Satoshiware.org

It is a good practice to create backup copy of wallet files and have a second ssh public key handy; however,
keeping these backup files encrypted is a must for good security measures. Start by generating a passphrase:

Generating Strong Passphrase

• STRONGPASSPF=$(openssl rand -base64 24)

• STRONGPASSPF=${STRONGPASSPF//\//0} # Replace '/' characters with '0'

• STRONGPASSPF=${STRONGPASSPF//+/1} # Replace '+' characters with '1'

• STRONGPASSPF=${STRONGPASSPF//=/} # Replace '=' characters with ''

• STRONGPASSPF=${STRONGPASSPF//O/0} # Replace 'O' (o) characters with '0'

• STRONGPASSPF=${STRONGPASSPF//l/1} # Replace 'l' (L) characters with '1'

• echo $STRONGPASSPF | sudo tee /root/passphrase

• STRONGPASSPF="" # Erase from memory

• sudo chmod 400 /root/passphrase

Record (by Hand) the Passphrase (store in a safe place)

• sudo cat /root/passphrase

Verify Hand Written Passphrase

• # Type in the passphrase in substitution of $TYPED_HANDWRITTENPASSPHRASE (keep the quotes)

• sudo cat /root/passphrase | grep "$TYPED_HANDWRITTENPASSPHRASE" | wc -l

• history -c # Clear the password from bash's history

• # 0 indicates it was not recorded/entered correctly

• # 1 indicates that it was recorded/entered correctly

Create Fail Safe SSH Key Pair

• sudo su satoshi # Let's use satoshi's account

• sudo rm ~/.ssh/ssh_key_failsafe*

• ssh-keygen -t ed25519 -C "# SSH Fail Safe" -N $(sudo cat /root/passphrase) -f ~/.ssh/ssh_key_failsafe

Authorize New Key

• sed -i '/# SSH Fail Safe/d' ~/.ssh/authorized_keys # Delete preexisting "Fail Safe Key" if it exists

• cat ~/.ssh/ssh_key_failsafe.pub | sudo tee -a ~/.ssh/authorized_keys # Add "Fail Safe Key" to list of authorized keys

• sudo cat ~/.ssh/authorized_keys # Verify fail safe key was successfully added to authorized_keys file

Verify Passphrase is Enforced

• echo "passphrase:" $(sudo cat /root/passphrase) # Verify a strong passphrase is being referenced

• ssh-keygen -y -P $(sudo cat /root/passphrase) -f ~/.ssh/ssh_key_failsafe # If output matches pub key, referenced passphrase is in use!

Note: For this SSH Fail Safe to be of any use, the private key needs to exist outside this node (i.e. backed up).
It is used to login when other remote login methods have failed (e.g. lose your YubiKey).

Generate Wallets

• btc --named createwallet wallet_name="watch" disable_private_keys=true descriptors=false load_on_startup=true

• btc --named createwallet wallet_name="import" descriptors=false load_on_startup=true

• btc --named createwallet wallet_name="mining" passphrase=$(sudo cat /root/passphrase) load_on_startup=true

• btc --named createwallet wallet_name="bank" passphrase=$(sudo cat /root/passphrase) load_on_startup=true

Create Alias Unlocks wallets for 24 Hours

• alias unlockwallets="btc -rpcwallet=mining walletpassphrase \$(sudo cat /root/passphrase) 86400; btc -rpcwallet=bank walletpassphrase \$(sudo cat /root/passphrase) 86400"

• echo "alias unlockwallets=\"btc -rpcwallet=mining walletpassphrase \$(sudo cat /root/passphrase) 86400; btc -rpcwallet=bank walletpassphrase \$(sudo cat /root/passphrase) 86400\"" | sudo tee -a /etc/bash.bashrc # Restores alias @ boot

• alias lockwallets="btc -rpcwallet=mining walletlock; btc -rpcwallet=bank walletlock"

• echo "alias lockwallets=\"btc -rpcwallet=mining walletlock; btc -rpcwallet=bank walletlock\"" | sudo tee -a /etc/bash.bashrc # Restores alias @ boot

Verification

• btc listwalletdir # Show wallets in wallets directory

• btc listwallets # Show wallets that are loaded

• echo "passphrase:" $(sudo cat /root/passphrase) # Verify a strong passphrase is being referenced

