Now that I’ve helped several people with their masternodes, I’ve noticed that many people are just copying and pasting the commands from an online setup guide. Unfortunately, a lot of the guides gloss over important things like server security. The video below shows how to secure a Linux VPS. All of the commands in the video are found below it, so you can just copy and paste them…ironic isn’t it?
Steps in Securing a Linux VPS for a masternode
As root on the VPS:
usermod -aG sudo crypto
su – crypto
sudo apt-get update
now back on your computer
Mac or Linux
#copy the contents of id_pub.ppk
#paste it into .ssh/authorized_keys on the vps
chmod 660 .ssh/authorized_keys
Now test your new keys
Leave the first putty window open
Open a NEW session and choose your private key from the auth
Save the session
Did it work? Yay!!!
Now let’s disable password and root logins:
you could sudo nano /etc/ssh/sshd_config
but that’s not cool. Let’s do it with sed!
sudo sed -i ‘s/PasswordAuthentication yes/PasswordAuthentication no/’ /etc/ssh/sshd_config
sudo sed -i ‘s/PermitRootLogin yes/PermitRootLogin no/’ /etc/ssh/sshd_config
#restart ssh server
sudo service sshd restart
Now test your settings
Open a new session and try to log in with firstname.lastname@example.org
It shouldn’t let you
Now try to login as your username without using the key, and it shouldn’t let you.
You’re half way there, livin on a prayer!!
Now let’s install a simple firewall
We’ll lock down all the ports except the one needed by SSH and your coin (this will change depending on your coin).
We’ll limit the number of SSH connections to help prevent brute force attacks
sudo apt-get install ufw -y
sudo ufw allow ssh/tcp
sudo ufw limit ssh/tcp
sudo ufw allow 9999/tcp #replace the number with the port of your coin
sudo ufw allow 8888/tcp #you can open additonal ports if running more coins
sudo ufw logging on
sudo ufw enable
sudo ufw status
And now let’s install fail2ban
sudo apt -y install fail2ban
sudo systemctl enable fail2ban
sudo systemctl start fail2ban