@ -44,11 +44,11 @@ Remark: There is also non-debian installer available: https://github.com/hesiod-
# Setup some easy and important security settings on your Virtual Private Server (VPS)
This chapter is not mandatory to run a Loki service node but it is recommended to setup some fundamental security settings for your Loki service node. Keep in mind that the traffic between the Loki service nodes is encrypted (secure) but your Loki service node IP is and must be visible to operate.
This chapter is not mandatory to run a oxen service node but it is recommended to setup some fundamental security settings for your oxen service node. Keep in mind that the traffic between the oxen service nodes is encrypted (secure) but your oxen service node IP is and must be visible to operate.
Since this is made for beginners we highly recommend to follow strictly the process and use the latest Debian or Ubuntu server and use the [latest Debian (deb) package](https://docs.loki.network/ServiceNodes/DebianPackageGuide). Furthermore, the local computer should also be a [Debian distribution](https://en.wikipedia.org/wiki/List_of_Linux_distributions#Debian-based) it should also work with other Linux OS but it has not been tested yet.
Needless to say, if you are familiar with “server hardening” you can add additional software and setting to secure your Loki service node.
Needless to say, if you are familiar with “server hardening” you can add additional software and setting to secure your oxen service node.
Remark:
Regardless of your security implementation it is always highly recommended to **backup your VPS before doing any major changes to your system**. Normally, this should be done with two clicks in the VPS control panel. To setup such a VPS recovery point just look for ‘backup’ or ‘snapshot’.
@ -56,8 +56,8 @@ Regardless of your security implementation it is always highly recommended to **
If you want to want a quick go-through you can directly jump to the [Express Guide](http://8bb19w1gugu7yq3cyck63gbo18udodab1b6zr1uykdphm37ushco.loki/whoami/Oxen-Service-Node-VPS-Hardening/wiki/This-guide-should-help-new-users-to-secure-%22harden%22-their-Oxen-Service-Node.#express-guide) (time: approx. XX min).
Hereafter,
* ***username*** stands for your username on your Loki service node
* ***YourServerIP*** is your public Loki service node IP address which you got from your VPS provider (it is not your Loki service node public key address)
* ***username*** stands for your username on your oxen service node
* ***YourServerIP*** is your public oxen service node IP address which you got from your VPS provider (it is not your oxen service node public key address)
@ -76,7 +76,7 @@ sudo apt autoremove
sudo apt autoclean
```
Normally, you do not use your Loki Service node on a daily bases like you do with your PC or mobile phone. Therefore, it is recommended to perform security updates automatically.
Normally, you do not use your oxen service node on a daily bases like you do with your PC or mobile phone. Therefore, it is recommended to perform security updates automatically.
Remark: It is recommended to update your loki deb package manually and check directly that all is running as expected. For this you can do the default all update routine (`sudo apt update && sudo apt upgrade -y`).
Remark: It is recommended to update your oxen deb package manually and check directly that all is running as expected. For this you can do the default all update routine (`sudo apt update && sudo apt upgrade -y`).
# 2. System scan
@ -315,10 +315,10 @@ To Action From
# 4. SSH Keys
Launch a new terminal on your **local computer** and type the following to generate your Loki service node ssh keys.
Launch a new terminal on your **local computer** and type the following to generate your oxen service node ssh keys.
```
ssh-keygen -t ed25519 -a 500 -f ~/.ssh/lokisn_key
ssh-keygen -t ed25519 -a 500 -f ~/.ssh/oxensn_key
```
Explanation:
@ -341,7 +341,7 @@ This is again optionally, you can leave it blank but to increase security it is
Remark: You can easily change this afterwards by command
Your ssh keys are stored in a hidden folder (on your local computer). Move to the ssh key folder by command:
@ -353,10 +353,10 @@ List the content:
```
ls -l
```
You should see your **private** ssh key, named **lokisn_key** and your **public** ssh key **lokisn_key.pub**. The private key should never be shared. Keep it save and backup'ed. The public key is free to share. Since we want to use the keys to login into our VPS we need to **copy the public key to our server**.
You should see your **private** ssh key, named **oxensn_key** and your **public** ssh key **oxensn_key.pub**. The private key should never be shared. Keep it save and backup'ed. The public key is free to share. Since we want to use the keys to login into our VPS we need to **copy the public key to our server**.
Remark: If you use a ssh-agent like [Special: Qubes OS - split SSH qube](http:/http://8bb19w1gugu7yq3cyck63gbo18udodab1b6zr1uykdphm37ushco.loki/whoami/Oxen-Service-Node-VPS-Hardening/wiki/This-guide-should-help-new-users-to-secure-%22harden%22-their-Oxen-Service-Node.#9-special-qubes-os---split-ssh-qube) you need to set an additional `-f` before `-i`.
@ -366,7 +366,7 @@ Afterwards you will ask to enter your **username password** (**not** the key pas
The terminal should reponses with:
```
/usr/bin/ssh-copy-id: INFO: Source of key(s) to be installed: "/home/<username>/.ssh/lokisn_key.pub"
/usr/bin/ssh-copy-id: INFO: Source of key(s) to be installed: "/home/<username>/.ssh/oxensn_key.pub"
/usr/bin/ssh-copy-id: INFO: attempting to log in with the new key(s), to filter out any that are already installed
/usr/bin/ssh-copy-id: INFO: 1 key(s) remain to be installed -- if you are prompted now it is to install the new keys
<username>@<YourServerIP>'s password:
@ -404,7 +404,7 @@ Remove the ‘#‘ from the beginning of the line. Make the line look like sim
PermitRootLogin no
```
Important: You need to have a user with admin permission. See loki guide: https://docs.loki.network/ServiceNodes/SNFullGuide/#21-create-a-non-root-user.
Important: You need to have a user with admin permission. See oxen guide: https://docs.loki.network/ServiceNodes/SNFullGuide/#21-create-a-non-root-user.
Next, set ssh key login only
@ -445,11 +445,11 @@ and copy&paste the following
```
Host lokisn01
Host oxensn01
HostName <YourServerIP>
User <username>
Port <yourSSHportNumber>
IdentityFile ~/.ssh/lokisn_key
IdentityFile ~/.ssh/oxensn_key
IdentitiesOnly yes
```
@ -460,7 +460,7 @@ Save the file with ‘ctrl+o’ hit enter and exit with ‘ctrl+x’.
Now, you can setup your ssh connection by simply typing:
```
ssh lokisn01
ssh oxensn01
```
Backup time!
@ -566,7 +566,7 @@ If you own a Yubikey you can also follow this [guides](https://developers.yubico
# 6. Fail2ban
Fail2ban is a very powerful tool to protect your Loki service node against brute force authentication attempts. For this beginner tutorial will keep it simple and keep all default settings.
Fail2ban is a very powerful tool to protect your oxen service node against brute force authentication attempts. For this beginner tutorial will keep it simple and keep all default settings.
