How to Create or Restore a Monero Wallet Using a Linux Live USB Drive

Overview

If you're using a standard Linux installation (not a Live USB environment), you can follow our tutorials on creating a command line wallet or using the GUI wallet.

When booting from a Linux Live USB drive, the system runs entirely in RAM with no persistent storage. This means you cannot download and store the Monero blockchain (currently over 200GB and growing), regardless of how much RAM you have. Live USB environments are designed to be temporary and stateless — everything disappears on shutdown.

This guide presents two solutions to work around the blockchain storage limitation:

• Option 1: Run a full Monero node on a second trusted computer and connect your Live USB wallet to it via a secure SSH tunnel
• Option 2: Connect your wallet to a public remote node (faster setup, but requires trusting a third party)

For maximum privacy and security, Option 1 is recommended. Option 2 is suitable for temporary use or when you don't have access to a second computer.

Important: This tutorial assumes you're comfortable with basic command-line operations, IP addresses, and SSH configuration. If these concepts are unfamiliar, consider using a standard Linux installation with our GUI wallet tutorial instead.

Understanding the Security Trade-offs

When using a Live USB environment, your wallet exists only in RAM and disappears after shutdown. This provides excellent security against malware and keyloggers, but creates the blockchain storage challenge mentioned above.

Option 1 (Trusted Node): Running your own node on a second computer gives you complete control and privacy. Your node validates all transactions and doesn't reveal which transactions belong to you. The SSH tunnel encrypts all communication between your Live USB wallet and your node.

Option 2 (Public Remote Node): A public remote node can see your IP address and knows which blocks you're requesting (though it cannot see your wallet balance or spending due to Monero's privacy features). This is a reasonable trade-off for temporary use, but not recommended for large holdings or regular use.

Option 1: Using a Trusted Node on a Second Computer

For this setup, we'll call your Live USB computer COMPUTER A (wallet only) and your trusted computer running the node COMPUTER B (node only).

Prerequisites

• COMPUTER A: Ubuntu Live USB drive (24.04 LTS or later recommended)
• COMPUTER B: Linux or macOS computer with at least 250GB free storage and reliable internet
• Both computers on the same local network
• SSH enabled on COMPUTER B
• Basic familiarity with terminal commands

Step 1: Set Up the Monero Node on COMPUTER B

Follow the first section of our How to Run a Monero Node tutorial on COMPUTER B. You only need to complete the steps up to and including running the monerod command. The node will begin downloading the blockchain, which may take 24-48 hours on a typical connection.

Note: You can proceed with the wallet setup on COMPUTER A while the blockchain is syncing on COMPUTER B. Your wallet will sync once the node is ready.

Step 2: Enable SSH on COMPUTER B

SSH (Secure Shell) must be enabled on COMPUTER B to allow the secure tunnel. The exact method depends on your operating system:

• Ubuntu/Debian: sudo apt install openssh-server && sudo systemctl enable ssh
• macOS: System Settings → General → Sharing → Enable "Remote Login"

Verify SSH is running: sudo systemctl status ssh (Linux) or check the "Remote Login" toggle (macOS).

Step 3: Find the Local IP Address of COMPUTER B

On COMPUTER B, open a terminal and run:

Look for an IP address starting with 192.168. or 10. — this is your local network IP. Example: 192.168.1.105

Step 4: Create a Live USB Drive for COMPUTER A

Download Ubuntu Desktop 24.04 LTS from ubuntu.com and create a bootable USB drive using:

• Windows/macOS: Rufus or balenaEtcher
• Linux: dd command or GNOME Disks utility

Boot COMPUTER A from the USB drive and select "Try Ubuntu" (do not install).

Step 5: Create the Secure SSH Tunnel from COMPUTER A

On COMPUTER A (Live USB), open a terminal and run:

Replace username with your COMPUTER B username and 192.168.1.105 with your COMPUTER B IP address from Step 3.

When prompted, enter your COMPUTER B password. If successful, the terminal will appear to "hang" — this is normal. The tunnel is now active and forwarding traffic from COMPUTER A port 18081 to COMPUTER B's Monero node on port 18081.

Leave this terminal window open. If you close it, the tunnel will disconnect.

