Everytime I restart my NIS I have to manually start remote harvesting again.
Doing so I need to access my cold wallet time after time.
To make it a "really cold" wallet it would be nice if remote harvesting can somehow survive NIS restart or be started without my account private key.
I think this is possible since the blocks are signed with a different private key but I don't know where it is stored.
Is your NIS truly remote or does it run localy ?
Is your NIS truly remote or does it run localy ?
About 700 Km from home but I don't think it makes any difference :D
I corrently run NIC and NCC on the same server and access NCC trough an SSH tunnel on port 8989.
I'm planning to run NCC on my computer and move SSH tunnel to port 7890 so that it sees remote NIS as running locally.
Next improvement would be deleting cold.wlt file from my computer and store it in a safer place but I need to make remote harvesting start somehow without accessing cold.wlt file.
He is talking about a local NIS. Anf if NIS is restarted, the private key for harvesting (local or remote) must be supplied. That can't be done without opening the wallet. Maybe gimre can make a statement whether it would be possible to separate private key and remote private key into different wallets.
I did it!!! 8)
tcpdump is your friend 
Hello
Is nice that you have opened a thread like this because I wanted to open one similar because I have a lot of questions related to the remote harvesting as this is kind still abstract to me.
So here goes a kind of FAQ that any less experienced user could possibly ask.
1) What is remote harvesting?!
2) How does it work?
3) Do I need to have the same account on local computer and remote VPS or are this 2 different accounts.
4) Should the local or the remote account have 10000NEM vested to start harvesting?
5) Is the .wlt file stored on a remote NIS or my local computer (NCC) or both?
6) Do I need to run NCC on remote vps as well or is enough to run only the NIS?
7) Is the private key stored on remote VPS or my local computer and sent to remote server when needed to activate the harvesting?
8 ) How do I access my account?
a) with my browser over http(s) to remote NCC and NIS on vps?
b) with my browser over http(s) to local NCC -> remote NIS
c) with my browser over http(s) on local NCC -> (SSH tunnel) -> remote NIS
d) what is the most secure way to a access my account?
Ok this are some of the questions that i think need some explanation to general public but also to me
and I hope that the more experienced NEMbers of this community will give some good explanations (answers).
Thanks.
IF you know private key of your remote, that should be possible.
It should be possible to add such functionality to nickel (actually it's partially there),
as you can "announce" key for your remote harvesting account.
So later you could simply use that key to "unlock" harvesting on remote node.
Nickel thread is here: https://forum.ournem.com/index.php?topic=2627.0
Hello
Is nice that you have opened a thread like this because I wanted to open one similar because I have a lot of questions related to the remote harvesting as this is kind still abstract to me.
So here goes a kind of FAQ that any less experienced user could possibly ask.
...
Ok this are some of the questions that i think need some explanation to general public but also to me ;)
and I hope that the more experienced NEMbers of this community will give some good explanations (answers).
Thanks.
Ok, I'm telling you what I understood on my own observing the software. It might be inaccurate or even wrong.
The word "remote" is misleading: it doesn't mean "another computer" it means "another account". More about this below.
Let's start saing why local harvesting is unsafe: NIS signs blocks with your private key, so it must keep it in memory.
If someone hacks your computer he can dump memory, know your private key and steal all of your NEM.
Remote harvesting means signing blocks with another private key instead of your.
This way your NIS must know another account's private key, not your.
You don't need to create the "remote account": NCC does it for you when you press "Activate remote harvesting" button.
You don't see your remote account informations anywhere; you don't need to know your remote address nor you have your remote account's private key in your wallet.
I think remote account's private key is a function of your private key but don't know for sure.
How can I know remote account exists if I can't see it?
Because i've seen in the block explorer that blocks harvested by me report a different address as harvester (always the same).
At first I was afraid it was a fork, later I understood the truth.
When you press "Start remote harvesting" button, NCC tells NIS your remote account's private key, not your.
I sniffed NCC->NIS communication through tcpdump to know my remote account private key.
I imported my remote account private key in my walled and discovered that the address is the same I see in block explorer. Now everything is clear!
I also discovered that local harvesting with remote account is exacly the same that remote harvesting with my main account. I'ts just NCC that does the trick.
Now I can use nickel in my init script to start harvesting with my remote account private key.
@gimre: I don't need you implement remote harvesting in nickel: I can do better now that i know my remote private key.
My private key will never be saved or transmitted to my server again!
Hello
Is nice that you have opened a thread like this because I wanted to open one similar because I have a lot of questions related to the remote harvesting as this is kind still abstract to me.
So here goes a kind of FAQ that any less experienced user could possibly ask.
...
Ok this are some of the questions that i think need some explanation to general public but also to me ;)
and I hope that the more experienced NEMbers of this community will give some good explanations (answers).
Thanks.
Ok, I'm telling you what I understood on my own observing the software. It might be inaccurate or even wrong.
The word "remote" is misleading: it doesn't mean "another computer" it means "another account". More about this below.
Let's start saing why local harvesting is unsafe: NIS signs blocks with your private key, so it must keep it in memory.
If someone hacks your computer he can dump memory, know your private key and steal all of your NEM.
Remote harvesting means signing blocks with another private key instead of your.
This way your NIS must know another account's private key, not your.
You don't need to create the "remote account": NCC does it for you when you press "Activate remote harvesting" button.
You don't see your remote account informations anywhere; you don't need to know your remote address nor you have your remote account's private key in your wallet.
I think remote account's private key is a function of your private key but don't know for sure.
How can I know remote account exists if I can't see it?
Because i've seen in the block explorer that blocks harvested by me report a different address as harvester (always the same).
At first I was afraid it was a fork, later I understood the truth.
When you press "Start remote harvesting" button, NCC tells NIS your remote account's private key, not your.
I sniffed NCC->NIS communication through tcpdump to know my remote account private key.
I imported my remote account private key in my walled and discovered that the address is the same I see in block explorer. Now everything is clear!
I also discovered that local harvesting with remote account is exacly the same that remote harvesting with my main account. I'ts just NCC that does the trick.
Now I can use nickel in my init script to start harvesting with my remote account private key.
Nice analysis, this is almost exactly what is happening.
The only difference is here:
nor you have your remote account's private key in your wallet.
I think remote account's private key is a function of your private key but don't know for sure.
Actually it IS kept in the wallet. We've considered using function, but that could have been a bad idea.
nor you have your remote account's private key in your wallet.
I think remote account's private key is a function of your private key but don't know for sure.
Actually it IS kept in the wallet. We've considered using function, but that could have been a bad idea.
Why?
nor you have your remote account's private key in your wallet.
I think remote account's private key is a function of your private key but don't know for sure.
Actually it IS kept in the wallet. We've considered using function, but that could have been a bad idea.
When I backed up my wallet last time and then didn't configure remote harvesting in the new version it told me my wallet was corrupt. Bloody said it was because the remote key was missing.
How do I avoid that ?