HOWTO Run Sia host on headless Linux server (Ubuntu)
What is the way to auto-unlock the hosting wallet?
My siad is working fine on the headless box. But to be a good host it needs to come up as soon as possible after a reboot or downtime. Sometimes it happens that I even do not notice that there was a power outage, as the server comes up and all services are started.
So, how to automate the wallet unlocking for the hosting service to be operational after starting?
One way to to it would be to put a watch into cron like evry 5 minute or so using siac,
If ! wallet unlocked
My question was more about feeding the password to siac...
Can I do it on command line (in batch file/shell script)?
sure easy peasy
(echo "lakes romance ... ) | siac wallet unlock
Oh, thanks. It works this way.
I thought there should be a command line parameter for siac such as siac wallet unlock -p <password> .
From the other side it wouldn't be more secure as echoing from a script.
As I don't like storing cleartext passwords in script files, there should be a more elegant way to do this.
I know, most of database accessing software is storing the cleartext db access password in a conf file and it may be even less secure than storing it in the startup script.
So, perhaps, when the devs have more time... Could a key file be generated from something machine specific and the wallet password? So the user should generate such key file from his wallet password when the wallet is moved to another machine.
Or better, the hosting process should be capable to run on a "partially locked" wallet, as no user approval is needed for from the hosting process originating transactions anyway. The collateral would be locked at the moment the user makes changes to his hosting parameters -price, size etc or/and turns accepting contracts on (which can happen only when the wallet is already unlocked). And these locked SC are accessible for the hosting process even if the wallet is locked.
I dont know if an attacker is in he (or she) is in. Imo best to do here is to make sure the online wallet always have pretty limited funds and you make a process of refilling/draining it when needed.
Also it a general bad practice to send passwds as arguments, anyone can see them using tools like top then ( my echo just as bad) better would be to read it from a file or env variable on ly accessable to current user.
Hello @brisk thanks for your thoughts,
can you explain how an attacker, which overtook a local (non root) user, could read the echo from your suggested command line?
Would it make a difference wheather script is executed by root or a non-root user?
Could not announce host: insufficient balance
when trying to annouce ?