Hi guys,
in my opinion it is very important for Peercoin to have a good participation of Peercoin holders on the PoS process. To archieve this, I see two important points:
- It has to be very secure
- It has to be cheap to run it
I have some plan in my mind on how I want to do minting in the future in a safe as possible environment. The reason why I start this thread is to gather opinions and (hopefully) to profit from your knowhow with Linux and the Pi. I have two Pi to play with, but really bad knowledge with Linux.
What I plan (already changed/optimized several times) :
Internet <----> Router <— ethernet----> Pi A <----crossover ethernet cable----> Pi B
So the plan is to setup Node A along Tea42´s guide. It will be connected to the internet through ethernet to my normal home subnet. A secon network adapter (USB) will be used to connect to Pi B. All ports except port 9901 incoming from Pi B should be blocked. No Coins will be hold in Pi A´s wallet.
Note: First my idea was to run Node A as active node. I then decided, that it is not worth the additional effort and (probably) even a security risk. Instead I will rent a VPS and run active node there. As a additional layer of security it whould be possible to connect Pi A only to the VPS and Pi B. This whould help to hide your IP adress.
On Pi B all connections except the port 9901 to Pi A should be blocked. It will be connected to Pi A through a crossover ethernet cable in a different subnet with fixed IPs. It would also be nice to boot from a readonly SD card (is this possible?). On Pi B I will hold my Peercoins and enable minting.
Note: First my idea was to have a different distribution on pi B to minimize the risk of a constructional weakness which could be used to hack both. I decided to skip that, since it is not worth the additional effort. I assume Tea´s distribution is secure enough. Perhaps Someone with 100k+ PPC should use a Arduino or something similar instead of Pi B
What do you think about it? Is this a overkill or still unsecure? Do you have any suggestions to improve?
Todo List:
Further harden/strip it
Provide downloadable Images (Pi A and B) for those who are not as paranoid as I am (at least the Image for Pi B should be compiled and uploaded from a trusted member like Fuzzy)
Write a guide and post here (in progress)
I will keep this post updated and modify the description above.
Thanks in advance for your support!
Muto