Author

Topic: Can ONLINE machine be a VPS (eg AWS) and (2) can VPS go thru Tor or VPN? (Read 810 times)

full member
Activity: 159
Merit: 100
You need a VPS with a lot of disk space, which tends to be costly.  But otherwise I cannot see any problem.  You will of course need two laptops when you travel; the offline laptop and a laptop you bring online to communicate with the VPS.

Seriously, though: If you need access to your bitcoins while travelling, have you considered bringing a Trezor or Ledger and a laptop?  That should be as secure, but more portable.  You can then run a light client (electrum?) on the laptop.  And TOR, if you so desire.

legendary
Activity: 3794
Merit: 1375
Armory Developer
You run your node and DB on the VPS, put it behind a HTTP daemon and point the client at that IP:port. For better security, you can VPN the client in (since the socket layer between client and server is not encrypted atm).
full member
Activity: 174
Merit: 100
Separation of currency and state.
I know this is an old topic; however, I'm looking to do exactly the same thing. I am located in a very rural/remote area and my internet connection is usually very very slow (never faster than 6mbps; often as slow as 100kbps). I cannot keep an updated copy of the blockchain on my local machine; in fact, I can't even obtain an updated copy of the blockchain on my local machine without jumping through some crazy hoops.

I'm running bitcoind and geth on a VPS; I would like to also run the "online" half of Armory on that server. Is there any place with documentation/guidance on how to do that? I recently compiled Armory from source here on my local machine, but I can't find any information about operating Armory from the command line/headless.

Please advise!

Thanks,

Henry
newbie
Activity: 24
Merit: 0
TL;DR:

Can I use Armory Offline / Online (cold wallet):

(1) where the ONLINE machine is on a VPS (eg AWS, Digital Ocean, etc.); and

(2) with VPS + Tor or VPN to broadcast txns anonymously?

(3) Would there be any security issues using ssh-tunneling to send a signed transaction from a local online machine to the remote online machine on the VPS?

---

I am interested in using Armory for a cold wallet (2 machines: 1 online, 1 offline).

However, I travel a lot and I don't always have decent internet (ie, sometimes I'm out in the sticks with very slow internet, where I can't even use YouTube or Skype - so it would not be possible to keep my online Armory machine up-to-date with the multi-gigabyte blockchain).

So I have the following questions:

(1) In this situation, would it make sense for me to set up my ONLINE machine on some remote VPS - virtual private server (eg, Amazon AWS, Digital Ocean, Linode, etc.)?

(2) Could I use Tor or VPN on the remote machine (on a VPS)?

(3) Would there be any security risks involved when sending the signed transaction, presuming ssh'ing in to a remote desktop (from a third machine, which would be local and running Debian)?

---

I have managed to get a test configuration set up on two machines (online/offline), using Debian Jessie 8.2 + xfce, with Armory 0.93.3. {Footnote 1}

I'm still a little unsure of the exact sequence of "sneakernet" steps involved when using Armory Offline / Online. I believe it will go like this:

(1) On the ONLINE machine, start to create a transaction (spend).

(2) Copy it to the OFFLINE machine to be signed.

(3) Copy the signed transaction back to the ONLINE machine, and broadcast it.

---

Now here's my main questions:

(1) If I'm doing the above steps where the OFFLINE machine is local (my laptop) and the ONLINE machine is remote (on the VPS at Amazon, Digital Ocean, Linode etc.) then I guess I'd need to be able to have remote GUI / Desktop access to the remote online machine.

So in my case, I'd want to use Debian + xfce remotely. It sounds like people are actually able to use Debian + xfce remotely:

https://www.google.com/search?q=debian+xfce+remote

Is this feasible / sensible with Armory? (I'm worried there might be some kind of "latency" issues, or maybe issue communicating with bitcoind via rpc or something.)

By the way, I would have yet a third Linux box which I use to ssh in to the remote ONLINE Armory box on the VPS. I'm not sure what kind of security would be necessary on that machine - as it would be transamitting a signed transaction over ssh.

(2) Would it make sense to try running the ONLINE machine (which is on the VPS at Amazon, Digital Ocean, Linode etc.) behind Tor?

In general, I want to use Tor when transacting with Bitcoin - I'm just unfamiliar with the way Tor might play with a VPS.

Or, is there some way of doing VPS + VPN? I've set up VPSes on Amazon, Digital Ocean, Linode - I just don't know if there's also a way to use a VPS "anonymously", either via Tor or VPN. (I guess if I use a VPN, I'd also want to pay them anonymously using Bitcoin, instead of with my credit card =).

(3) Would there be any security risks involved when sending a signed transaction from a third machine - presuming tunneling via ssh to a remote Debian xfce desktop on the Armory ONLINE machine running remotely on the VPS?

Thanks for any help!

---

{Footnote 1} It was difficult getting all the dependencies correct on the offline machine, but eventually I managed to do it, by looking at what apt-get put in /var/cache/apt/archives when installing from scratch on a fresh Debian 8.2 Online machine, and then using those as my "Offline Bundle" on an identical fresh Offline machine.

There were two additional .deb files involving PyQt which initially caused error messages while doing 'dpkg -i' against my home-brew "Offline Bundle", which I simply downloaded separately from a Debian repository and added to my home-brew "Offline Bundle" specific to Debian 8.2 Jessie + Armory 0.93.3. Then it finally worked.

- I adopted this "home-brew" approach because most of the documentation and workarounds which others had posted regarding their particular "Offline Bundle" solutions were either out-of-date, or simply not compatible with my particular Debian 8.2 setup.

- I preferred Debian over Ubuntu because Debian seems to come pre-loaded with less or no consumer-oriented crapware.

---

Jump to: