Headless mint with Raspberry Pi Guide

I wrote a quick guide to run a peercoin full node on raspberry pi to support the network, here.
In order to mint with a peace of mind, there are a few more steps that should be put in place. First of all minting node should not listen to port 9901 as the full node, and ppcoind should be compiled by yourself from github. Here we go:

Goal

  • to config a raspberry pi for secure minting peercoin through ssh (well, if you don’t trust your computer, you would need to find usb keyboard / hmdi display to config the pi directly )
  • the encrypted wallet file is to reside on an encrypted folder to make it harder to access
  • rpcpassword is removed after ppcoind starts to prevent intruder to talk with the daemon
  • control ppcoind thru rpc over ssh tunnel from secure computer

Requirement

  • a secure computer to config the pi
  • no need for physical keyboard / hmdi display or mouse, everything will be done over ssh
  • need network cable, or some kinds of network device
  • need to have a working dhcp, of course
  • need ppcoind on the secure computer to talk with the ppcoind on the pi

Step 1

Step 2

  • Look for the ip of your pi. You may use nmap if available ( for example: nmap -sP 192.168.1.1/24 ), or look it up on your router control panel.
  • ssh pi@your_pi_ip

Step3

  • change password with “passwd”
  • and run the followings
rm .bash_history
ln -s /dev/null .bash_history
sudo update-rc.d lightdm disable 2
sudo /usr/bin/raspi-config --expand-rootfs
sudo rm -f /etc/profile.d/raspi-config.sh
sudo apt-get -y --purge remove midori netsurf-common netsurf-gtk penguinspuzzle python-pygame scratch timidity wolfram-engine squeak-vm squeak-plugins-scratch dillo idle idle3 idle-python2.7 idle-python3.2 python-numpy python-support

sudo apt-get -y update
sudo apt-get -y install encfs
sudo adduser pi fuse
sudo shutdown -r now

*note that you may put them on a text file and execute it with

. yourscript

Step 4

  • build ppcoind using the followings

[code]sudo apt-get -y upgrade

sudo apt-get -y install ntpdate ufw build-essential libboost-dev libboost-system-dev libboost-filesystem-dev libboost-program-options-dev libboost-thread-dev libssl-dev libdb+±dev libminiupnpc-dev git g++ g+±4.6

sudo dd if=/dev/zero of=/swapfile bs=64M count=16
sudo mkswap /swapfile
sudo swapon /swapfile
cd /home/pi

git clone https://github.com/ppcoin/ppcoin.git
cd ppcoin/src

make -f makefile.unix ppcoind USE_UPNP=

mv ppcoind ~/
cd ~/

sudo swapoff /swapfile
sudo rm -f /swapfile[/code]

Step 5
-enable firewall and allow only ssh access

sudo ufw allow 22 sudo ufw --force enable sudo ufw status

Step 6
-make encrypted folder for wallet.dat

[code]mkdir -p ~/.ppcoin

#you may use paranoid mode for encfs
encfs ~/.data ~/data

ln -s ~/data/wallet.dat ~/.ppcoin/wallet.dat
[/code]

Step 7
-set up rpc password

nano ~/.ppcoin/ppcoin.conf

to add the followings to the file

rpcuser=xxx rpcpassword=yourpassword

Step 8
-on your secure computer, transfer wallet.dat to the encrypted folder

scp wallet.dat pi@your_pi_ip:~/data

Step 9

#start ppcoind ~/ppcoind -listen=0 -daemon -server #remove credential to deter intruder from talking to it rm ~/.ppcoin/ppcoin.conf

Step 10
-on the secure computer, open another session

ssh -L 127.0.0.1:9902:127.0.01:9902 pi@your_pi_ip

-now the tunnel is establish, open another bash session on the secure computer to unlock wallet for minting
but first add rpcuser/rpcpassword to the ~/.ppcoind/ppcoin.conf of the secure computer and run the followings (on the secure computer as well)

./ppcoind walletpassphrase <secretpasswordtoyourwallet> 999999999 true ./ppcoind getinfo

Step 11
-you may turn off access to ssh, but you won’t be able to control it until the next reboot

sudo service ssh stop

[hr]

:pbjt:

if the pi is rebooted, you will have to decrypt the encrypted folder with “encfs ~/.data ~/data”, set rpcpassword on ppcoin.conf, start ppcoind daemon, and tunnel to unlock wallet for minting

How safe its this ?

  • if you turn ssh service off after unlocking wallet, there should be no way to attack it remotely
  • but ssh is nice to have for controlling the pi, it might not be a big of risk leaving it on
  • in case a physical intruder shutdowns the pi and takes the SD card, he should not be able to get to the wallet.dat as it’s in the encrypted folder
  • if for god knows how, an intruder able to get in the pi while it’s minting, what he could do might be tapping on rpc trying to eavesdrop rpcpassword, or dumping the memory for private keys of the wallet, which is not an easy task for average hacker I guess, let’s hope for the best

I know this is a thread from 3 years ago, but I need a hand.
Also following the official at How to: Peerbox Support Thread (Updated to v0.6.1) but i’m unable to go forward…

pi@raspberro-peerbox:~ $ sudo apt-get -y install ntpdate ufw build-essential libboost-dev libboost-system-dev libboost-filesystem-dev libboost-program-options-dev libboost-thread-dev libssl-dev libdb++-dev libminiupnpc-dev git g++ g++-4.6
Lettura elenco dei pacchetti... Fatto
Generazione albero delle dipendenze
Lettura informazioni sullo stato... Fatto
Il pacchetto ufw non ha versioni disponibili, ma è nominato da un altro
pacchetto. Questo potrebbe indicare che il pacchetto è mancante, obsoleto
oppure è disponibile solo all'interno di un'altra sorgente
E: Impossibile trovare il pacchetto ntpdate
E: Il pacchetto "ufw" non ha candidati da installare
E: Impossibile trovare il pacchetto libboost-dev
E: Impossibile trovare il pacchetto libboost-system-dev
E: Impossibile trovare il pacchetto libboost-filesystem-dev
E: Impossibile trovare il pacchetto libboost-program-options-dev
E: Impossibile trovare il pacchetto libboost-thread-dev
E: Impossibile trovare il pacchetto libssl-dev
E: Impossibile trovare il pacchetto libdb++-dev
E: Impossibile trovare alcun pacchetto tramite l'espressione regolare "libdb++-dev"
E: Impossibile trovare il pacchetto libminiupnpc-dev
E: Impossibile trovare il pacchetto g++-4.6
E: Impossibile trovare alcun pacchetto tramite il glob "g++-4.6"
E: Impossibile trovare alcun pacchetto tramite l'espressione regolare "g++-4.6"

When I try to install the package list on your Step4 this happens: unable to install nothing. What to do?

are you using stretch or jessie?

you need jessie
https://downloads.raspberrypi.org/raspbian/images/raspbian-2017-07-05/