Masternode Setup Guide: Part 2
Welcome to Part 2 of the Masternode Setup Guide. If you completed Part 1 successfully then you should have just logged into you newly created VPS using PuTTY. In this part of the guide I will be showing you how to get your VPS ready for use by updating it and making it secure against the naughty people of the web.
After you have logged into your VPS this is what you should see in PuTTY.
As you can see, there are 35 packages which need updating and 10 security updates available (Your screen will more than likely show something different, even if it looks completely different still follow the steps below), we’ll fix that first. Copy and paste the command below followed by ‘Enter‘.
apt-get update && apt-get upgrade
You should see lots of text flashing up on the terminal as shown below.
When prompted click ‘y‘ then ‘Enter‘. Now let’s update Ubuntu specific apps.
apt-get -y dist-upgrade
Notice the ‘-y‘ in this new command, this removes the prompt you saw above (‘Do you want to continue? [Y/n]‘) and just goes ahead and does it regardless. Now lets run that first command again.
apt-get update && apt-get upgrade
Notice the lines highlighted in yellow above, let’s fix that real quick.
apt-get -y autoremove
One thing you may also have noticed from the above picture was the command is different, I used
apt-get -y autoremoveand the terminal suggested just
apt autoremove. So what’s the difference between apt and apt-get ? Nothing; they are the exact same thing, I just learned it the apt-get way and have stuck with it ever since but either way is fine.
Now we’re going to install some useful stuff which you will probably need to install in the future for setting up and monitoring your masternode. Some of these apps are very useful and I will do a post in the future showing how to setup and use them.
sudo apt-get -y install curl nano dbus automake pwgen git screen htop nmap ncdu busybox inxi links unzip python monit
If you look at the output from the command above you may notice a few of the apps were already installed, it seems different VPS hosting companies use their own tailored versions of Ubuntu with their own favoured aps so it’s always best to run the above command just incase they don’t include something you may need.
I’m going to add less screenshots now and just give the commands for you to enter. Let’s start by checking the hostname of the VPS is set correctly.
If it says ‘Static hostname: ‘ with the name you chose in Vultr then that’s all done. If not then use the following command to set it. Obviously you need to put your own hostname where it says <YOUR-HOSTNAME-HERE>.
hostnamectl set-hostname <YOUR-HOSTNAME-HERE>
If you have set up a domain name then you should do the following (as far as I know, only ZenCash Secure Nodes (a fancy name for a masternode) require a domain name to function so this can be skipped!). Skip to Changing the root password if you didn’t set up a domain name though there is some useful information on how to use the nano editor below.
sudo nano /etc/hosts
The above command will bring up the nano editor, this is used for editing files in the terminal, it’s quite easy to use once you get used to it. Scroll to the bottom using the down arrow key or the Page Down key and add the following using your own details. Note: Using the scroll wheel of a mouse is useless inside of a text editor in a terminal!
<THE-VPS-IP-ADDRESS> <YOUR-HOSTNAME> <YOUR-FULL-DOMAIN-NAME>
It should look like this.
To save and exit use the key combination; ‘Ctrl‘ + ‘x‘ to exit, it will ask you if you want to save the file, hit the ‘y‘ key followed by ‘Enter‘ to confirm the name of the file (look at the menu at the bottom after each press to get an idea of what is happening, it also shows what commands can be used by clicking ‘Ctrl‘ plus the letter followed by the ^).
Changing the root password
We’re going to change the root password as it’s quite short and we want to make sure the VPS is as secure as possible.
I use the excellent Lastpass to securely generate and store all my passwords, I highly recommend it, especially if you are going to be getting into the crypto currency space.
Create a long password (32+ digit random password using all characters including numbers, special characters, lower and upper case letters) and save it somewhere. Paste it in using the Right mouse button followed by ‘Enter‘ then again to confirm.
Setting the correct Timezone
We want to make sure the clock on the VPS is set correctly. You can get a list of locations by using this command. Use the spacebar to change page and ‘Ctrl‘ + ‘c‘ to leave the timezone list, this is used a lot in linux to return to the command prompt and is worth remembering!
