-
Notifications
You must be signed in to change notification settings - Fork 6
Ubuntu Linux Install Guide
-- DISCLAIMER: By using this guide, you assume sole risk and waive any claims of liability against the author.
-- Note: This guide is for running a Cosmos Validator on a virtual private server (VPS), running Ubuntu 20.04.1 LTS
-- Note: This guide assumes your local machine is a Windows, but most instructions are executed on the remote (VPS) machine.
-- Note: anything preceded by "#" is a comment.
-- Note: anything all-caps in between "<>" is an instruction; e.g. "" might be "foo.txt".
-- Special thanks to Chris Graffagnino and others for sharing their knowledge of Linux and how to secure and hardening Linux
The world’s leading software development platform · GitHub
(If you do not have a ssh key on your computer)
From your local PC
Generate private & public keys (public key will have a ".pub" extension)
When prompted, name it something other than "id_rsa" (in case you're using that somewhere else)
ssh-keygen -t rsa
Lock down private key
chmod 400 ~/.ssh/<YOUR KEY>
Push key up to your box
See below if using Digital Ocean for vps
ssh-copy-id -i ~/.ssh/<YOUR KEYNAME>.pub root@<YOUR VPS PUBLIC IP ADDRESS>
ssh -i ~/.ssh/<YOUR SSH PRIVATE KEY> root@<YOUR VPS PUBLIC IP ADDRESS>
Change this to something identifiable to you
sudo hostnamectl set-hostname <NEW_HOSTNAME>
Edit the hosts file to add your new hostname to the 127.0.0.1. Replace the old hostname with the new one."
sudo nano /etc/hosts
Change the following line:
127.0.0.1 <OLD_HOST_NAME> to
127.0.0.1 SkyNet-Provider
Type ctrl+o to save, ctrl+x to exit
Reboot (You will be kicked off... wait a couple minutes before logging in)
reboot
useradd <USERNAME> && passwd <USERNAME>
usermod -aG sudo <USERNAME>
Give permissions to new user (please type sudo here... even as root user) sudo visudo
sudo visudo
Add entry for new user under "User privilege specification"
<USERNAME> ALL=(ALL:ALL) ALL
Add directory and permissions
mkdir /home/<USERNAME>
chown <USERNAME>:<USERNAME> /home/<USERNAME> -R
Copy pub key to new user
rsync --archive --chown=<USERNAME>:<USERNAME> ~/.ssh /home/<USERNAME>
Set new user's login shell to bash
chsh -s /bin/bash <USERNAME>
sudo apt update
sudo apt upgrade
sudo apt install jq
sudo apt install unzip
sudo apt install net-tools
sudo apt install -y build-essential libssl-dev
Note: there is also a file called "ssh_config"... don't edit that one
nano /etc/ssh/sshd_config
Find the line that says "# Port 22", change that to "Port <CHOOSE A PORT BETWEEN 1024 AND 65535>"
e.g. "Port 2222"
Type ctrl+o to save, ctrl+x to exit
Disable firewall
ufw disable
Set defaults for incoming/outgoing ports
ufw default deny incoming
ufw default allow outgoing
Open ssh port (We are only allowing connection from our own IP)
ufw allow from <IP you will login from> to any port <CHOOSE A PORT BETWEEN 1024 AND 65535 | Same port as above> proto tcp
Double-check the port you chose for ssh was the same as what you set in /etc/ssh/sshd_config
cat /etc/ssh/sshd_config | grep Port
Re-enable the firewall
ufw enable
ufw status verbose
Double-check your new user is in the sudo group
grep '^sudo:.*$' /etc/group | cut -d: -f4
If the above does not return the new username then run this command and repeat the grep:
usermod -aG sudo <USERNAME>
Reboot (You will be kicked off... wait a couple minutes before logging in)
reboot
ssh -p <SSH PORT> -i ~/.ssh/<YOUR SSH PRIVATE KEY> <USERNAME>@<YOUR VPS PUBLIC IP ADDRESS>
sudo nano /etc/ssh/sshd_config
(Change "PermitRootLogin" from "yes" to "no")
ctrl+o to save, ctrl+x to exit
Reboot (You will be kicked off... log back in)
reboot
The following is optional but will give your a colorful terminal window. Note for my Google Cloud instance, this was already there so just add the above two lines to the bottom of the .bashrc file:
