-
Notifications
You must be signed in to change notification settings - Fork 6
Ubuntu Linux Install Guide
-- DISCLAIMER: By using this guide, you assume sole risk and waive any claims of liability against the author.
-- Note: This guide is for running Akash Validator on a virtual private server (VPS), running Ubuntu 20.04.1 LTS
-- Note: This guide assumes your local machine is a Windows, but most instructions are executed on the remote (VPS) machine.
-- Note: anything preceded by "#" is a comment.
-- Note: anything all-caps in between "<>" is an instruction; e.g. "" might be "foo.txt".
-- Special thanks to Chris Graffagnino and others for sharing their knowledge of Linux and how to secure and hardening Linux
The world’s leading software development platform · GitHub
(If you do not have a ssh key on your computer)
From your local PC
Generate private & public keys (public key will have a ".pub" extension)
When prompted, name it something other than "id_rsa" (in case you're using that somewhere else)
ssh-keygen -t rsa
Lock down private key
chmod 400 ~/.ssh/<YOUR KEY>
Push key up to your box
See below if using Digital Ocean for vps
ssh-copy-id -i ~/.ssh/<YOUR KEYNAME>.pub root@<YOUR VPS PUBLIC IP ADDRESS>
ssh -i ~/.ssh/<YOUR SSH PRIVATE KEY> root@<YOUR VPS PUBLIC IP ADDRESS>
Change this to something identifiable to you
sudo hostnamectl set-hostname <NEW_HOSTNAME>
Edit the hosts file to add your new hostname to the 127.0.0.1. Replace the old hostname with the new ont."
sudo nano /etc/hosts
Change the following line:
127.0.0.1 <OLD_HOST_NAME> to
127.0.0.1 SkyNet-Provider
Type ctrl+o to save, ctrl+x to exit
Reboot (You will be kicked off... wait a couple minutes before logging in)
reboot
useradd <USERNAME> && passwd <USERNAME>
usermod -aG sudo <USERNAME>
Give permissions to new user (please type sudo here... even as root user) sudo visudo
sudo visudo
Add entry for new user under "User privilege specification"
<USERNAME> ALL=(ALL:ALL) ALL
Add directory and permissions
mkdir /home/<USERNAME>
chown <USERNAME>:<USERNAME> /home/<USERNAME> -R
Copy pub key to new user
rsync --archive --chown=<USERNAME>:<USERNAME> ~/.ssh /home/<USERNAME>
Set new user's login shell to bash
chsh -s /bin/bash <USERNAME>
sudo apt update
sudo apt upgrade
sudo apt install unzip
sudo apt install net-tools
sudo apt install -y build-essential libssl-dev
Note: there is also a file called "ssh_config"... don't edit that one
nano /etc/ssh/sshd_config
Find the line that says "# Port 22", change that to "Port <CHOOSE A PORT BETWEEN 1024 AND 65535>"
e.g. "Port 2222"
Type ctrl+o to save, ctrl+x to exit
Disable firewall
ufw disable
Set defaults for incoming/outgoing ports
ufw default deny incoming
ufw default allow outgoing
Open ssh port (We are only allowing connection from our own IP)
ufw allow from <IP you will login from> to any port <CHOOSE A PORT BETWEEN 1024 AND 65535 | Same port as above> proto tcp
Double-check the port you chose for ssh was the same as what you set in /etc/ssh/sshd_config
cat /etc/ssh/sshd_config | grep Port
Re-enable the firewall
ufw enable
ufw status verbose
Double-check your new user is in the sudo group
grep '^sudo:.*$' /etc/group | cut -d: -f4
If the above does not return the new username then run this command and repeat the grep:
usermod -aG sudo <USERNAME>
Reboot (You will be kicked off... wait a couple minutes before logging in)
reboot
ssh -p <SSH PORT> -i ~/.ssh/<YOUR SSH PRIVATE KEY> <USERNAME>@<YOUR VPS PUBLIC IP ADDRESS>
sudo nano /etc/ssh/sshd_config
(Change "PermitRootLogin" from "yes" to "no")
ctrl+o to save, ctrl+x to exit
Reboot (You will be kicked off... wait a couple minutes before logging in)
reboot
Now that Linux is setup and hardened, lets move to the next step. Configure an enterprise class Akash Validator secured by best practice network architecture, Ledger Nano based keys and NGINX Rate Control DDoS protection:
GO -> Akash Validator Installation Guide. Applicable to all Cosmos SDK Sentries/Validators