Hop
Search…
Hop
Welcome
JS SDK
Hop Node
Getting started
Requirements
Configuration
Keystore
Staking
Installing Docker
Docker image
Running Docker container
EC2 Setup
Monitoring
Docker CloudWatch Logs
Prometheus Monitoring
AWS Parameter Store Setup
Running in Production
Securing Cloud Instance
Securing Server
SSH 2FA
Additional Security & Node Best Practices
CLI Commands
Contract State
Additional questions
TheGraph Subgraphs
Contract Addresses
Smart Contracts
RPC Endpoints
Fee Calculation
On the web
FAQ
Assets
Powered By
GitBook
Securing Server
Things you can do to secure your server running the Hop Node
These are some things you can do to secure an Ubuntu server.
These are examples and it's recommended that do your own research to know what's best for your own server.
Create new user instead of using default user
Create a non-root user with sudo privileges
1
sudo
useradd
-m -s /bin/bash alice
2
sudo
passwd
alice
3
sudo
usermod
-aG
sudo
alice
Copied!
Copy authorized SSH hosts to new user
1
su
- alice
2
sudo
cp
-r /home/ubuntu/.ssh .ssh
3
sudo
chown
-R alice:alice .ssh
Copied!
Delete default user
1
sudo
deluser --remove-home ubuntu
Copied!
Disable SSH root login
Edit SSH configuration
1
sudo
vim
/etc/ssh/sshd_config
Copied!
In
sshd_config
file, make sure to have the following settings:
1
PasswordAuthentication no
2
ChallengeResponseAuthentication no
3
PermitRootLogin prohibit-password
4
PermitEmptyPasswords no
Copied!
Verify changes and reload service
1
sudo
sshd -t
2
sudo
service
ssh
reload
Copied!
Only allow specific users for SSH
Edit SSH configuration
1
sudo
vim
/etc/ssh/sshd_config
Copied!
Edit or add
AllowUsers
with space separated usernames
1
AllowUsers alice
Copied!
Reload SSH service
1
sudo service ssh reload
Copied!
Disable root account
Disabling the
root
user account is a good idea
1
sudo
passwd
-l root
Copied!
Install fail2ban
Installing fail2ban will block out anyone who fails to repeatedly log in
1
sudo
apt
update
2
sudo
apt
install
fail2ban -y
Copied!
Edit configuration file
1
sudo
vim
/etc/fail2ban/jail.conf
Copied!
Make sure to have these settings in
jail.conf
1
ignoreip = 127.0.0.1/8 ::1
2
3
[sshd]
4
enabled = true
Copied!
Restart services and show status
1
sudo
service
fail2ban restart
2
sudo
service
fail2ban status
Copied!
Firewall
All incoming connections can be disallowed. Only outgoing connections need to be allowed.
For example, if using
UFW
1
systemctl start ufw.service
2
systemctl
enable
ufw.service
3
4
sudo
ufw default deny
5
sudo
ufw allow
"22/tcp"
# allow SSH port
6
sudo
ufw disable
# must disable and enable to apply changes
7
sudo
ufw
enable
8
sudo
ufw status
Copied!
Add SSH 2FA
Check out the link below
SSH 2FA
Previous
Securing Cloud Instance
Next
SSH 2FA
Last modified
7mo ago
Copy link
Contents
Create new user instead of using default user
Disable SSH root login
Only allow specific users for SSH
Disable root account
Install fail2ban
Firewall
Add SSH 2FA