Domain Kiosk

Creative website design and internet marketing studio

How to stake LOCs securely and conveniently on Raspberry Pi 3B+

This article is the second in a series that helps begin staking LOCs on the Raspberry Pi 3b +.

In the previous article we discussed how to recompile the LOC staking wallet, and we showed that it is possible to recompile and also use the QT version (with the Graphical User Interface - GUI) on the Pi. Why we needed to do that? Well, staking with the GUI is much more convenient. The QT version in fact does not take up a lot of memory and the Pi can work perfectly well with it.

What do we show you in this article?

  1. How to set up the SSH session between your every-day computer and the Pi.
  2. How to set up the VNC server/client on your computer and the Pi, so that you can use the QT version of the wallet on the Pi and have the GUI remotely displayed on your PC.
  3. How to set up a tunnel, which will allow you to pass the VNC data though the SSH connection, and thus eliminate the need for a port specific for the VNC. The purpose is to minimize the number of the open listening ports on the Pi. After you establish the tunnel, you will have just one single port to protect (for the SSH session), instead of two (one for the SSH and a second one for the VNC connection).
  4. How to set up the firewall on the Pi, with all ports closed, except the one for SSH. Also when the firewall is enabled, we set a rule that will allow just one single IP address to connect to your Pi via the SSH (the IP of your every-day computer) and will disallow any other IPs.
  5. How to check which listening ports are still open on the firewall and set the listening port of the wallet properly through the firewall.

As a result you will be able to use remotely the GUI version of the wallet (QT) on your PI, and the only listening port to the outer world will be the necessary listening port for the LOC staking wallet to function in the blockchain. All other ports will be closed or only listening (for the SSH session) to your every-day computer (where you access the Pi from).

We recommend using the Raspbian OS for the Pi with desktop. The desktop is very helpful to quickly understand and learn the filesystem of the OS. If you haven't done already, first you should prepare the Pi as described in section "1. Prepare the Raspberry Pi" from our previous article.

1. Set up the SSH session

Here is the official guide how to set up SSH on your Pi >> Remote access with SSH.

It should be noted that you can use SSH on your LAN or on the Internet. You need fixed local IP addresses on your LAN both for the Pi and the remote machine (the computer you access the Pi from). In this case you are behind a NAT (Network address translation protocol) on your router, which brings an extra layer of protection for the Pi from outside hackers. If you want a setup to access the Pi over the Internet you will need one fixed public IP address for the Pi and another one for your remote machine.

The default SSH port used on the Pi is port 22. It is highly recommended to change that port to a custom one, different from 22. To do this you open a SSH session with the Pi and edit the file "/etc/ssh/sshd_config":

sudo nano /etc/ssh/sshd_config

In this file you find the line:

#   Port 22

Uncomment the line and change the default port. For example it should look like this:

Port 2084

Save the file and reboot your Pi. Now you will access remotely the Pi via SSH on port 2084.

2. Set up the VNC server/client

Here is the official guide how to set up VNC on your Pi >> Remote access with VNC.

There are many different flavors of VNC available to remotely access and manage a server with graphical interface. Raspbian Stretch with desktop comes with RealVNC ready to use. The connection is very well secured, you can use a password or a pair of keys to access the server and the connection is encrypted. And this level of security can be quite sufficient for many users. We would want however to go further and keep control of security in our own hands, and may be use a different VNC client, which we are used to and like.

The following steps are for users that would like to keep security under control and don't just blindly rely on RealVNC integrity.

First on the Pi we enable the RealVNC server. Here in this example the remote PC (where we access the Pi from) is a Windows 7 machine. We install the RealVNC client on the remote PC and establish a secure connection with the Pi.

A sample scenario (Access the Pi remotely from Windows 7 PC on LAN):

Establish SSH session from your Windows PC with Putty:

image with Putty settings

Enable RealVNC server if not enabled already:

Image how to enable VNC server

Install RealVNC viewer (client) on your Windows 7 PC >> RealVNC viewer download.

Set up RealVNC viewer and make first connection with the RealVNC server on the Pi:

image with settings (to be added here)

image of established connection

You can explore a bit the Raspbian Stretch desktop now, remotely from your Windows PC.

Now we will disable the encryption on the RealVNC server and this will allow us to use as remote client almost any other VNC client, our favorite VNC client, to access the RealVNC server. This is necessary for the next step of setting a tunnel for VNC through the SSH connection. Here is how to disable encryption on the RealVNC server on the Pi:

image with settings (to be added here)

Next we install TurboVNC client on the Windows 7 machine, from here >> TurboVNC files.

Here is how you start the RealVNC server via SSH with a command that will create a virtual desktop with the desired geometry (window size) and with custom listening port (5914) for the VNC server:

vncserver :14 -geometry 1250x900 -depth 24

You can also make a short command for ease of use in the "/usr/local/bin" directory:

sudo nano /usr/local/bin/startVNC

The contents of the file should be:

!#/bin/bash
vncserver :14 -geometry 1250x900 -depth 24

Make this file execitable:

sudo chmod +x /usr/local/bin/startVNC

Now to start the RealVNC server you just type in the SSH session window:

startVNC

After you start the RealVNC server, you use the following settings in the TurboVNC viewer on your remote PC to connect:

image with settings (to be added here)

If you can access the RealVNC server on the Pi with the TurboVNC viewer (client), then you have completed successfully this step. In a similar way you can use a MAC or even another Pi with a monitor and keyboard to remotely access the RealVNC server with the LOC wallet. You are ready for the next step.

 3. Set up a tunnel for VNC through the SSH connection

Article under development ...

4. Set up the firewall on the Pi

Article under development ...

5. Check listening ports

Article under development ...

The above steps should have helped you to professionally secure the LOC staking wallet on the Pi. This setup can be used even when your Pi is far away from you and you can access it securely on the Internet (from work for example), without fear of third party eavesdropping on your connection. Only one important piece of the puzzle is missing, which is how to better protect your access to the SSH session. This we will discuss in the next article.

Yours, Crypto Qu

How to stake LOCs securely and conveniently on Raspberry Pi 3B+

This article is the second in a series that helps begin staking LOCs on the Raspberry Pi 3b +.

Read more ...

A step by step recompilation of LOC test staking wallet with GUI for Raspberry Pi 3B+

This is the first of a series of articles to help you recompile and set up a Raspberry Pi as a LOC staking wallet with GUI. If you find inaccuracies or other ways to improve the article, please, leave a comment.

Read more ...

Ledger Nano S - The secure hardware wallet

FACEBOOK | LINKEDIN

Domain Kiosk LLC © 2005-2019. All Rights Reserved.

Terms of Service