Enhance Your Node Security

Have you ever experience bandwidth usage spike alert? monthly bandwidth usage exceeded?
On of the reason is maybe your node is under DDOS or hacker attack.
You can check login attempts by command: journalctl -u ssh. If you see a long list, then you may want to consider to increase your node security.

Although there is basically nothing to be stole from your node, it is always a good practice to make your node more secure. This will save your monthly bandwidth as well so you do not need to pay more for your VPS.

I would like to share my practices in making my nodes more secure. This may sound over-protected, but, why not.

  1. Login with SSH key only

  2. Prohibit root login with password

    sed --in-place 's/#PermitRootLogin.*/PermitRootLogin prohibit-password/g' /etc/ssh/sshd_config
  3. Change default SSH Port to other numbers (default = 22)

    sshport="<your new sshport>"
    sed --in-place "s/#Port 22.*/Port "$sshport"/g" /etc/ssh/sshd_config
  4. Activate Firewall
    This action is included if you use installation tool ALLinONE-nknode from no112358
    However you need to change firewall to allow your new SSH port and disable the default one.

    ufw allow "$sshport"
    ufw delete allow 22
    ufw reload
  5. Install Fail2ban

    #Install fail2ban
    apt-get update && apt-get upgrade
    apt install fail2ban -y
  6. Install unattended-upgrades (auto-upgrade) for security packages. I choose weekly because I dont want to interrupt mining too often.

    #Install unattended-upgrades
    apt install unattended-upgrades
    #Change upgrade schedule to weekly
    cat > /etc/apt/apt.conf.d/20auto-upgrades <<EOF
    APT::Periodic::Update-Package-Lists "7";
    APT::Periodic::Unattended-Upgrade "7";
    APT::Periodic::Download-Upgradeable-Package "7";
    APT::Periodic::AutocleanInterval "7";
    unattended-upgrades --dry-run --debug

If you want to try these out, please make sure you don’t lock yourself out!!
Always try to login before you close your working terminal after you change the setting.

Please share with me if you have suggestion to increase security.
Here is my NKN-commercial installation script if you want to have a look.

Good luck and Happy Mining.

1 Like

Hello @Durianpool !

thank for your explanations, security is an important topic and your advises are common sense!
I just have a question … I saw that your script is based on @no112358’s one … Wouldn’t you rather propose a commit on this one so it’s more convenient for new miners when it comes to easy install?

Also, if you agree, I would love to see your security tutorial in the wiki, linux install section!


I’ll check stuff out and try to incorporate them into my script. thanks for this

holy shit it took me waaay to long to set up SSH keys and figure out how to connect to the server after the deployment. Now I know how to lol

This script works great!