Step 6: Install and Run the Monero Wallet on COMPUTER A

Open a new terminal window on COMPUTER A and follow either:

• Command Line Wallet Tutorial — Skip the node setup steps; only install and run the wallet
• GUI Wallet Tutorial — When creating a new wallet, select "Connect to a remote node" and use 127.0.0.1:18081

Your wallet will connect to localhost:18081, which the SSH tunnel transparently forwards to your trusted node on COMPUTER B.

Step 7: Save Your Wallet Files

Before shutting down COMPUTER A, you must save your wallet files to persistent storage (USB drive, encrypted cloud storage, etc.). Your 25-word seed phrase can regenerate your wallet, but saving the wallet files preserves your transaction history and labels.

Critical files to save:

• Wallet file (e.g., MyWallet)
• Wallet keys file (e.g., MyWallet.keys)
• Your 25-word seed phrase (written down securely offline)

Option 2: Using a Public Remote Node

If you don't have access to a second computer or need a temporary solution, you can connect your wallet to a public remote node. This is faster to set up but requires trusting the node operator not to log your IP address or requested blocks.

Step 1: Create a Live USB and Boot COMPUTER A

Follow Step 4 from Option 1 to create and boot from an Ubuntu Live USB drive.

Step 2: Install the Monero Wallet

Choose one of the following wallet tutorials and follow the installation steps (skip the node setup):

• Command Line Wallet
• GUI Wallet

Step 3: Configure Remote Node Connection

For GUI Wallet: During wallet creation, select "Connect to a remote node" and choose one from the built-in list, or manually enter a trusted node address.

For CLI Wallet: When starting monero-wallet-cli, add the --daemon-address flag:

Popular public nodes include node.moneroworld.com:18089 and node.sethforprivacy.com:18089, but availability changes frequently. Check monero.fail for current node status.

Step 4: Verify Connection

After starting your wallet, verify the connection:

• CLI: Type status and confirm you see "Height" increasing
• GUI: Check the bottom-left network indicator shows "Connected"

FAQs

Why use a Live USB environment instead of a regular Linux installation?

A Live USB environment runs entirely in RAM and leaves no traces on your hard drive after shutdown. This protects against persistent malware, keyloggers, and forensic analysis. When combined with proper wallet file management, it's one of the most secure ways to interact with Monero without a hardware wallet. However, the trade-off is that you must carefully preserve your wallet files and seed phrase externally, as nothing survives a reboot. This approach is particularly valuable for users working on potentially compromised systems or those requiring maximum operational security.

Can I use the GUI wallet with the SSH tunnel method?

Yes. When creating a wallet in the Monero GUI, select "Connect to a remote node" and enter 127.0.0.1:18081 as the daemon address. The SSH tunnel (established in Step 5 of Option 1) will transparently forward this connection to your trusted node on COMPUTER B. The GUI wallet provides a more user-friendly interface compared to the CLI wallet, especially for viewing transaction history and managing multiple accounts. However, it consumes more RAM, which may be a concern on systems with limited memory. The security properties remain identical — your private keys never leave COMPUTER A.

How much RAM do I need on COMPUTER A?

For CLI wallet usage, 2GB RAM is typically sufficient. For the GUI wallet, 4GB RAM is recommended for smooth operation. The wallet itself is lightweight, but the Ubuntu Live environment requires resources. If you experience performance issues, close unnecessary applications and browser tabs. The blockchain is stored entirely on COMPUTER B (Option 1) or the remote node (Option 2), so RAM on COMPUTER A is only used for the operating system and wallet interface, not blockchain storage.

What happens if the SSH tunnel disconnects while I'm using my wallet?

If the SSH tunnel drops (due to network interruption or accidentally closing the terminal), your wallet will lose connection to the node and display a "daemon disconnected" error. Your funds remain safe — wallet state is local. Simply re-establish the SSH tunnel using the same command from Step 5, then restart your wallet or wait for it to automatically reconnect. Any pending transactions will resume syncing once the connection is restored. To prevent accidental disconnection, some users run the SSH command in a screen or tmux session, which persists even if the terminal window closes.

Is using a public remote node safe for my funds?

