-
Notifications
You must be signed in to change notification settings - Fork 6
Validator Guide | How To 1 of 3
-- DISCLAIMER: This guide is for educational purposes only. Do not use in production with real funds.
-- DISCLAIMER: By using this guide, you assume sole risk and waive any claims of liability against the author.
-- Note: This guide is for running Akash Validator on a virtual private server (VPS), running Ubuntu 18.04.
-- Note: This guide assumes your local machine is a Windows, but most instructions are executed on the remote (VPS) machine.
-- Note: anything preceded by "#" is a comment.
-- Note: anything all-caps in between "<>" is an instruction; e.g. "" might be "foo.txt".
-- Special thanks to Chris Graffagnino and others for sharing their knowledge of Linux and how to secure and hardening Linux
The world’s leading software development platform · GitHub
(If you do not have a ssh key on your computer)
From your local PC
Generate private & public keys (public key will have a ".pub" extension)
When prompted, name it something other than "id_rsa" (in case you're using that somewhere else)
ssh-keygen -t rsa
Lock down private key
chmod 400 ~/.ssh/<YOUR KEY>
Push key up to your box
See below if using Digital Ocean for vps
ssh-copy-id -i ~/.ssh/<YOUR KEYNAME>.pub root@<YOUR VPS PUBLIC IP ADDRESS>
ssh -i ~/.ssh/<YOUR SSH PRIVATE KEY> root@<YOUR VPS PUBLIC IP ADDRESS>
useradd <USERNAME> && passwd <USERNAME>
usermod -aG sudo <USERNAME>
Give permissions to new user (please type sudo here... even as root user) sudo visudo
sudo visudo
Add entry for new user under "User privilege specification"
<USERNAME> ALL=(ALL:ALL) ALL
Add directory and permissions
mkdir /home/<USERNAME>
chown <USERNAME>:<USERNAME> /home/<USERNAME> -R
Copy pub key to new user
rsync --archive --chown=<USERNAME>:<USERNAME> ~/.ssh /home/<USERNAME>
Set new user shell to bash
chsh -s /bin/bash <USERNAME>
sudo apt update
sudo apt upgrade
sudo apt install -y build-essential libssl-dev
Note: there is also a file called "ssh_config"... don't edit that one
nano /etc/ssh/sshd_config
Find the line that says "# Port 22", change that to "Port <CHOOSE A PORT BETWEEN 1024 AND 65535>"
e.g. "Port 2222"
Type ctrl+o to save, ctrl+x to exit
Disable firewall
ufw disable
Set defaults for incoming/outgoing ports
ufw default deny incoming
ufw default allow outgoing
Open ssh port
ufw allow from any to any port <CHOOSE A PORT BETWEEN 1024 AND 65535 | Same port as above> proto tcp
Double-check the port you chose for ssh was the same as what you set in /etc/ssh/sshd_config
cat /etc/ssh/sshd_config | grep Port
Re-enable the firewall
ufw enable
ufw status verbose
Double-check your new user is in the sudo group
grep '^sudo:.*$' /etc/group | cut -d: -f4
If the above does not return the new username then run this command and repeat the grep:
usermod -aG sudo <USERNAME>
Reboot (You will be kicked off... wait a couple minutes before logging in)
reboot
ssh -i ~/.ssh/<YOUR SSH PRIVATE KEY> <USERNAME>@<YOUR VPS PUBLIC IP ADDRESS> -p <SSH PORT>
sudo nano /etc/ssh/sshd_config
(Change "PermitRootLogin" from "yes" to "no")
ctrl+o to save, ctrl+x to exit
Change this to something identifiable to you
sudo hostnamectl set-hostname <NEW_HOSTNAME>
Now Linux is setup and hardened. Let's go to how to setup the validator.