Topics being covered…

1. Setting up Raspbian (a Raspberry Pi OS) on the SD card. During this tutorial I was using Raspbian Stretch.
2. Setting up WiFi headlessly for the pi
3. Enabling SSH headlessly
4. Using SSH to connect to the pi
5. Securing your pi
6. Setting up your exchange account (Binance in the case of this tutorial)
7. Installing Gekko

Setting up Rasbian on the SD card

Before connecting the raspberry pi to any power source, we must install an operating system on the pi — Raspbian. For this you will need a computer or laptop that has a memory card reader or you will need to connect an external memory card reader.

Note: For this tutorial, I used the Lite version of Raspbian as most of the setup is via the terminal but you can also download the full version which comes with a GUI and then use a terminal for the instructions.

Download a Raspbian image

Install etcher.io

It will help you install Raspbian on the SD card.

Flash SD card

• Insert SD card into reader
• Format SD card using Fat32 format (this step is optional)
• Launch etcher on your computer
• Select the Raspbian image you just downloaded
• Etcher should automatically find your SD card
• And flash your SD card

Need more HELP?
If you need further assistance in installing Raspbian on the pi, you can use the NOOBS installer. More information is available here — https://www.raspberrypi.org/documentation/installation/installing-images/README.md

Setting up WiFi headlessly for the pi

To avoid connecting the pi with peripherals (monitor, keyboard, mouse), I decided to set up the WiFi headlessly. So essentially, we will need to add a config file to the boot partition of the SD card that was just flashed with the Raspbian image using your computer.

Note: If you are directly connecting the pi via an ethernet cable, you can skip this section.

Find your network

First, we need to find the details (ESSID and Encryption) of your WiFi network. This will be very similar to the name of your WiFi.

1. Enter the following in the terminal of the computer you are using (once again, assuming you are using a Linux based machine):

sudo iwlist wlan0 scanning | egrep 'Cell |Encryption|ESSID'

Note: This is a modified version of sudo iwlist wlan0 scan which has a lot of additional information. We only need the ESSID.

2. Note down the ESSID and make sure you have your WiFi password handy.

Adding network config to your pi

When adding the WiFi password, we need to create an encrypted form so that a spy can’t simply find your password in plain text,

1. Enter the following in the terminal to get the encrypted PSK:

wpa_passphrase "MyWiFiESSID" "MyWiFiPassword" >> wpa_supplicant.conf

Two things are happening here:

wpa_passphrase "MyWiFiESSID" "MyWiFiPassword" will create a network profile with your password replaced by a token so that it is not saved as plain text.

>> wpa_supplicant.conf will add the network profile to your configuration file.

2. Now we need to remove the plain text password that also gets copied into the config file. In the terminal:

sudo nano wpa_supplicant.conf

3. Your WiFi profile will look like this:

ctrl_interface=DIR=/var/run/wpa_supplicant GROUP=netdev
network={
  ssid="MyWiFiESSID"
  #psk="MyWiFiPassword"
  psk=131e1e221f6e06e3911a2d11ff2fac9182665c004de85300f9cac208a6a80531
}

4. Remove #psk="MyWiFiPassword" and add the line ctrl_interface=DIR=/var/run/wpa_supplicant GROUP=netdev, if it’s missing.

5. Save it.

6. Copy wpa_supplicant.conf to the boot partition of your flashed SD card.

More info can be found here — https://howchoo.com/g/ndy1zte2yjn/how-to-set-up-wifi-on-your-raspberry-pi-without-ethernet and https://www.raspberrypi.org/documentation/configuration/wireless/wireless-cli.md

Enabling SSH headlessly

Now that the WiFi configuration is set up, we still need a way to access the pi over the network to avoid connecting the peripherals — so we need to enable SSH before we actually start up the raspberry pi.

Create a file called ssh with no extension and put it in the boot partition of the SD card — same place as the wpa_supplicant.conf file.

More info can be found here — https://www.raspberrypi.org/documentation/remote-access/ssh/README.md

Using SSH to connect to the pi

Now you are ready to start up the pi so connect the power source — that should start it up. It took a couple of restarts for it to connect to the WiFi and have the SSH running.

A really cool thing with the new Raspbian is that you don’t need to fix the IP address anymore (like we needed to before) — all you need to use is raspberrypi.local as the hostname.

Open up your terminal,

ssh pi@raspberrypi.local

I used a Linux machine to connect to my pi, but for Windows users, you will need to install an additional tool — Putty, in order to SSH into another computer.

OR

Enter, if you know the IP address of the pi.

ssh pi@<ip address>

The first time you connect, it will ask you if you trust this fingerprint. Select ‘Yes’.

You will need to enter your pi’s password, which should be raspberry unless you changed it.

If you connect successfully, your terminal’s prompt will change to pi@raspberrypi

Note: For more information on setting up SSH — https://www.raspberrypi.org/documentation/remote-access/ssh/README.md

If you have problems using raspberrypi.local you will need to find the pi’s address. There are many ways to do this and some of the methods can be found here — https://www.raspberrypi.org/documentation/remote-access/ip-address.md

Securing your pi

I’m not a security expert but considering you are setting up a crypto bot trader on this pi, you would want to take at least some basic precautions. For this tutorial, I’m just covering key pair login for SSH since the steps are slightly more complex than the other methods (see note below).

