Secure Your SmartCash SmartNode VPS on Ubuntu 16.04 with a Mac Wallet v1.0
Mac 10.13.2 (Local Wallet)
Ubuntu 16.04 LTS x64 (VPS smartnode)
Donation to my Smartcash: SebFkuHrqDnj3obXvMtfxtQKRgFeVpXF5x
This guide assumes that you have already configured your SmartNode using the following guide
This section will guide you through disabling ssh access for root and creating a smartadmin user that will have access via ssh with the keys controlled on your MAC.
Section 1: Add the smartadmin user
- ssh into your VSP
Once you have logged back in let us create a new user (I used “smartadmin”) with the command
- Enter the details for a password and keep it safe.
- You can enter the optional information but it is not necessary so you can just skip it by pressing enter.
- Type Y for the questions “Is this information correct” and press enter.
- Give the smartadmin the ability to elevate the user privileges when needed by adding the user to the sudo group with the command
gpasswd -a smartadmin sudo
Section 2: install the firewall and set it up
- Let us install the firewall with
apt-get install ufw
- Open up the correct ports for the SmartNode to function later.
ufw allow ssh/tcp
ufw limit ssh/tcp
ufw allow 9678/tcp
ufw logging on
- Check the status of the firewall with
Section 3: Setup ssh on local MAC and send keys to VPS server
- Let us create the ssh key on the local MAC
(!) WARNING if you are doing multiple smartnodes you can skip this step, if you already performed this for your 1st smartnode. Do not overwrite your .ssh/id_rsa. (!)
ssh-keygen -t rsa -b 2048
It will offer to save the file in the default location:
Press Enter to Accept Defaults.
Create a Passphrase.
Enter the Passphrase Again.
Remember this Passphrase as you will need it to log in to all your ssh hosts going forward.
- Secure copy the pub key to the VPS server
First make a directory for the .ssh keys on the VPS server.
ssh smartadmin@VPS-IP 'mkdir ~/.ssh'
- Now copy the keys over from the MAC to the VPS
scp ~/.ssh/id_rsa.pub smartadmin@VSP-IP:~/.ssh/authorized_keys
now set the permission correct on the authorized_keys
ssh smartadmin@VSP-IP 'chmod 600 ~/.ssh/authorized_keys'
- Now to disable root access for ssh
ssh into your VSP
edit the sshd config file
Scroll down the file till you see
PermitRootLoginyes and change it to
Scroll down to
PasswordAuthenticationand make sure it has
nocharacter in front and says no (check screenshot)
Now press CTRL + x to close.
“Save modified buffer?” will appear at the bottom.
Press Y to save.
Hit Enter to confirm the filename to save as.
Now it is time to restart the ssh service, so the changes become active.
systemctl reload sshd
- Validate root doesn't have access and login in with smartadmin user
You should get Permission denied (publickey)
Note: when it asks for your
Enter passphrase for keyit is not the root password or smartadmin password, it is the passphrase you used to create the ssh key
Now login with smartadmin
To issue commands like
smartcash-cli getinfo you need to inherit root's environment. So...
you would type
sudo -i smartcash-cli getinfo
Basically any command you want to run as root type
sudo -i <command>