Bitcoin Forum
April 25, 2014, 07:38:42 AM *
News: Due to the OpenSSL heartbleed bug, changing your forum password is recommended.
 
   Home   Help Search Donate Login Register  
Pages: [1]
  Print  
Author Topic: Remote RPC access  (Read 3629 times)
Marko
Newbie
*
Offline Offline

Activity: 12


View Profile

Ignore
September 27, 2010, 04:50:25 PM
 #1

Hello,

I'm have a client that calls getinfo over the rpc interface. Everything works fine when host=localhost.
However, when trying to get bitcoin at another host i cannot.
I read the wiki and it says the interface only accepts requests from 127.0.0.1. Is this still the case? Is there a setting to override this?

If not, i'm probably going to have to write a 'proxy' app that i would deploy to each machine running bitcoin. Would prefer not to do this Sad

Thanks,
Marko
1398411522
Hero Member
*
Offline Offline

Posts: 1398411522

View Profile Personal Message (Offline)

Ignore
1398411522
Reply with quote  #2

1398411522
Report to moderator
Unbeatable Service & Product Support
Grab Your Miners at GAWMiners.com
Order Before April 25th to receive
Double your Hashing Power for 1 week!

Advertised sites are not endorsed by the Bitcoin Forum. They may be unsafe, untrustworthy, or illegal in your jurisdiction. Advertise here.
1398411522
Hero Member
*
Offline Offline

Posts: 1398411522

View Profile Personal Message (Offline)

Ignore
1398411522
Reply with quote  #2

1398411522
Report to moderator
1398411522
Hero Member
*
Offline Offline

Posts: 1398411522

View Profile Personal Message (Offline)

Ignore
1398411522
Reply with quote  #2

1398411522
Report to moderator
doublec
Hero Member
*****
Offline Offline

Activity: 1078


View Profile

Ignore
September 28, 2010, 12:51:22 AM
 #2

I read the wiki and it says the interface only accepts requests from 127.0.0.1. Is this still the case? Is there a setting to override this?

This is still the case and I don't believe there is a setting to override it. It's hardcoded in the source. Instead of writing a 'proxy' app you can use SSH to tunnel. For example, if your bitcoin instance is running on 'example.com' and that machine is running an ssh server, you can tunnel to it from another machine with:

ssh -N example.com -L  9481:localhost:9481

Now you can use the RPC interface on your local machine to port 9481 and it will be tunnelled over an encrypted SSH session to the machine running the bitcoin RPC server.

You want to encrypt the connection because the JSON-RPC password is sent in clear text (it's actually base 64 encoded but basically it's the equivalent of clear text).

Bitparking Bitcoin/Namecoin/IXCoin/Devcoin Merged Mining Pool (Stratum support, works with ASICs)
BitMessage: BM-BbwusEFHr8ZndbShVXEsbGMbvQ2qBiSh
nelisky
Hero Member
*****
Offline Offline

Activity: 1218


View Profile

Ignore
September 28, 2010, 12:55:29 AM
 #3

I read the wiki and it says the interface only accepts requests from 127.0.0.1. Is this still the case? Is there a setting to override this?

This is still the case and I don't believe there is a setting to override it. It's hardcoded in the source. Instead of writing a 'proxy' app you can use SSH to tunnel. For example, if your bitcoin instance is running on 'example.com' and that machine is running an ssh server, you can tunnel to it from another machine with:

ssh -N example.com -L  9481:localhost:9481

Now you can use the RPC interface on your local machine to port 9481 and it will be tunnelled over an encrypted SSH session to the machine running the bitcoin RPC server.

You want to encrypt the connection because the JSON-RPC password is sent in clear text (it's actually base 64 encoded but basically it's the equivalent of clear text).

Can you compile your own bitcoin? The latest svn has an option to allow binding to other interfaces, not just localhost. If not the next version (0.3.13) is supposed to have that.

we measure long periods of time in bitcoin blocks, and short ones in vodka tonics
DividendRippler  | DICEonCRACK | The Amazing Anonymous Bitcoin Lottery
theymos
Administrator
Hero Member
*
Offline Offline

Activity: 1540


View Profile
September 28, 2010, 12:58:54 AM
 #4

There's an "-rpcallowip=" switch in SVN, which allows you to access RPC from the specified IP addresses. This is not safe from MITM attacks, however.

Marko
Newbie
*
Offline Offline

Activity: 12


View Profile

Ignore
September 28, 2010, 01:58:51 PM
 #5

Hey all...Thanks for all the feedback

The ssh method is great. However, all the machines are windows machines so i'd have to do an install on all of them. Better than writing a proxy app for sure though...

I saw the entry from a few weeks ago about the -rpcallowip switch. I'll compile my own version if i have to. That said, i'd prefer to have an official release. Anyone have an idea when the next version would be posted?

As far as the MITM attack possibility, this only presents a problem if the network i'm exposing to is not trusted. Or is there some other effect i'm missing?
satoshi
Founder
Sr. Member
*
Offline Offline

Activity: 364


View Profile

Ignore
September 30, 2010, 06:27:41 PM
 #6

It can be safe if you're using it over your own LAN, like if you have multiple servers at a location that talk to each other.

0.3.13 RC1 is available for Windows:
http://www.bitcoin.org/download/bitcoin-0.3.13-rc1-win32-setup.exe
LZ
Staff
Hero Member
*****
Offline Offline

Activity: 1050


Satoshi everywhere!


View Profile WWW

Ignore
October 01, 2010, 01:19:04 AM
 #7

And now release is avaliable: link. Smiley

"Never invest unless you can afford to lose your entire investment."  ©  S3052
Feel free to contact me using Bitmessage: BM-GtRPz1ESAoFCGjHwD2c3y8McqzXjjo1f
Pages: [1]
  Print  
 
Jump to:  

Sponsored by , a Bitcoin-accepting VPN.
Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!