Go Ethereum (geth
) is a software for Ethereum. geth doesn't provide secure networking and it should do this, as this kind of built-in functionality would increase complexity and add attack surface to critical blockchain node software. Fortunately, in UNIX world, you can easily combine different tools to work together. The solution to this particular problem is to use VPN/tunneling software for secure connections. The tunnel will expose the server local connections to your own computer. The most popular tool for this (available in every OS by default, nowadays including Windows) is Secure Shell (SSH).
Note this question only addresses issues how to
Start a node on server. When the node starts it binds its RPC port to localhost
(127.0.0.1
in IPv4, ::1
in IPv6). This is so-called loopback connection that you can only access from the computer itself and not from external network. If you need to daemonize the node to run on background you can e.g. use UNIX screen
command:
geth --testnet --fast --rpc --rpcapi "db,eth,net,web3,personal" --verbosity 3 --rpccorsdomain "*"
Then on a local computer we define connection to this SSH host using ~/.ssh/config
file that also gives us tunneling parameters. We build tunnel from local computer 8545 to our server 8545.
Host ethereum-testnet
User ubuntu # UNIX remote user
Hostname 8.8.8.8 # Server IP address
IdentityFile ~/.ssh/testnet-private-key.pem # SSH key file we use to log in
LocalForward 8545 localhost:8545 # Define tunnel
Connect the remote serve and build the tunnel:
# We give some extra verbosity level to debug connectivity issues
ssh -vvvv ethereum-testnet
Now you can safely interact with geth
on your local computer over localhost:8545
tunneling. Start miner example:
curl -X POST --data '{"jsonrpc":"2.0","method":"miner_start","params":[],"id":74}' localhost:8545
Another example to unlock geth
account from local computer:
# Figure out coinbase account over web3
COINBASE=`geth --exec 'web3.eth.coinbase' attach rpc:http://127.0.0.1:8545 `
# Ask for password
echo -n "Give passphrase to unlock $COINBASE"
read -s password
# Unlock coinbase
geth --exec "web3.personal.unlock($COINBASE, "$password", 30*24*3600)" attach rpc:http://127.0.0.1:8545