Mantra
Basic Security

Basic Security

To protect you keys please don`t share your privkey, mnemonic and follow a basic security rules

Setup ssh for side user replace YOUR_PUBLIC_SSH_KEY with your own!

command
sudo adduser side --disabled-password -q
sudo usermod -aG sudo side
sudo -u side bash -c 'mkdir -p ~/.ssh && echo "YOUR_PUBLIC_SSH_KEY" >> ~/.ssh/authorized_keys && chmod 700 ~/.ssh && chmod 600 ~/.ssh/authorized_keys'

Granting sudo privileges for side user

command
echo "side ALL=(ALL) NOPASSWD:ALL" | sudo tee -a /etc/sudoers

Disable root login, password auth, and enforce SSH key authentication

command
su - side -c 'sudo sed -i "s|^PermitRootLogin .*|PermitRootLogin no|" /etc/ssh/sshd_config'
su - side -c 'sudo sed -i "s|^ChallengeResponseAuthentication .*|ChallengeResponseAuthentication no|" /etc/ssh/sshd_config'
su - side -c 'sudo sed -i "s|^#PasswordAuthentication .*|PasswordAuthentication no|" /etc/ssh/sshd_config'
su - side -c 'sudo sed -i "s|^#PermitEmptyPasswords .*|PermitEmptyPasswords no|" /etc/ssh/sshd_config'
su - side -c 'sudo sed -i "s|^#PubkeyAuthentication .*|PubkeyAuthentication yes|" /etc/ssh/sshd_config'
sudo systemctl restart sshd

Configure firewall setting

command
sudo apt install -y ufw
sudo ufw default deny incoming
sudo ufw default allow outgoing
sudo ufw allow ssh/tcp
sudo ufw allow ${CUSTOM_PORT}656/tcp
sudo ufw enable

or You can use this guide to configure ssh authentication and disable password authentication on your server https://www.digitalocean.com/community/tutorials/how-to-set-up-ssh-keys-on-ubuntu-20-04 (opens in a new tab)

Install (with cosmosvisor)Cheat Sheet