Re: using a dedicated $50 "banking station" for enhanced security
Props.
That's probably the first (real) merit-worthy thread from a newbie account.
I really like your idea. It counters quite some attack vectors in comparison to simply a bootable linux live distro etc. (keyword: trusted hardware / bootloader).
Even though hardware wallets already are very user friendly and can be accessed without much hassle, if you are storing a very high amount of BTC on your hardware wallet you might want to use this as a 2nd wallet (to circumvent some 0day HW exploits).
I just have 1 thing to add:
One could simply set up an ssh agent to be started upon booting, then connect to it via live usb boot for example.
IMO it is more convenient to power up the PI, boot your PC from a live linux and connect via SSH to it, instead of re-plugging monitor/keyboard (but maybe that's just me because of my setup at home
)
If you make sure to not permit root-login, set a strong-enough password and shutdown the ssh agent after ~3 failed login attempts (or simply use fail2ban, etc.. ), this also results in a pretty secure setup (not as secure as without any connection between your PC and the PI, but very close to that).
This idea of a 2nd wallet / banking station (regardless of whether with or without SSH connection) is already way more secure than the 'main' wallet of the majority of BTC user.
That's probably the first (real) merit-worthy thread from a newbie account.
I really like your idea. It counters quite some attack vectors in comparison to simply a bootable linux live distro etc. (keyword: trusted hardware / bootloader).
Even though hardware wallets already are very user friendly and can be accessed without much hassle, if you are storing a very high amount of BTC on your hardware wallet you might want to use this as a 2nd wallet (to circumvent some 0day HW exploits).
I just have 1 thing to add:
[...] these SBCs are small enough that you can keep them at your main desk and simply plugin your main monitor/keyboard/mouse as needed[...]
One could simply set up an ssh agent to be started upon booting, then connect to it via live usb boot for example.
IMO it is more convenient to power up the PI, boot your PC from a live linux and connect via SSH to it, instead of re-plugging monitor/keyboard (but maybe that's just me because of my setup at home
)If you make sure to not permit root-login, set a strong-enough password and shutdown the ssh agent after ~3 failed login attempts (or simply use fail2ban, etc.. ), this also results in a pretty secure setup (not as secure as without any connection between your PC and the PI, but very close to that).
This idea of a 2nd wallet / banking station (regardless of whether with or without SSH connection) is already way more secure than the 'main' wallet of the majority of BTC user.