How to allow remote access to zcashd?

Technology zcashd client
1

Hello! Please tell me how to allow remote access to zcash wallet. I’m trying to connect using the DemoClient that comes with BitcoinLib, but I get the exception with message “Please check your configuration and make sure that the daemon is up and running and that it is synchronized.”
I read in the installation manual that by default access is allowed only from localhost, how to configure remote access?

When i try to run the command
wget -O- --auth-no-challenge --http-user=rpcuser --ask-password --post-data=‘{“method”:“getinfo”,“params”:,“id”:1}’ ‘http://127.0.0.1:8232
i get result:
{"result":{"version":1000350,"protocolversion":170002,"walletversion":60000,"balance":0.01000000,"blocks":126545,"timeoffset":-5,"connections":8,"proxy":"","difficulty":2072393.73183891,"testnet":false,"keypoololdest":1496233924,"keypoolsize":101,"paytxfee":0.00000000,"relayfee":0.00001000,"errors":"Your client is out of date and vulnerable to denial of service. Please update to the most recent version of Zcash (1.0.8-1 or later). More info at: https://z.cash/support/security/"},"error":null,"id":1}

When i try to run the command
$ ./qa/pull-tester/rpc-tests.sh
i get result:

=== Running testscript wallet_protectcoinbase.py ===
  Initializing test directory /tmp/testAp3i6B
  Mining blocks...
  waiting for async operation opid-88df7d0a-9666-4602-ab64-e325c1f3dfa1
  ...returned status: success
  waiting for async operation opid-51f14835-0adc-4eb7-a2b7-40b3d902b50b
  ...returned status: success
  waiting for async operation opid-30a8832f-7825-40d9-8ae3-6953d7931883
  ...returned status: failed
  ...returned error: Insufficient transparent funds, have 10.00, need 0.00000545 more to avoid creating invalid change output 0.00000001 (dust threshold is 0.00000546)
  waiting for async operation opid-dc41408b-dc90-48e6-aece-5bce7460a230
  ...returned status: failed
  ...returned error: Insufficient transparent funds, have 10.00, need 10000.0001
  waiting for async operation opid-d58a6cc6-4fb8-46b8-a322-58437e2a768a
  ...returned status: failed
  ...returned error: Insufficient protected funds, have 9.9998, need 10000.0001
  waiting for async operation opid-1f4be5fb-f68a-4f24-a43e-5ac46938d1e3
  ...returned status: success
  waiting for async operation opid-573b6799-7d34-4a85-b92e-d78f412e261c
  ...returned status: None
  Assertion failed: success != None
  Stopping nodes
  Cleaning up
  Failed
!!! FAIL: wallet_protectcoinbase.py !!!

=== Running testscript wallet.py ===
  Initializing test directory /tmp/test5Z1QIz
  Mining blocks...
  Stopping nodes
  Cleaning up
  Tests successful
--- Success: wallet.py ---

=== Running testscript wallet_nullifiers.py ===
  Initializing test directory /tmp/testbPlL8G
  Stopping nodes
  Cleaning up
  Tests successful
--- Success: wallet_nullifiers.py ---

=== Running testscript listtransactions.py ===
  Initializing test directory /tmp/testB4ERTK
  Stopping nodes
  Cleaning up
  Tests successful
--- Success: listtransactions.py ---

=== Running testscript mempool_resurrect_test.py ===
  Initializing test directory /tmp/testUoo7S8
  Stopping nodes
  Cleaning up
  Tests successful
--- Success: mempool_resurrect_test.py ---

=== Running testscript txn_doublespend.py ===
  Initializing test directory /tmp/testnFh3IN
  Stopping nodes
  Cleaning up
  Tests successful
--- Success: txn_doublespend.py ---

=== Running testscript txn_doublespend.py --mineblock ===
  Initializing test directory /tmp/testsp5oVH
  Stopping nodes
  Cleaning up
  Tests successful
--- Success: txn_doublespend.py --mineblock ---

=== Running testscript getchaintips.py ===
  Initializing test directory /tmp/testhkbAQ1
  Stopping nodes
  Cleaning up
  Tests successful
--- Success: getchaintips.py ---

=== Running testscript rawtransactions.py ===
  Initializing test directory /tmp/testuupeBk
  Stopping nodes
  Cleaning up
  Tests successful
--- Success: rawtransactions.py ---

=== Running testscript rest.py ===
  Initializing test directory /tmp/testeDS5x4
  Mining blocks...
  Stopping nodes
  Cleaning up
  Tests successful
--- Success: rest.py ---

=== Running testscript mempool_spendcoinbase.py ===
  Initializing test directory /tmp/test0psJzF
  Stopping nodes
  Cleaning up
  Tests successful
--- Success: mempool_spendcoinbase.py ---

=== Running testscript mempool_coinbase_spends.py ===
  Initializing test directory /tmp/testdXFG8D
  Stopping nodes
  Cleaning up
  Tests successful
--- Success: mempool_coinbase_spends.py ---

=== Running testscript httpbasics.py ===
  Initializing test directory /tmp/tests9Rluz
  Stopping nodes
  Cleaning up
  Tests successful
--- Success: httpbasics.py ---

=== Running testscript zapwallettxes.py ===
  Initializing test directory /tmp/testm9rsLn
  Mining blocks...
  
