Harden a Monero Node

By lab | January 15, 2018

So, you are being awesome and contributing to the Monero network by running a full node. Now it’s time to ensure that it keeps running. Hardening a public facing server is best practice, regardless of the services provided, but is especially important when that service may control cryptocurrency.

Analyzing internet traffic indicates that there are numerous automated scanning tools scouring the internet for servers running cryptocurrency and other blockchain software. Luckily, there are tools available to make your server more resilient.

Software installation

First and foremost, ensure you are downloading the software from a legitimate source. The official sources for the precompiled binaries are:

and for the source code: - Github: https://github.com/monero-project/monero

In any instance (and especially if you choose to obtain the software from another source) ensure you verify the hash against the one provided for your respective distro.

For example, the hash for 0.12.3.0 Lithium Luna Linux CLI tools is 72fe937aa2832a0079767914c27671436768ff3c486597c3353a8567d9547487 as indicated on the getmonero.org download page.

To compare your tar (in this instance the linux64 tar file downloaded)

sha256sum linux64

sha256sum validation

Harden SSH

It’s common to run a Monero node on a remote server, for example a Virtual Private Server from AWS or DigitalOcean. In this case, you will likely be using SSH to remotely connect to the node. There are several steps you can do to improve the security of the SSH enabled host.

Modify the SSH port

While security through obscurity is really not security, modifying the default port will reduce the load on your box and minimize log analysis.

Modify the /etc/ssh/sshd_config file to change the port.

ssh port

Make sure you restart the sshd service

systemctl restart sshd

Next time you connect, make sure you specify the new port. For example if your node is at 192.168.0.1

ssh -p 43210 user@192.168.0.1