Yes, your funds are cryptographically safe. A malicious remote node cannot steal your Monero or see your private keys, which remain on COMPUTER A. However, the node operator can see your IP address and which blocks you're requesting, potentially linking your IP to transaction timing. Monero's ring signatures and stealth addresses still protect transaction details from the node. For maximum privacy, use Option 1 (trusted node) or run your wallet through Tor when connecting to public nodes. Public nodes are a reasonable trade-off for temporary use, small amounts, or situations where running your own node isn't feasible.

Do I need to keep COMPUTER B running all the time?

COMPUTER B only needs to run when you're actively using your wallet on COMPUTER A. However, keeping the node running continuously ensures it stays fully synced with the network, reducing wait times when you need to use your wallet. Many users run nodes on low-power devices (like a Raspberry Pi) or repurposed computers that can stay on 24/7 without significant electricity costs. If you shut down COMPUTER B between sessions, it will need to sync any new blocks before your wallet can send transactions, which typically takes a few minutes depending on how long it's been offline.

Can I restore an existing wallet in the Live USB environment?

Yes. Both CLI and GUI wallets support restoration from your 25-word seed phrase. Launch the wallet software, select "Restore wallet from seed," and enter your seed phrase when prompted. The wallet will regenerate your keys and scan the blockchain for your transactions. If you have the original wallet files saved externally, you can also copy them to the Live USB and open them directly (faster than seed restoration, as it preserves transaction history). Always ensure your seed phrase is entered in a secure environment — the Live USB provides strong protection against keyloggers that might capture it.

Common Problems and Solutions

SSH Connection Refused

Symptoms: ssh: connect to host 192.168.x.x port 22: Connection refused

Solution: Verify SSH is running on COMPUTER B with sudo systemctl status ssh (Linux) or check "Remote Login" is enabled in macOS System Settings. Confirm COMPUTER B's firewall isn't blocking port 22. Try pinging COMPUTER B from COMPUTER A to ensure network connectivity: ping 192.168.x.x

Wallet Shows "Daemon Not Connected"

Symptoms: Wallet launches but displays "Waiting for daemon" or "Daemon offline"

Solution: Verify the SSH tunnel is still active (terminal should be open and "hanging"). Check that monerod is running on COMPUTER B with ps aux | grep monerod. Confirm the wallet is configured to connect to 127.0.0.1:18081 (not a different address). Restart both the SSH tunnel and wallet if issues persist.

Blockchain Sync Takes Forever

Symptoms: Node on COMPUTER B syncs extremely slowly or stalls

Solution: Initial blockchain sync can take 24-48 hours on a typical connection. Check COMPUTER B's internet speed and ensure no bandwidth-heavy applications are running. Verify COMPUTER B has at least 250GB free disk space. If sync stalls completely, restart monerod with the --block-sync-size 10 flag to reduce memory usage. Consider using --prune-blockchain to reduce storage requirements to ~100GB if space is limited.

Remote Node Connection Fails

Symptoms: Wallet cannot connect to public remote node

Solution: Public nodes frequently go offline or become overloaded. Try a different node from monero.fail. Ensure your firewall isn't blocking outbound connections on port 18081 or 18089. Verify you're using the correct format: node.example.com:18089 (not http:// prefix). Some nodes require specific ports — check the node's documentation.

Wallet Files Don't Load After Reboot

Symptoms: Wallet files saved to USB don't open or show "corrupt file" error

Solution: Live USB environments sometimes have issues with USB write permissions. Always verify files are fully written before removing USB drives (use sync command). Test file integrity immediately after saving by attempting to open the wallet. For critical storage, use multiple backup methods (encrypted cloud backup, separate USB drives). If files are corrupted, restore from your 25-word seed phrase — this is why the seed phrase is the ultimate backup.

Security Best Practices

• Never reuse the Live USB for other purposes. Keep a dedicated USB drive for wallet operations to minimize contamination risk.
• Write your seed phrase on paper, never digitally. Store it in a secure physical location separate from wallet files.
• Verify the Ubuntu ISO checksum before creating the Live USB. This ensures you're booting from authentic Ubuntu software.
• Use strong passwords for both your SSH connection and wallet encryption. Consider using a password manager (run from the Live USB) to generate and store complex passwords.
• Physically secure COMPUTER B if it stores your node. While the node doesn't hold private keys, it does have a full blockchain record that could be analyzed.