TAO'S MASTERNODE SETUP GUIDE FOR DUMMIES (UPDATE GUIDE UPDATED FOR 13.0)

TaoOfSatoshi

Grizzled Member
Jul 15, 2014
2,841
2,649
1,183
Dash Nation
www.dashnation.com
If you want to run it each boot:

Code:
crontab -e
...select editor if asked, nano is easiest...
add this to the end of the file:
Code:
@reboot /path/to/script.sh

Or just use ufw, far easier than iptables, here's the basics, you only need to do this once:
Code:
sudo apt-get install ufw (if needed, and you may need to 'sudo apt-get update' first as well)
sudo ufw allow ssh/tcp
sudo ufw allow 9999/tcp
sudo ufw logging on
sudo ufw enable
sudo ufw status
thelonecrouton flare So if I replace the IP tables in my guide with the ufw script EXACTLY as you have displayed it here, it will activate a firewall right away, and every time the VPS reboots? I only ask because you said "basics". I want to be sure on this one! Please advise.
 

thelonecrouton

Well-known Member
Foundation Member
Apr 15, 2014
1,135
813
283
thelonecrouton flare So if I replace the IP tables in my guide with the ufw script EXACTLY as you have displayed it here, it will activate a firewall right away, and every time the VPS reboots? I only ask because you said "basics". I want to be sure on this one! Please advise.
Yes, run once, it persists.

Here's the 'advanced' ufw setup, which also limits ssh connections to 6 every 30 secs:
Code:
sudo apt-get update
sudo apt-get install ufw
sudo ufw allow ssh/tcp
sudo ufw limit ssh/tcp
sudo ufw allow 9999/tcp
sudo ufw logging on
sudo ufw enable
sudo ufw status
Order of execution is important - don't enable ufw before you have allowed ssh/tcp, or you will lock yourself out mid process!
 
  • Like
Reactions: TaoOfSatoshi

TaoOfSatoshi

Grizzled Member
Jul 15, 2014
2,841
2,649
1,183
Dash Nation
www.dashnation.com
Yes, run once, it persists.

Here's the 'advanced' ufw setup, which also limits ssh connections to 6 every 30 secs:
Code:
sudo apt-get update
sudo apt-get install ufw
sudo ufw allow ssh/tcp
sudo ufw limit ssh/tcp
sudo ufw allow 9999/tcp
sudo ufw logging on
sudo ufw enable
sudo ufw status
Order of execution is important - don't enable ufw before you have allowed ssh/tcp, or you will lock yourself out mid process!
Thanks, I'm in the middle of editing right now, swing back later and tell me what you think. I'm going to give you full credit, thanks again!
 

g8F98FF3gjafogj4

Well-known Member
Foundation Member
Apr 8, 2014
151
84
188
Nice! Sorry to have been the nit picker on this but I think this is a lot better. Thanks Tao. I can't quite talk myself in to accepting a tip on this but I appreciate the offer, the other two do a hell of a lot around here and I'm sure deserve them. Thanks
 

cryptoyogi

New Member
Jun 9, 2014
18
18
3
Thanks for the guide, I think it is working correctly. If/when I get my first payment, I'll send some DRK your way.

If I want to setup a 2nd masternode, what would I have to do differently?
 
  • Like
Reactions: TaoOfSatoshi

TaoOfSatoshi

Grizzled Member
Jul 15, 2014
2,841
2,649
1,183
Dash Nation
www.dashnation.com
Thanks for the guide, I think it is working correctly. If/when I get my first payment, I'll send some DRK your way.

If I want to setup a 2nd masternode, what would I have to do differently?
See my post at the bottom of page 2 to set up another Darkcoin wallet on your PC. Then just follow my guide again using the .conf location from that post.

Any issues please post back, and your DRK love is appreciated...
 
  • Like
Reactions: cryptoyogi

jsp3cs15

New Member
Masternode Owner/Operator
Jun 21, 2014
37
14
8
Hey Tao,

How do i go about disabling / removing the old firewall.sh in your old guide for the firewall steps
 
  • Like
Reactions: TaoOfSatoshi

thelonecrouton

Well-known Member
Foundation Member
Apr 15, 2014
1,135
813
283
Hey Tao,

How do i go about disabling / removing the old firewall.sh in your old guide for the firewall steps
Well, rebooting your server would do it...

Thanks for the offer Tao but I don't deserve any tips! Send a bit to flare or UdjinM6 or someone instead if you like. :) Hopefully The Foundation will be up and running soon so we can direct a bit of funding there.
 
  • Like
Reactions: jsp3cs15

ErrorId

Member
Mar 9, 2014
158
41
88
Canada
Yes, run once, it persists.

Here's the 'advanced' ufw setup, which also limits ssh connections to 6 every 30 secs:
Code:
sudo apt-get update
sudo apt-get install ufw
sudo ufw allow ssh/tcp
sudo ufw limit ssh/tcp
sudo ufw allow 9999/tcp
sudo ufw logging on
sudo ufw enable
sudo ufw status
Order of execution is important - don't enable ufw before you have allowed ssh/tcp, or you will lock yourself out mid process!
Will this block everything but ssh and 9999 on all network interfaces or just one?
 

thelonecrouton

Well-known Member
Foundation Member
Apr 15, 2014
1,135
813
283
Will this block everything but ssh and 9999 on all network interfaces or just one?
No idea. :tongue:

I think it should be system-wide, but it might depend on how your VPS provider has configured stuff too, you could try something like 'sudo nmap -sT a.b.c.d' against your MNs to check?
 

jsp3cs15

New Member
Masternode Owner/Operator
Jun 21, 2014
37
14
8
Hey Tao,

I have trying to update from 10.15.16. to 10.16.16. but when i do a masternode list my IP is not showing up at all.

