Hoping for some help, I tried building a pool a while back and became comfortable doing so through the cli, however I just recently moved over to CNTOOLS and now I am trying to transfer some ada from an address I made before to a new address I made in CNTOOLS, however I am having trouble sending my signing key over to my google cloud server… Here is the info I get from the scp attempt.
ubuntu@ubuntu:~$ scp -i relay -vvv ubuntu@ubuntu:~payment.skey ubuntu@x.x.x.x:~/payment.skey
Executing: /usr/bin/ssh ‘-x’ ‘-oClearAllForwardings=yes’ ‘-n’ ‘-i’ ‘relay’ ‘-v’ ‘-v’ ‘-v’ ‘-l’ ‘ubuntu’ ‘–’ ‘ubuntu’ ‘scp -v’ ‘~payment.skey’ ‘ubuntu@x.x.x.x:~/payment.skey’
OpenSSH_8.2p1 Ubuntu-4ubuntu0.1, OpenSSL 1.1.1f 31 Mar 2020
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: /etc/ssh/ssh_config line 19: include /etc/ssh/ssh_config.d/*.conf matched no files
debug1: /etc/ssh/ssh_config line 21: Applying options for *
debug2: resolving “ubuntu” port 2222
debug2: ssh_connect_direct
debug1: Connecting to ubuntu [127.0.1.1] port 2222.
debug1: connect to address 127.0.1.1 port 2222: Connection refused
ssh: connect to host ubuntu port 2222: Connection refused
I’d say stay away from methods that ask you to transfer your payment.skey anywhere. Your node does not need to have access to that key under normal runtime conditions nor when you configure/update the node.
If you must have a payment.skey at all (and I explain in a little while, why it is better not to) you can sign with that key and pay for fees on your local laptop while it is offline.
Generally, I recommend not to have signing keys floating around that may get compromised in transit or on source/target nodes. The same is true for the 24-words mnemonic. As soon as you enter that is a piece of software, it may get compromised while you do so or at a later stage.
Instead, you could use a hardware wallet for your pledge, your stake, your fees. Have a look at this guide, it explains pretty well how to use a HW wallet to setup a pool.
Wouldn’t it be nice to rest assured that no software bug or any other attack can press the buttons on your device? No more key files that can get lost or compromised.