Creating and Securing a VPS for Staking Cryptocurrencies on Digital Ocean
This is a companion piece to my guide to staking OUR tokens. I have split it from that guide for space reasons.
Digital Ocean also provides some great guides and info on securing your VPS, and I would highly recommend reading further.
Create your VPS for staking
Create a new Ubuntu 16.04 VPS on Digital Ocean. You can use this referral link https://m.do.co/c/432b6968e012 and receive a $100 credit and 60 day trial.
Create an account, and verify your email address. I recommend using a different email address than you use for other accounts.
After you confirm your email address you will need to enter a credit card. You will not be charged until the trail expires and you can cancel at any time. You can also use Paypal.
Create a droplet. This is the VPS you will use.
Click the blue Create Droplet button
When it asks you to choose an image, select Ubuntu version 16.04 from the menu.
Select the plan you would like to use. Standard should be fine. Add backups you would like Digital Ocean to manage backups for you.
Choose your desired datacenter location.
Finalize and create your droplet.
You will need a terminal program to connect to your VPS. I prefer MobaXTerm, but many people use Putty or Super Putty.
You can cut and paste each of these commands.
VPS Security- Add user, remove root, setup SSH keys
- Create a new user(Choose whatever name you like)
adduser paddy
- Make the new user an administrator. This will add your new user to the super user group, which will enable you to run necessary commands.
usermod -aG sudo paddy
- Switch to your new user
su paddy
- We want our VPS to be as secure as possible. That means we will use SSH keys to connect, rather than password authentication. To create the keys enter:
ssh-keygen
You will be prompted for a number of inputs, you can press enter and use the defaults. When asked to enter a passphrase, it is recommended you use one. This further secures your SSH keys from being used by anyone else. Do not forget this password—you will be unable to login to your VPS without it.
- Install the keys on the VPS
ssh-copy-id paddy@localhost
- Download the private key to your local machine.
If you are using MobaXTerm the easiest way is to use the file browser. Double click the .ssh folder and then download the id_rsa file to your desktop. You will need this file on any device you wish to connect to your VPS from. Keep it somewhere secure and make a backup copy. You will not be able to login to your VPS if this file gets lost.
The keys are located in ~/.ssh
Once you have downloaded the private key, log onto your VPS with a new session to be certain that your key works.
Now that we have created SSH keys, and double checked that they work properly, we will edit the SSH configuration to disable root login, disable password login, and change our SSH port from the default.
sudo nano /etc/ssh/sshd_config
Near the top of the file find the line: #What ports, IPs and protocols we listen for
Port 22
Change the number to something other than 22. Port 5491 for example. Remember this number.
Find the lines for #Authentication and change PermitRootLogin yes to
PermitRootLogin no
Further down the file find PasswordAuthentication
If there is a # next to it remove it and change yes to no
PasswordAuthentication no
Save your file(ctrl + o) and exit (ctrl + x)Restart SSH
sudo systemctl restart ssh
At this point, you should double check that your login works properly with a new session before closing this one. Once you have made sure, exit this session by typing exit and closing the window.
Great—now you have a VPS which can only be accessed through SSH keys, with the root login disabled.Ensure that UFW firewall is installed
sudo apt-get install ufw
Block connections by default
sudo ufw default deny incoming sudo ufw default allow outgoing
Allow your SSH connection. You will need to enter the port number you chose in step 8.
sudo ufw allow 5491
Enable UFW
sudo ufw enable
Update packages
sudo apt-get update sudo apt-get upgrade -y
Optional: Install a screen manager
Screen is a utility which will manage different screens on your VPS. This will allow you to run programs in the background without needing to open a new session.
apt-get install screen
Congratulations @onlineigniter! You received a personal award!
You can view your badges on your Steem Board and compare to others on the Steem Ranking
Vote for @Steemitboard as a witness to get one more award and increased upvotes!