When I try and do a masternode start from the local wallet i get the error message: 'inbound port is not open. Please open it and try again.'

Any ideas?
 
  • Like
Reactions: TaoOfSatoshi
B

buster

Guest
You're most welcome! Remember to help out others if you get the chance...
Most certainly will be helping others out.

I have a question I want to ask without sounding like an idiot, maybe a few of you guys could help answer .

1) from the wiki page under "What happens if a masternode is hacked", it says "Do NOT allow root ssh access" - So don't login to the server using SSH with the root user right? Or am I reading this wrong?

2) from this guide under Part 1.2 "Disable Root Login and sudo to root" - the command is 'sudo passwd -l root' (this locks the root password), when you do this it makes it so that you can not login with the root user using the password, and considering you did not give root ssh access it would presumably make it so that the root account has no access to the server. My question is, before you do this is it necessary to give the 2nd user we created sudo powers?

3) Is it a good idea to set up google authenticator for 2fa server access, I saw two guides written about this and was wondering if that would be cool.

4) Should we disable the 2nd user password also, since this user can login using ssh?

One last thing, TAO, would you care if I took your guide and turned it into a easy to read html page? I can give you 100% full credit, and maybe it can go up on the darkcoin website. Lemme know if you would like that.
 
  • Like
Reactions: calnaughtonjnr

TaoOfSatoshi

Grizzled Member
Jul 15, 2014
2,841
2,649
1,183
Dash Nation
www.dashnation.com
Most certainly will be helping others out.


I have a question I want to ask without sounding like an idiot, maybe a few of you guys could help answer .


1) from the wiki page under "What happens if a masternode is hacked", it says "Do NOT allow root ssh access" - So don't login to the server using SSH with the root user right? Or am I reading this wrong?


2) from this guide under Part 1.2 "Disable Root Login and sudo to root" - the command is 'sudo passwd -l root' (this locks the root password), when you do this it makes it so that you can not login with the root user using the password, and considering you did not give root ssh access it would presumably make it so that the root account has no access to the server. My question is, before you do this is it necessary to give the 2nd user we created sudo powers?


3) Is it a good idea to set up google authenticator for 2fa server access, I saw two guides written about this and was wondering if that would be cool.


4) Should we disable the 2nd user password also, since this user can login using ssh?


One last thing, TAO, would you care if I took your guide and turned it into a easy to read html page? I can give you 100% full credit, and maybe it can go up on the darkcoin website. Lemme know if you would like that.
1) That is correct, use your personal user.

2) Yes, that is correct as well.

3) I don't have experience with that, let me know how it turns out!

4) No, as a potential attacker wouldn't know your personalized user. EVERY VPS comes with the Root user.

One last thing) HELL YEAH! I would like it all to be together in one SUPERGUIDE. (All of my guide posts together, so no need to click or search the thread. I would also like to post a copy on Get Into The Dark! when it's ready.

https://www.rebelmouse.com/GetIntoTheDark/

Please consider this my blessing to proceed!

Hope this helps.

Tao
 
  • Like
Reactions: calnaughtonjnr

jsp3cs15

New Member
Masternode Owner/Operator
Jun 21, 2014
37
14
8
What version is your local wallet?
10.16.16 as well.

I have also tried a masternode genkey to geneater a new master node private key and mandated both of my conf files. Still no success. Do u know if have to setup a new wallet with a new address?
 

aleix

Well-known Member
Foundation Member
Apr 4, 2014
144
135
193
Hey TAo!

I have a problem when i try to install joe (I did this before, so the problem is new)

I follow the guide to the letter, and then i type:

apt-get install joe

And this message appears:

E: Could not open lock file /var/lib/dpkg/lock - open (13: Permission denied)
E: Unble to lock the administration directory var/lib/dpkg/ - open (13:permission denied)

Can you help me? Tnks a lot!
 

UdjinM6

Official Dash Dev
Core Developer
Dash Core Group
May 20, 2014
3,639
3,537
1,183
Hey TAo!

I have a problem when i try to install joe (I did this before, so the problem is new)

I follow the guide to the letter, and then i type:

apt-get install joe

And this message appears:

E: Could not open lock file /var/lib/dpkg/lock - open (13: Permission denied)
E: Unble to lock the administration directory var/lib/dpkg/ - open (13:permission denied)

Can you help me? Tnks a lot!
you need root permissions to execute this, smth like that
Once you see a command prompt, you're going to visit good old ROOT again, ;), by entering the following command:

su -

Enter ROOT's ;) password which you created before.
 
  • Like
Reactions: drkhouse and aleix

Propulsion

The buck stops here.
Feb 26, 2014
1,008
468
183
Dash Address
XerHCGryyfZttUc6mnuRY3FNJzU1Jm9u5L
Don't you need to run "Masternode Debug" on the remote before doing "Masternode start" on the local?