Secure Your SmartCash SmartNode VPS on Ubuntu 16.04 with a Mac Wallet v1.0

in smartcash •  last year

Secure Your SmartCash SmartNode VPS on Ubuntu 16.04 with a Mac Wallet v1.0

Mac 10.13.2 (Local Wallet)
Ubuntu 16.04 LTS x64 (VPS smartnode)
Date 29/1/2018
By @controllinghand
Donation to my Smartcash: SebFkuHrqDnj3obXvMtfxtQKRgFeVpXF5x

Introduction

This guide assumes that you have already configured your SmartNode using the following guide

https://steemit.com/smartcash/@controllinghand/smartcash-smartnode-setup-guide-v1-4-mac-version-with-smartnode-checks-and-anti-ddos-optional-bootstrap

https://forum.smartcash.cc/t/smartcash-smartnode-setup-guide-v2-1-mac-version-quick-setup/3022

This section will guide you through disabling ssh access for root and creating a smartadmin user that will have access via ssh with the keys controlled on your MAC.

Section 1: Add the smartadmin user

  1. ssh into your VSP
    Once you have logged back in let us create a new user (I used “smartadmin”) with the command
    adduser smartadmin
  2. Enter the details for a password and keep it safe.
  3. You can enter the optional information but it is not necessary so you can just skip it by pressing enter.
  4. Type Y for the questions “Is this information correct” and press enter.
  5. Give the smartadmin the ability to elevate the user privileges when needed by adding the user to the sudo group with the command
    gpasswd -a smartadmin sudo

Section 2: install the firewall and set it up

  1. Let us install the firewall with
    apt-get install ufw
  2. Open up the correct ports for the SmartNode to function later.
    ufw allow ssh/tcp
    ufw limit ssh/tcp
    ufw allow 9678/tcp
    ufw logging on
    ufw enable
  3. Check the status of the firewall with
    ufw status
  4. reboot
    reboot

Section 3: Setup ssh on local MAC and send keys to VPS server

  1. Let us create the ssh key on the local MAC
    (!) WARNING if you are doing multiple smartnodes you can skip this step, if you already performed this for your 1st smartnode. Do not overwrite your .ssh/id_rsa. (!)
    ssh-keygen -t rsa -b 2048
    It will offer to save the file in the default location:
    /Users/youname/.ssh
    Press Enter to Accept Defaults.
    Create a Passphrase.
    Enter the Passphrase Again.
    Remember this Passphrase as you will need it to log in to all your ssh hosts going forward.
  2. Secure copy the pub key to the VPS server
    First make a directory for the .ssh keys on the VPS server.
    ssh smartadmin@VPS-IP 'mkdir ~/.ssh'
  3. Now copy the keys over from the MAC to the VPS
    scp ~/.ssh/id_rsa.pub smartadmin@VSP-IP:~/.ssh/authorized_keys
    now set the permission correct on the authorized_keys
    ssh smartadmin@VSP-IP 'chmod 600 ~/.ssh/authorized_keys'
  4. Now to disable root access for ssh
    ssh into your VSP
    ssh root@VSP-IP
    edit the sshd config file
    pico /etc/ssh/sshd_config
    Scroll down the file till you see PermitRootLogin yes and change it to no

    Scroll down to PasswordAuthentication and make sure it has no character in front and says no (check screenshot)

    Now press CTRL + x to close.
    “Save modified buffer?” will appear at the bottom.
    Press Y to save.
    Hit Enter to confirm the filename to save as.
    Now it is time to restart the ssh service, so the changes become active.
    systemctl reload sshd

    reboot
  5. Validate root doesn't have access and login in with smartadmin user
    ssh root@VSP-IP
    You should get Permission denied (publickey)

Note: when it asks for your Enter passphrase for key it is not the root password or smartadmin password, it is the passphrase you used to create the ssh key

Now login with smartadmin
ssh smartadmin@VSP-IP

Important note

To issue commands like smartcash-cli getinfo you need to inherit root's environment. So...
you would type sudo -i smartcash-cli getinfo
Basically any command you want to run as root type sudo -i <command>

This completes the guide to make your SmartNode more secure

Authors get paid when people like you upvote their post.
If you enjoyed what you read here, create your account today and start earning FREE STEEM!
Sort Order:  

Thank you, very helpful. One question: will these configurations have any influence on other proof of stakes that I plan to do on my mac?
The reason I ask is because we only have to do this to one smartnode, not to all.. So maybe there are permanent things... Sorry the noob question

·

Exactly. The ssh key on your mac can be used for all of your VPS SmartNode. For your 2nd+ smartnodes you can do all the step except you skip Section 3:Step1. Let me know if that made sense?

·
·

Thank you for your answer. I think I expressed myself a bit wrong. I mean does it will have influence on other coins that I plan to do proof of stake with? For example, in the future OMG will also have proof of stake and I will probably have to use the terminal to do it. Will it affect the way I have to configure the OMG proof of stake?

·
·
·
·
·
·
·

Thanks!

·
·
·
·
·

One more question sir, should I backup my ssh key on the folder /Users/youname/.ssh?
If something happens to my computer I must have a backup of this?
Thanks!!

Another helpful article. Thanks

·

Thanks

nice post!!! keep helping the community bro

·

U2 my friend.