• lockwallets # Lock wallets

• btc -rpcwallet=mining walletpassphrase $(sudo cat /root/passphrase) 1 # No messages indicates passphrase is working

• btc -rpcwallet=bank walletpassphrase $(sudo cat /root/passphrase) 1 # No messages indicates passphrase is working

Backup Wallets and SSH Fail Safe Key ("watch" and "import" wallets not included)

• Remote (e.g. Debian Linux)
  • sudo su satoshi # Let's use satoshi's account
  • mkdir ~/backup
  • sudo install -C -m 400 -o satoshi -g satoshi /var/lib/bitcoin/micro/wallets/mining/wallet.dat ~/backup/mining.dat
  • sudo install -C -m 400 -o satoshi -g satoshi /var/lib/bitcoin/micro/wallets/bank/wallet.dat ~/backup/bank.dat
  • sudo install -C -m 400 -o satoshi -g satoshi ~/.ssh/ssh_key_failsafe ~/backup

• Local (e.g. Window's PowerShell)
  • scp -rp -P $PORT -i $HOME/.ssh/YubiKey satoshi@$ADDRESS:~/backup $HOME/Desktop # The port is optional; default is 22
    • Example: scp -rp -i $HOME/.ssh/YubiKey satoshi@micro-node.local:~/backup $HOME/Desktop
  • # With WSL, the host drive is already mounted. It can just be copied with cp (e.g. "cp -rf ~/backup /mnt/c/Users/$USERNAME/Desktop")

Restore Wallets (Wallets will be called bank-restored and mining-restored)

• # Copy wallet files (mining.dat & bank.dat) to a folder (named "restore") on the desktop

• Local (e.g. Window's PowerShell)
  • scp -rp -P $PORT -i $HOME/.ssh/YubiKey $HOME/Desktop/restore satoshi@$ADDRESS:~ # The port is optional; default is 22
    • Example: scp -rp -i $HOME/.ssh/YubiKey $HOME/Desktop/restore satoshi@micro-node.local:~
  • # With WSL, the host drive is already mounted. It can just be copied with cp (e.g. "cp -rf /mnt/c/Users/DellXPS13/Desktop/restore ~/")

• Remote (e.g. Debian Linux)
  • sudo mkdir -p /var/lib/bitcoin/micro/wallets/mining-restored
  • sudo chown -R bitcoin:bitcoin /var/lib/bitcoin/micro/wallets/mining-restored
  • sudo mkdir -p /var/lib/bitcoin/micro/wallets/bank-restored
  • sudo chown -R bitcoin:bitcoin /var/lib/bitcoin/micro/wallets/bank-restored
  • sudo install -C -m 600 -o bitcoin -g bitcoin ~/restore/mining.dat /var/lib/bitcoin/micro/wallets/mining-restored/wallet.dat
  • sudo install -C -m 600 -o bitcoin -g bitcoin ~/restore/bank.dat /var/lib/bitcoin/micro/wallets/bank-restored/wallet.dat

• Load Wallets
  • btc loadwallet mining-restored
  • btc loadwallet bank-restored

• Unlock Restored Wallets
  • # Type in Hand Written passphrase in substitution of $TYPED_HANDWRITTENPASSPHRASE (keep the quotes)
  • btc -rpcwallet=mining-restored walletpassphrase "$TYPED_HANDWRITTENPASSPHRASE" 100000000
  • btc -rpcwallet=bank-restored walletpassphrase "$TYPED_HANDWRITTENPASSPHRASE" 100000000

If your YubiKey becomes lost, stolen, no longer working, or is simply not available, you can still login with your SSH Fail Safe Key.

Login \w SSH Fail Safe Key (SSH Windows PowerShell)

• # Move private key file (ssh_key_failsafe) to $HOME/.ssh

• ssh -p $PORT satoshi@$ADDRESS: -i $HOME/.ssh/ssh_key_failsafe # The port is optional; default is 22
  • Example: ssh satoshi@micro-node.local -i $HOME/.ssh/ssh_key_failsafe

• # Type in Hand Written passphrase

(If Necessary) Remove Access from the Lost or Stolen YubiKey

• sed -i '/YubiKey/d' ~/.ssh/authorized_keys