Note: There are many additional ways to secure the pi but it’s beyond the scope of this tutorial so you can find some options here — https://www.raspberrypi.org/documentation/configuration/security.md

Using key-based authentication

Very naively, a key pair is created — a private and public key. The public key is stored on your pi and the private key on the computer you will be using to SSH into the pi. When the pi recognises your private key with the help of your public one on it, it lets you login without the need of entering your pi’s password over the network.

1. Generate a key pair on your computer,

ssh-keygen -t ed25519

I’ve used ed25519 which is a newer and better algorithm to generate the keys.

2. Use the default for the file names and preferably enter a passphrase, although this is optional.

3. Once you’ve generated the keys, they should have been automatically saved in ~/.ssh and if you followed the defaults then the two filenames will be id_ed25519 and id_ed25519.pub . The .pub file is your public key and the one we will copy onto the pi. The other is your private key — NEVER share it with anyone or over the network or email or take a screenshot etc. etc.

4. Copy the contents of your .pub file into your pi’s ~/.ssh/authorized_keysfile. If the authorized_keys file isn’t created, create it using,

mkdir ~/.ssh
touch ~/.ssh/authorized_keys

Then open the file using nano and copy your public key in.

5. Now restart your ssh connection to your pi, and this time you won’t need to enter the pi’s password but simply the key’s passphrase (if you had set it).

6. If you use multiple computers to connect to your pi, you will have to generate a separate set of key pairs.

7. Let’s disable password login so only the computers with an SSH key pair can connect to your pi.

sudo nano /etc/ssh/sshd_config

8. Change the following settings to ‘no’

ChallengeResponseAuthentication no
PasswordAuthentication no
UsePAM no

9. Make sure to reboot and login with your key pair 🙂

More details on this process can be found here — https://www.ssh.com/ssh/keygen/

Enable password for sudo

By default, the pi doesn’t ask you to enter the password whenever you run a command with sudo. This is very good practice for any Linux based computer. So first let’s change the password to something other than raspberry (worldwide password for all pi’s) and then we enable it for sudo.

1. Enter passwd and follow the instructions to change your password
2. Open this file using nano sudo nano /etc/sudoers.d/010_pi-nopasswd
3. And change your pi user setting to this pi ALL=(ALL) PASSWD: ALL Basically, you will be changing NOPASSWD to PASSWD .

Now every time you need to run a superuser command, it will ask for a password. This is important especially since new software can’t be installed without this password.

Let’s update the system,

sudo apt-get update
sudo apt-get upgrade

Mnemonic: I always get confused as to whether it’s update first or upgrade, so here’s a mnemonic to remember the order. Look at the third letter of each word (basically both start with ‘up’ so we can remove those): ‘d’ and ‘g’. d comes before g in the alphabet, so update comes first and then upgrade .

Setting up your exchange account

I chose to use Binance instead Bittrex (like my previous tutorial) for this tutorial because one of the bots I’m trying out doesn’t support Bittrex for backtesting.

So if you haven’t created an account Binance, now would be the time and I would appreciate it if you could use my referral as a thank you if you enjoyed this tutorial 🙂
https://www.binance.com/?ref=25801596

You don’t need to do KYC, if you’re only planning to use crypto-pairs on this exchange. Hopefully that should speed up the registration process.

Creating API keys

1. Go to your account (top right)
2. In the API box select ‘API Setting’

3. Select a name for your API key. I selected Gekko since that was the bot I was going to use the key for.

4. On the next screen it will show you a key with its secret. Note it down, preferably, on paper (so you can burn it later muahaha… but just so it’s safer). This step is for the extra paranoid. To avoid copy pasting it later in your bot settings because some people are concerned that their clipboards might be compromised. So it’s up to you really.

Just in case, you copied it wrong, don’t worry, you can always come back and look at it later.

Installing Gekko

1. Install nodejs, npm and git

curl -sL https://deb.nodesource.com/setup_9.x | sudo -E bash -
sudo apt-get install nodejs npm git

Note: The first command adds a repository with a more updated version of nodejs. Find more info here — http://thisdavej.com/upgrading-to-more-recent-versions-of-node-js-on-the-raspberry-pi/

2. Download Gekko and navigate to the directory gekko that it gets installed in

git clone git://github.com/askmike/gekko.git -b stable
cd gekko

3. Download Gekko’s dependencies

npm install --only=production

4. Update config file

sudo nano web/vue/UIconfig.js

With the following settings,

const CONFIG = {
    headless: true,
    api: {
        host: '0.0.0.0',
        port: 3000,
        //timeout: 12000
    },
    ui: {
        ssl: false,
        host: 'x.x.x.x', // Set this to the IP of the machine that will run Gekko
        port: 3000,
        path: '/'
    },
    adapter: 'sqlite'
}

Please look through carefully, there are a lot of changes to make.

5. Install pm2 so that you can run the bot in the background, even after you close the ssh.

sudo npm install pm2 -g

6. Finally run the Gekko UI

node gekko --ui

OR

If you want to run Gekko in the background — access the ui from your laptop but not keep your ssh tunnel,

pm2 start gekko.js --name gekko -- --ui

Go to http://<pi-ip-address>:3000/