[Project] Secure minting with Raspberry Pi

General
1

Hi guys,

in my opinion it is very important for Peercoin to have a good participation of Peercoin holders on the PoS process. To archieve this, I see two important points:

  1. It has to be very secure
  2. It has to be cheap to run it

I have some plan in my mind on how I want to do minting in the future in a safe as possible environment. The reason why I start this thread is to gather opinions and (hopefully) to profit from your knowhow with Linux and the Pi. I have two Pi to play with, but really bad knowledge with Linux.

What I plan (already changed/optimized several times) :

Internet <----> Router <— ethernet----> Pi A <----crossover ethernet cable----> Pi B

So the plan is to setup Node A along Tea42´s guide. It will be connected to the internet through ethernet to my normal home subnet. A secon network adapter (USB) will be used to connect to Pi B. All ports except port 9901 incoming from Pi B should be blocked. No Coins will be hold in Pi A´s wallet.

Note: First my idea was to run Node A as active node. I then decided, that it is not worth the additional effort and (probably) even a security risk. Instead I will rent a VPS and run active node there. As a additional layer of security it whould be possible to connect Pi A only to the VPS and Pi B. This whould help to hide your IP adress.

On Pi B all connections except the port 9901 to Pi A should be blocked. It will be connected to Pi A through a crossover ethernet cable in a different subnet with fixed IPs. It would also be nice to boot from a readonly SD card (is this possible?). On Pi B I will hold my Peercoins and enable minting.

Note: First my idea was to have a different distribution on pi B to minimize the risk of a constructional weakness which could be used to hack both. I decided to skip that, since it is not worth the additional effort. I assume Tea´s distribution is secure enough. Perhaps Someone with 100k+ PPC should use a Arduino or something similar instead of Pi B

What do you think about it? Is this a overkill or still unsecure? Do you have any suggestions to improve?


Todo List:

Further harden/strip it
Provide downloadable Images (Pi A and B) for those who are not as paranoid as I am (at least the Image for Pi B should be compiled and uploaded from a trusted member like Fuzzy)
Write a guide and post here (in progress)

I will keep this post updated and modify the description above.

Thanks in advance for your support!
Muto

2

Shopping List

2 Raspberry Pi B 2 SD-Cards (atleast 8 GB) 1 Ethernet Crossover Cable (very short) 1 Ethernet Cable and [url=http://elinux.org/RPi_USB_Ethernet_adapters]1 USB Ethernet Adapter[/url] [b]or[/b] WLAN adapter and connect Pi A to the router via WLAN 2 Power suplys for the Pi

Optional:
2 Cases for the Pi
2x3 Heatsinks for the Pi

The following guides base upon the knowledge of several Peercointalk members.

Setup Guide Node A (in progress)

1. Follow this guide by Tea 42: http://www.peercointalk.org/index.php?topic=2702.0 2. Create the Swapfile
[b]sudo dd if=/dev/zero of=/swapfile bs=64M count=16 sudo mkswap /swapfile sudo swapon /swapfile[/b]
3. Duplicate the SD-Card to save time on Pi B (with [i]Win32 Disk Imager [/i]or similar) 4. Plugin additional [url=http://elinux.org/RPi_USB_Ethernet_adapters]network card/adapter (USB)[/url] and make sure it is correctly installed 5. set fix IP-address
[b]sudo nano /etc/network/interfaces [/b] add the following lines [b]iface eth1 inet static address 192.168.200.1 netmask 255.255.255.252[/b] save the file
6. configure Firewall
[b]sudo ufw default deny sudo ufw allow 9901 sudo ufw delete 1 sudo ufw status[/b] (to check the settings)
7. Change peercoin.conf
[b]sudo nano /home/pi/.ppcoin/ppcoin.conf[/b] add the following line: [b]connect=192.168.200.2[/b] save
8. autostart Peercoin QT at startup (optional)
[b]sudo nano /etc/xdg/lxsession/LXDE/autostart[/b] Add the following line [b]@/home/pi/.ppcoin/ppcoin-qt[/b]
9. reboot

Setup Guide Node B (in progress)