Once you know your closest location use the following but replacing ‘<YOUR-VPS-HOSTING-LOCATION>‘ with your equivalents. Obviously you want to set the timezone to the country where your VPS is hosted, if it’s in London then use Europe/London, likewise for Europe/Paris, America/New York and Asia/Shanghai etc.
timedatectl set-timezone '<YOUR-VPS-HOSTING-LOCATION>'
Adding a new non-root user
Now we want to increase security further by creating a new user. Create and save a new long secure password like before and paste it in with the right mouse button when prompted. Note: Make sure you save all the passwords created for this VPS, we will be creating 3 passwords within this guide and they should all be very long, completely random and different from each other.
adduser adam && adduser <YOUR-USER-NAME> sudo
Obviously you will want to replace ‘<YOUR-USER-NAME>‘ with your own name. Make sure you follow the prompts on the screen in this process, when it asks for email addresses and phone numbers etc just leave them blank.
Open up a new PuTTY window (don’t close the other one as you may need the root access if things go wrong!) Click on the name you used when you saved your login details to PuTTY last time then click ‘Load‘. Now on the left hand side click on ‘Data‘ under ‘Connection‘ and type your new username you just created into the top box as shown below. This will make PuTTY automatically log into your VPS using that name.
Click on ‘Session‘ at the top and then ‘Save‘ to save the change you just made, now click ‘Open‘. You should now see this, use your password for your new user not the root password.
If you see ‘System restart required‘ once logged in then do this.
sudo shutdown -h now
Notice the word sudo there, as we are now logged in as a non root user, if we want to do stuff that requires administrative privileges we have to use the word sudo in front of the command, generally if you see anything complaining about permissions in linux sticking sudo in front may well fix it.
Now go back to Vultr and click the Stop button followed by the Restart button. Wait a few minutes for the VPS to boot back up then log back in with PuTTY the same as you just did.
One thing you must do when setting up a VPS is configure SSH to make it more secure. First check if there is a ‘.ssh‘ folder using the command below.
The ls command will show you all the files and folders within whatever folder you are currently looking at, the ‘-a‘ option is used to show hidden files and folders, these are the ones that start with the full stop.
You can determine which folder you are looking at by looking to the left of the cursor. It should show your ‘username‘ followed by ‘@‘ followed by the VPS ‘hostname‘ followed by a ‘:‘ followed by the current folder and finally ending with a ‘$‘. Mine shows ‘[email protected]:~$‘ The ‘~‘ character = your home folder. Think of the home folder as kind of like your Desktop on a Windows PC, each user in ubuntu (including the root user) gets their own separate home folder.
If the ‘.ssh‘ folder is not present then copy (‘Ctrl‘ + ‘c‘) and paste (right click on the terminal window) the following one line at a time to create this folder.
mkdir ~/.ssh chmod 0700 ~/.ssh touch ~/.ssh/authorized_keys chmod 0644 ~/.ssh/authorized_keys
Now we need to get ready to create a public Key file.
sudo nano ~/.ssh/authorized_keys
At this point we need to open puttygen that you should have downloaded in Part 1 on your PC, it’ll look like this once opened.
The first thing to do is to change the 2048 at the bottom to 4096 and then click ‘Generate‘. Follow the instructions and wave the mouse around over the blank section to create some randomness.
Once it has finished it should look like the picture below, create and save another very long random password, this one is for the SSH passphrase, and paste it into the the 2 highlighted boxes.
Make sure you save this password, once we’re finished you will not be able to access your VPS without it and will need to start from scratch!!!
Click the ‘Save private key‘ button and save it somewhere safe on your PC. Again don’t lose this file. Right click on the box of text at the top (this is the Public Key) and click ‘Select All‘, now right click again and click ‘Copy‘. Paste this into the PuTTY terminal then save and exit with ‘Ctrl‘ + ‘x‘ then ‘y‘ then ‘Enter‘. You can also save the Public key into a text file if you so wish using the ‘Save public key‘ button.
Log out of the VPs by typing ‘exit‘ and then re-open PuTTY. Once PuTTY is open we need to tell it to use the Private key we just saved, expand where it says ‘SSH‘ on the left under ‘Connection‘ and then click on ‘Auth‘ as shown below. Click ‘Browse‘ and pick the Private key file (.ppk) you just saved and select it. Now go back to ‘Session‘ at the top on the left and click ‘Save‘ again to save your new changes. You can now click ‘Open‘ but this time it will ask you for your SSH passphrase.
