all platforms (Windows, IOS, Mac OS X, Linux and Android) and it is fast and very easy to use.

Fing output should list something like this (example):

Host is up: 192.168.1.32 HW Address: B8:27:EB:E3:F2:AA (Raspberry Pi Foundation)

See, it should detect that this device is Raspberry Pi and it’s address.

After logging into your Peerbox via ethernet cable you can plug in wifi adapter and configure wireless connection with wifi-menu command.

This should work as basic tutorial on Peerbox, enough to be used by “Nodes on Raspberry Pi” project.

#40

Thanks! I suppose I can use sftp to upload a wallet or put fund in the wallet on the pi by using importprivkey?
I could create a new address with the client on the pi and send fund to it but it costs transaction fee and destroys coin-age.