Now that I’ve helped several people with their masternodes, I’ve noticed that many people are just copying and pasting the commands from an online setup guide.  Unfortunately, a lot of the guides gloss over important things like server security.  The video below shows how to secure a Linux VPS.  All of the commands in the video are found below it, so you can just copy and paste them…ironic isn’t it?

Steps in Securing a Linux VPS for a masternode

As root on the VPS:

adduser crypto
usermod -aG sudo crypto
su – crypto
sudo apt-get update

now back on your computer
Mac or Linux

ssh-copy-id crypto@ip.address

#copy the contents of id_pub.ppk
#paste it into .ssh/authorized_keys on the vps

mkdir .ssh
nano .ssh/authorized_keys
chmod 660 .ssh/authorized_keys

Now test your new keys
Leave the first putty window open
Open a NEW session and choose your private key from the auth
Save the session
Did it work? Yay!!!

Now let’s disable password and root logins:
you could sudo nano /etc/ssh/sshd_config
but that’s not cool. Let’s do it with sed!

sudo sed -i ‘s/PasswordAuthentication yes/PasswordAuthentication no/’ /etc/ssh/sshd_config
sudo sed -i ‘s/PermitRootLogin yes/PermitRootLogin no/’ /etc/ssh/sshd_config

#restart ssh server

sudo service sshd restart

Now test your settings
Open a new session and try to log in with root@ip.address
It shouldn’t let you
Now try to login as your username without using the key, and it shouldn’t let you.

You’re half way there, livin on a prayer!!

Now let’s install a simple firewall
We’ll lock down all the ports except the one needed by SSH and your coin (this will change depending on your coin).
We’ll limit the number of SSH connections to help prevent brute force attacks

sudo apt-get install ufw -y
sudo ufw allow ssh/tcp
sudo ufw limit ssh/tcp
sudo ufw allow 9999/tcp #replace the number with the port of your coin
sudo ufw allow 8888/tcp #you can open additonal ports if running more coins
sudo ufw logging on
sudo ufw enable
sudo ufw status

And now let’s install fail2ban

sudo apt -y install fail2ban
sudo systemctl enable fail2ban
sudo systemctl start fail2ban