1. Use the duplicated SD-Card 2. Connect a crossover cable from Pi B to the USB adapter of Pi A 3. set fix IP-address
[b]sudo nano /etc/network/interfaces [/b] add/change the following lines [b]iface eth0 inet static address 192.168.200.2 netmask 255.255.255.252[/b] save the file
4. Change peercoin.conf
[b]sudo nano /home/pi/.ppcoin/ppcoin.conf[/b] add the following line: [b]connect=192.168.200.1[/b] save
5. configure Firewall
[b]sudo ufw default deny sudo ufw allow 9901 sudo ufw delete 1 sudo ufw status[/b] (to check the settings)
6. autostart Peercoin QT at startup (optional)
[b]sudo nano /etc/xdg/lxsession/LXDE/autostart[/b] Add the following line [b]@/home/pi/.ppcoin/ppcoin-qt[/b]
7. reboot 8. unlock for minting

How to connect to the WLAN

[b]sudo nano /etc/network/interfaces[/b] Edit/add the following lines: [b]allow-hotplug wlan0 auto wlan0 iface wlan0 inet dhcp wpa-ssid wpa-psk [/b]
3

As firewall you can also install ufw, its very simple to configure.

It is a cool setup, your minting pi is only connected to the other (full node) pi, so it always has 1 connection to the peercoin network. I wonder if that is enough, but it never hurts to test something new! You can use the addnode= in the ppcoin.conf to make certain it connects.

Personally I don’t like the idea of forwarding any port from outside to any computer on the same network as my wallet… A super secure alternative would be to hire a VPS somewhere. A small online server costs about $5 a month, and then you have a full node running on its own, not on your own lan.

I don’t like the idea of ssh to my wallet either. It is encrypted, but a hacker or virus only needs to figure out 1 username/password combination to get in. To be 99.9% safe you’d need a complex password, and change it every month or so.

4

Not sure about that, if you use strong passphrases with over 30 characters I wonder what the risk would be. Even with brute force it will take many, many years to crack it.
I think the risk on viruses with keyloggers is far greater.

5

That is true. Also, port forwarding to 9902 RPC is far less dangerous than I thought, see http://www.peercointalk.org/index.php?topic=2702.msg23884#msg23884

[quote=“josojo, post:11, topic:2255”]Well I dont think RPC calls are this dangerous.

Bruteforcing these hard passwords is very hard. And by default ppcoind accepts only rpc calls from the local host.

# By default, only RPC connections from localhost are allowed. Specify # as many rpcallowip= settings as you like to allow connections from # other hosts (and you may use * as a wildcard character): rpcallowip=127.0.0.1 rpcallowip=192.168.1.*
This quote is from the standard ppcoind.conf file.

I know, its always better save than sorry, but I guess threat is minimal.[/quote]

6

Have you considered using certificates as the only authentication mechanism that is allowed for SSH? It’s not as secure as with disabled SSH, but close to bearable :wink:

sent by Tapatalk

7

Thanks for your replys and tips.

Today I tried setting up Pi A with your guide and I have seen this is already installed when using your installation script. I will give it a try.

1 Connection is enough. I have had this with primecoinnodes without problems. I will use connect= since with this command it connects only to the specific node.

I don´t think a VPS is a good idea in my case since I do not want to have my wallet (with the coins) directly in the internet. Ofcourse it is the way to go when you only want to support the network. To increase the security you could stick without portforwarding to Pi A, but then you cannot support the network with that (active) node.

I agree, that SSH is not a good idea. I do not need to send coins everyday from my (nearly) cold wallet, so I do not really need this comfort.

No I did not, will have a look at this for Pi A, but for Pi B I will block every port except peercoin connection to Pi A.

As written above I tried to setup Pi A along Tea´s (very awesome) guide. First I ran into trouble since I used a Raspberry Pi Modell B on which the script ran about 12 hours and in the end I could not start peercoin wallet. After that I tried with Modell A and it worked like a charm.

Then I ran into some problems with the WLAN. It just was not stable. Got disconnects from time to time. For now I use the network cable. But my planned setup will not work with one network connection. Does anybody know a USB-ethernet adapter which is working with the PI? Got it: RPi USB Ethernet adapters - eLinux.org I could the run my setup without WLAN. Ofcourse it is also possible to connect Pi B to my normal network, but this is by far less secure.

