By lab | January 15, 2018
So, you are being awesome and contributing to the Monero network by running a full node. Now it’s time to ensure that it keeps running. Hardening a public facing server is best practice, regardless of the services provided, but is especially important when that service may control cryptocurrency.
Analyzing internet traffic indicates that there are numerous automated scanning tools scouring the internet for servers running cryptocurrency and other blockchain software. Luckily, there are tools available to make your server more resilient.
First and foremost, ensure you are downloading the software from a legitimate source. The official sources for the precompiled binaries are:
- getmonero.org: https://getmonero.org/downloads/
- Github: https://github.com/monero-project/monero/releases
and for the source code: - Github: https://github.com/monero-project/monero
In any instance (and especially if you choose to obtain the software from another source) ensure you verify the hash against the one provided for your respective distro.
For example, the hash for 0.12.3.0 Lithium Luna Linux CLI tools is
72fe937aa2832a0079767914c27671436768ff3c486597c3353a8567d9547487 as indicated on the getmonero.org download page.
To compare your tar (in this instance the
linux64 tar file downloaded)
It’s common to run a Monero node on a remote server, for example a Virtual Private Server from AWS or DigitalOcean. In this case, you will likely be using SSH to remotely connect to the node. There are several steps you can do to improve the security of the SSH enabled host.
Modify the SSH port
While security through obscurity is really not security, modifying the default port will reduce the load on your box and minimize log analysis.
/etc/ssh/sshd_config file to change the port.
Make sure you restart the
systemctl restart sshd
Next time you connect, make sure you specify the new port. For example if your node is at
ssh -p 43210 firstname.lastname@example.org