  Stopping nodes
  Cleaning up
  Tests successful
--- Success: zapwallettxes.py ---

=== Running testscript proxy_test.py ===
  Initializing test directory /tmp/testuv_MPH
  Proxy:  Socks5Command(1,3,15.61.23.23,1234,None,None)
  Proxy:  Socks5Command(1,3,1233:3432:2434:2343:3234:2345:6546:4534,5443,None,None)
  Proxy:  Socks5Command(1,3,bitcoinostk4e4re.onion,8333,None,None)
  Proxy:  Socks5Command(1,3,node.noumenon,8333,None,None)
  Proxy:  Socks5Command(1,3,15.61.23.23,1234,None,None)
  Proxy:  Socks5Command(1,3,1233:3432:2434:2343:3234:2345:6546:4534,5443,None,None)
  Proxy:  Socks5Command(1,3,bitcoinostk4e4re.onion,8333,None,None)
  Proxy:  Socks5Command(1,3,node.noumenon,8333,None,None)
  Proxy:  Socks5Command(1,3,15.61.23.23,1234,91632771,1889679809)
  Proxy:  Socks5Command(1,3,1233:3432:2434:2343:3234:2345:6546:4534,5443,3842137544,3256031132)
  Proxy:  Socks5Command(1,3,bitcoinostk4e4re.onion,8333,1761911779,489223532)
  Proxy:  Socks5Command(1,3,node.noumenon,8333,2692793790,2737472863)
  Proxy:  Socks5Command(1,3,15.61.23.23,1234,None,None)
  Proxy:  Socks5Command(1,3,1233:3432:2434:2343:3234:2345:6546:4534,5443,None,None)
  Proxy:  Socks5Command(1,3,bitcoinostk4e4re.onion,8333,None,None)
  Proxy:  Socks5Command(1,3,node.noumenon,8333,None,None)
  Stopping nodes
  Cleaning up
  Tests successful
--- Success: proxy_test.py ---

=== Running testscript merkle_blocks.py ===
  Initializing test directory /tmp/testksGIFZ
  Mining blocks...
  Stopping nodes
  Cleaning up
  Tests successful
--- Success: merkle_blocks.py ---

=== Running testscript signrawtransactions.py ===
  Initializing test directory /tmp/testMO6Vzi
  Stopping nodes
  Cleaning up
  Tests successful
--- Success: signrawtransactions.py ---

=== Running testscript walletbackup.py ===
  Stopping nodes
  Cleaning up
  Tests successful
--- Success: walletbackup.py ---

=== Running testscript zcjoinsplit.py ===
  Initializing test directory /tmp/testVA7dlV
  Done!
  Stopping nodes
  Cleaning up
  Tests successful
--- Success: zcjoinsplit.py ---

=== Running testscript zcjoinsplitdoublespend.py ===
  Initializing test directory /tmp/test2JLZgN
  Waiting for AB_txid...
  
  Done!
  
  Stopping nodes
  Cleaning up
  Tests successful
--- Success: zcjoinsplitdoublespend.py ---

=== Running testscript getblocktemplate.py ===
  Initializing test directory /tmp/testp4i18j
  Stopping nodes
  Cleaning up
  Tests successful
--- Success: getblocktemplate.py ---



Tests completed: 21
successes 20; failures: 1

Failing tests: wallet_protectcoinbase.py

When i try to run the command from remote pc
wget -O- --auth-no-challenge --http-user=rpcuser --ask-password --post-data=‘{“method”:“getinfo”,“params”:,“id”:1}’ ‘http://..159.230:8232’
i get result:

I hope the information is enough, sorry for Google translator.

2

According to the zcash security recommendations, the zcashd daemon only accepts rpc connections from localhost.

I don’t recommend to change that default behaviour. Instead, i would recommend to do your rpc requests through ssh or some other secure channel.

3

So why is there ‘-server’ option? If I connect by ssh, I don’t need RPC.

4

The -server option activates the RPC interface… which is what the command line interface (zcash-cli) uses internally to comunicate with the wallet.

It was always intended to be something used only for other programs running in the same machine talking to the daemon. Not for remote access.

NEVER use plain http with sensible data over any network that you don’t fully control. Everybody else in the network could see your credentials and use it to steal all your funds.

5

What if I use separate PC for daemon and for client? How to connect by ethernet? If it is impossible, then why there is option “-rpcconnect”?

6

If you want to do that, then either:

a) make sure that they are both in the same local network, and that nobody that you don’t trust has any kind of access at all to that network, or

b) stablish some kind of secure channel (ssh, a tor .onion service, vpn or something like that) and tunnel your requests through it.

Any other option will expose your requests (and hence, your credentials) and your node to everybody that can see your traffic would be able to steal all your funds.

If you go for option a), you can use the rpcallowip option to allow specifically connections from the ip of your client.

7

rpcallowip was the key, thanx.