Beside that I am not able to get mor then 8 connections. I set listen=1 and maxconnections=200. I forwarded Port 9902 UDP+TCP. For a test I set the Pi as exposed host, but nothing helped. It sticks with 8 connections. What is wrong here?

Cheers,
Muto

8

9902 is rpcport isnt it, you would need 9901 if memory serves

9

Thanks for that hint. So forwarding port 9902 is in fact not a good idea. I changed to 9901 but that didn’t change anything. Still 8 Connections. Does anybody run a active node?

10

@MUTO
mine 162.251.114.75:9817
active minutes ago: http://pastebin.com/FgUmnD1x

Have to check sources but peercoin node doesn’t require more than 8 connections to other(by fact - active) nodes, when you set maxconnections=x you allow x-8 passive nodes connect to your node.

https://github.com/ppcoin/ppcoin/blob/master/src/net.cpp#L29

Current active node count(~280) allows by default (125-8)*280=32760 passive nodes connect to the network.

11

Could you post your ppcoin.conf? I wonder if I missed a setting.
Where did you get this list from?

I am perfectly aware, that it does not require more then 8 connections, but I want to support the network. In fact peercoin works with at least one connection. Maxconnection is set at 200 in my conf, so it should allow 192 passive nodes to connect.

I think you calculation is not fully true. You have to divide by 8 since every passive node requires 8 connections. And you have to subtract the active nodes, since they also have outgoing connections. ((125-8)*280/8)-280=3815

My IP changes every 24 hours. Is that a problem?

12

I have casual ppcoin.conf, adding more nodes won’t create more than 8 outbound connections
With maxconnections you can only limit outbound connections
The list is from my network querying - checking v04 coverage

You can create more outgoing connections by recompiling with greater MAX_OUTBOUND_CONNECTIONS however you will use ‘available slots’ from other nodes. You need more connections if you run f.e. block explorer and want to be sure to get ~all blocks and txs as fast as possible. I’m not an expert but if you willi increase MAX_OUTB… it will be good to selectively pickk nodes basing on their geo location - otherwise gains only for you/your service.

Yeah, my mistake, 32k inbound connections not leaches.

13

It do not want to increase outbound connections :wink: I want to allow inbound connections

14

:slight_smile: If so- running node with default settings is perfectly fine IMO, show your node and let users choose it randomly.

15

Ok, so only listen=1, forwarding Port 9901 is required. After some time I will then get inbound connections. Correct?

16

Yup, can you find your ip here http://pastebin.com/FgUmnD1x ? Maybe PM ip and I’ll try to connect.

17

I have port 9902 forwarded to my pi, and get more than 8 connections. I added listen=1 to test if that makes a difference.
By the way, my install script works on both my model B pi’s. Did you use an old sd card maybe? That can cause all sorts of problems.

18

No, it is not there since I shutdown my Pi. Will try again when I am at home and PM you my IP. Thanks

[quote=“Tea42, post:17, topic:2272”]I have port 9902 forwarded to my pi, and get more than 8 connections. I added listen=1 to test if that makes a difference.
By the way, my install script works on both my model B pi’s. Did you use an old sd card maybe? That can cause all sorts of problems.[/quote]

How long did you have to wait to get the 9th connection? How many do you get in total? I used the SD-Card that came with my Pi.

19

I remember when I installed Peercoin on 2 of my VPS, it took some time until the connections went above 8. The number is changing between 40 and 60 now (I have a look sporadically)…

sent by Tapatalk

20

The number of connections to my pi client is now 11, it took about an hour to get there. I’ve only forwarded TCP 9902 on my router. My ppcoin.conf has:
server=1
listen=1
rpcuser=someuser
rpcpassword=(alonglineofrandeomchars)

But it works the same without listen=1 specified.

I have a swapfile of 1GB on my sd card, that can make a difference aswell. These are the commands to generate the swapfile:

sudo dd if=/dev/zero of=/swapfile bs=64M count=16 sudo mkswap /swapfile sudo swapon /swapfile