Comment on page

Node Security

Below are general guidelines for reducing attack vectors over network:
Ensure unattended upgrades are enabled
Block all ports except required ones
Setup firewall via ufw or iptables
Optionally for cloud host, block ports via security group instead
SSH Port should be open to trusted IP addresses only
SSH login with password should be disabled, authenticate with a ed25519 key instead
For extra security, use a yubikey with ed25519-sk resident key
The exact steps are out of scope of this guide, please refer to other online sources or consult the community discord. Below are some good 3rd party guides for reference:
​UFW usage​
​Generate ed25519 SSH Key​
​Deploy SSH key to server​
​SSH Hardening​
The physical security of the host should be reviewed as well.
For validators, we encourage the use tmkms for improved signing security

Setup a node (mainnet / public testnet)

Setup on docker (Deprecated)

Last modified 1yr ago