Paste the SSH Passphrase you saved earlier into the terminal and hit ‘Enter‘. Once you are logged in we need to make some more changes, enter the following.
sudo nano /etc/ssh/sshd_config
You need to look for and change the following lines as shown then save and exit.
PermitRootLogin yes ——–change to——-> PermitRootLogin no
#PasswordAuthentication yes ——–change to——-> PasswordAuthentication no
UsePAM yes ——–change to——-> UsePAM no
What you just did was tell the VPS that the root user is not allowed to log in (that’s good) and basically you have to sign in using the Private key that matches the Public key saved to the VPS. This makes it much more secure against attack. Now only someone who has access to both your Private key file and your passphrase can access your VPS, that’s why it’s so important to look after both of them!
Now we need to restart the SSH service for the changes to take effect.
sudo systemctl restart sshd.service
Enable and configure the inbuilt firewall
Ubuntu has a firewall called ufw all ready to go but is always disabled by default, just to make sure it isn’t running, run the following command.
sudo ufw status
If it’s not running (disabled) then run the following commands 1 line at a time and in the correct order.
sudo ufw default allow outgoing sudo ufw default deny incoming sudo ufw allow ssh/tcp sudo ufw limit ssh/tcp sudo ufw logging on sudo ufw enable sudo ufw status
That’s it, if it says ‘active‘ like above then you now have a firewall up and running.
Yep we’re now going to add more safety to our setup. Install the excellent fail2ban using the following (again 1 line at a time).
sudo apt-get install fail2ban sudo systemctl enable fail2ban sudo systemctl start fail2ban
What this app does is ban people that keep entering the wrong password when trying to login via ssh, i.e brute force attacks.
Now lets also install a rootkit hunter.
sudo apt-get -y install rkhunter
To run rkhunter you have to use the command below, write it down somewhere and use it every time you log in.
sudo rkhunter --propupd
Setting up Swap
Let’s add some swap memory to give us a bit of breathing room with regards to the small amount of RAM on our VPS (quite a few coins have very memory hungry wallets so this step is a must). First let’s look at how much free memory we have and how much free HDD space we have.
Enter the following 2 commands and you should see something like the picture below.
free -h df -h
The -h option makes the numbers human readable. Notice how the top highlighted line shows ‘0B‘ for ‘Swap:‘.
Now lets add 4GB of swap. Note: If your VPS already has Swap enabled then you should add more to make it up to 4GB. If you have ‘1.0G‘ in the above step then change the value in the first line below to ‘3G‘, likewise if you have ‘2.0G‘ then change the line below to ‘2G‘, I’m sure you can work out what to do if you have ‘3.0G‘ 😉
sudo fallocate -l 4G /swapfile sudo chmod 600 /swapfile sudo mkswap /swapfile sudo swapon /swapfile
Open the sysctl.conf file.
sudo nano /etc/sysctl.conf
Add the following to the bottom then save and exit.
Now open fstab with the following.
sudo nano /etc/fstab
And paste the following line again at the bottom then save and exit.
/swapfile none swap sw 0 0
If you now run the ‘free -h‘ and ‘df -h‘ again (Tip: if you press the up arrow it will show you your previous commands, keep clicking up till you get to the one you want) you will now see you have some lovely swap memory (4.0G) to fall back on should you need to.
That’s it we’re all done, you now have a healthy and secure VPS ready to go, I suggest at this point you create a snapshot if on Vultr (they are free, for now!) which you can easily reinstall if something should go wrong in the future. Just remember to always do the following every time you log in.
sudo apt-get update && sudo apt-get -y upgrade sudo rkhunter --propupd
You could easily write a script to do this and then just run this script whenever you need. I’ll write a separate post on this in the future.
Now like I said at the beginning I’m not an expert in this stuff and I’m sure I’ve probably said to do something wrong, or there’s an easier way to do things, but the best way to get competent at these things is to read, learn and play. Therefore if you have any helpful tips/hints/better ways to do things then please leave a comment so we all can learn together 🙂
Thanks for reading and I hope this has been of some help to you. I plan on doing some writeups soon showing how to install wallets and setting them up to create masternodes to start earning a nice passive income.
Note: Some of the links I’ve used in this post are affiliate links, if you feel this post has been helpful and want to give me a little beer money for my time and to cover the costs of hosting this site then please sign up to one of the services mentioned using the links above, if not then I’m sure you know how to work the google 🙂