Node Security

Below are general guidelines for reducing attack vectors over network:

Ensure unattended upgrades are enabled
Block all ports except required ones
- Setup firewall via ufw or iptables
- Optionally for cloud host, block ports via security group instead
SSH Port should be open to trusted IP addresses only
SSH login with password should be disabled, authenticate with a ed25519 key instead
- For extra security, use a yubikey with ed25519-sk resident key

The exact steps are out of scope of this guide, please refer to other online sources or consult the community discord. Below are some good 3rd party guides for reference:

UFW usage
Generate ed25519 SSH Key
Deploy SSH key to server
SSH Hardening

The physical security of the host should be reviewed as well.

For validators, we encourage the use tmkms for improved signing security

PreviousSetup a node (mainnet / public testnet)NextSetup on docker (Deprecated)

Last updated 2 years ago