In this chapter, you’ll learn how to upgrade all your applications on your operating system to ensure that the system is up to date, and how to install a firewall and secure ports.
First, we’re going to update and upgrade all our applications on our operating system to ensure that our system is up to date. Enter the command below in your terminal.
sudo apt-get update && sudo apt-get upgrade -y
Next, we’re going to install htop: an interactive system-monitor process-viewer, and process-manager. Enter the command below in your terminal.
sudo apt install htop
Once completed, we’re going to create a new user. You will be asked to choose a password for this new user. You can optionally enter full name, room number etc, to skip press enter every time. Enter the command below in your terminal.
Note: testnode should be changed with your personally chosen username.
adduser testnode
Next, we’re going to give this new user sudo privileges. Sudo is an acronym for superuser do, a command that runs an elevated prompt without a need to change your identity. Enter the command below in your terminal.
Note: testnode should be changed with your personally chosen username.
adduser testnode sudo
Now we’re going to configure the Secure Shell Protocol (SSH), which is a cryptographic network protocol for operating network services securely over an unsecured network. Enter the command below in your terminal.
sudo nano /etc/ssh/sshd_config
You can scroll down using the down key. Go to where it says #Port 22 and remove the # and enter a custom port between the range 1024 and 65535. For this guide, we chose 6677 as seen in the example below, where the green cursor is.
Next, we’re going to disable root login. Scroll down until you find the PermitRootLogin entry. Remove the yes and enter no instead as seen in the screenshot below.
Now, we want to save this setting. To do so, click on Control and x. Then y to confirm and lastly press enter to save.
You can further secure the SSH to your liking by checking this guide: 10 steps to properly secure your SSH server
You can optionally also add 2fa protection on the SSH connection for an additional strong security layer.
Next, we’re going to restart the SSH protocol. Enter the command below in your terminal.
systemctl restart ssh
Next, we’re going to check the status of the protocol, to check if it was configured properly. Enter the command below in your terminal.
systemctl status ssh
It will output the following, note that it should show your custom port. For this guide, we used 6677
Starting OpenBSD Secure Shell server…
Server listening on 0.0.0.0 port 6677.
Server listening on :: port 6677.
Started OpenBSD Secure Shell server.
Now we’re going to install and configure a firewall to make our system more secure and only allow connections from ports we’ll actually use. Enter the command below in your terminal.
sudo apt install ufw
Now we’re going to deny all incoming connections and later on only allow certain ports. Enter the command below in your terminal.
sudo ufw default deny incoming
Now we’re going to allow outgoing connections. Enter the command below in your terminal.
sudo ufw default allow outgoing
Now we’re going to allow connections on port 80. Port 80 is the port number assigned to the commonly used internet communication protocol, Hypertext Transfer Protocol (HTTP). It is the default network port used to send and receive unencrypted web pages. Enter the command below in your terminal.
sudo ufw allow 80
Now we’re going to allow connections on port 443. Port 443 is used for secure web browser communication, it is the standard port for Hypertext Transfer Protocol Secure (HTTPS), to send and receive encrypted web pages. Enter the command below in your terminal.
sudo ufw allow 443
Now we’re going to allow connections on port 9650. It’s a port used by the Metal node software that we’ll install later. Enter the command below in your terminal.
sudo ufw allow 9650
Now we’re going to allow connections on port 9651. It’s a port used by the Metal node software that we’ll install later. Enter the command below in your terminal.
sudo ufw allow 9651
Now we’re going to allow connections on port 1122. This port is used by the TCP/UDP protocol, to open and maintain connections etc. Enter the command below in your terminal.
sudo ufw allow 1122
Now we’re going to allow connections on port 3000. It’s a port used by the monitor software that we’ll install in the last chapter. Enter the command below in your terminal.
sudo ufw allow 3000
Now we’re going to allow connections on port 9090. It’s a port used by the monitor software that we’ll install in the last chapter. Enter the command below in your terminal.
sudo ufw allow 9090
Now we’re going to allow connections on our custom port we set up earlier. In this example, it’s port 6677. Enter the command below in your terminal.
sudo ufw allow 6677
Now that we configured all ports, we can enable the firewall. Enter the command below in your terminal.
sudo ufw enable
Now we’re going to check if we configured all ports properly. Enter the command below in your terminal.
sudo ufw status verbose
Verify if the output has all the ports configured correctly, including the custom port we’ve set up. If so, then you’ve successfully set up your machine. Next, we want to exit the session and out. Enter the command below in your terminal.
exit
Now that we’re logged out, we have to verify that we can log in under the newly created username, password, and new port. So make sure to enter your newly created username and custom port in the SSH tool.
If we’re able to successfully log in, it’s time to reboot the machine, so the firewall settings take effect. Enter the command below in your terminal.
sudo reboot
We are now ready to go to the next chapter and install the Metal node software.
You can always join the official Metal Blockchain Validator Telegram chat if you need more help or have more questions.