# ~/.bashrc: executed by bash(1) for non-login shells.
# see /usr/share/doc/bash/examples/startup-files (in the package bash-doc)
# for examples
# If not running interactively, don't do anything
[ -z "$PS1" ] && return
# don't put duplicate lines in the history. See bash(1) for more options
# ... or force ignoredups and ignorespace
HISTCONTROL=ignoredups:ignorespace
# append to the history file, don't overwrite it
shopt -s histappend
# for setting history length see HISTSIZE and HISTFILESIZE in bash(1)
HISTSIZE=1000
HISTFILESIZE=2000
# check the window size after each command and, if necessary,
# update the values of LINES and COLUMNS.
shopt -s checkwinsize
# make less more friendly for non-text input files, see lesspipe(1)
[ -x /usr/bin/lesspipe ] && eval "$(SHELL=/bin/sh lesspipe)"
# set variable identifying the chroot you work in (used in the prompt below)
if [ -z "$debian_chroot" ] && [ -r /etc/debian_chroot ]; then
debian_chroot=$(cat /etc/debian_chroot)
fi
# set a fancy prompt (non-color, unless we know we "want" color)
case "$TERM" in
xterm-color) color_prompt=yes;;
esac
# uncomment for a colored prompt, if the terminal has the capability; turned
# off by default to not distract the user: the focus in a terminal window
# should be on the output of commands, not on the prompt
force_color_prompt=yes
if [ -n "$force_color_prompt" ]; then
if [ -x /usr/bin/tput ] && tput setaf 1 >&/dev/null; then
# We have color support; assume it's compliant with Ecma-48
# (ISO/IEC-6429). (Lack of such support is extremely rare, and such
# a case would tend to support setf rather than setaf.)
color_prompt=yes
else
color_prompt=
fi
fi
if [ "$color_prompt" = yes ]; then
PS1='${debian_chroot:+($debian_chroot)}\[\033[01;32m\]\u@\h\[\033[00m\]:\[\033[01;34m\]\w\[\033[00m\]\$ '
else
PS1='${debian_chroot:+($debian_chroot)}\u@\h:\w\$ '
fi
unset color_prompt force_color_prompt
# If this is an xterm set the title to user@host:dir
case "$TERM" in
xterm*|rxvt*)
PS1="\[\e]0;${debian_chroot:+($debian_chroot)}\u@\h: \w\a\]$PS1"
;;
*)
;;
esac
# enable color support of ls and also add handy aliases
if [ -x /usr/bin/dircolors ]; then
test -r ~/.dircolors && eval "$(dircolors -b ~/.dircolors)" || eval "$(dircolors -b)"
alias ls='ls --color=auto'
#alias dir='dir --color=auto'
#alias vdir='vdir --color=auto'
alias grep='grep --color=auto'
alias fgrep='fgrep --color=auto'
alias egrep='egrep --color=auto'
fi
# some more ls aliases
alias ll='ls -alF'
alias la='ls -A'
alias l='ls -CF'
# Alias definitions.
# You may want to put all your additions into a separate file like
# ~/.bash_aliases, instead of adding them here directly.
# See /usr/share/doc/bash-doc/examples in the bash-doc package.
if [ -f ~/.bash_aliases ]; then
. ~/.bash_aliases
fi
# enable programmable completion features (you don't need to enable
# this, if it's already enabled in /etc/bash.bashrc and /etc/profile
# sources /etc/bash.bashrc).
#if [ -f /etc/bash_completion ] && ! shopt -oq posix; then
# . /etc/bash_completion
#fi
Now lets configure our .profile/.bash_profile file. Good news, for my Google Could and Ubuntu 20.04 installation the file was already configured to call .bashrc. If not, just create the file and paste the following into it. You should create it in your $HOME directory:
To open/create the file
nano ~/.profile
# ~/.profile: executed by Bourne-compatible login shells.
if [ "$BASH" ]; then
if [ -f ~/.bashrc ]; then
. ~/.bashrc
fi
fi
mesg n 2> /dev/null || true
To save the file:
CTRL+o and ENTER
CTRL+x
To enable the above:
source .profile