Remark: The deb installer will automatically create a `_loki` and a `_lokinet` user with a shared `_loki` group. They will be listed as unprivileged accounts that exists only to run loki/oxen services.
Maybe these names will be changed in further releases due to the renaming of LOKI to OXEN. You can briefly check the names in the terminal with `compgen -u`.
Remark: There is also non-debian installer available: https://github.com/hesiod-project/oxen-rancher. Hereafter, the guide is tested with the deb installer only. Nevertheless, it should work with both versions just verify carefully the firewall settings ([UFW](http://8bb19w1gugu7yq3cyck63gbo18udodab1b6zr1uykdphm37ushco.loki/whoami/VPS_LokiServiceNode_Hardening/wiki/This-guide-should-help-new-users-to-secure-%22harden%22-their-Loki-Service-Node.#3-firewall)).
Remark: There is also non-debian installer available: https://github.com/hesiod-project/oxen-rancher. Hereafter, the guide is tested with the deb installer only. Nevertheless, it should work with both versions just verify carefully the firewall settings ([UFW](http://8bb19w1gugu7yq3cyck63gbo18udodab1b6zr1uykdphm37ushco.loki/whoami/Oxen-Service-Node-VPS-Hardening/wiki/This-guide-should-help-new-users-to-secure-%22harden%22-their-Oxen-Service-Node.#3-firewall)).
-----
# Content
1. [System update and auto-update](http://8bb19w1gugu7yq3cyck63gbo18udodab1b6zr1uykdphm37ushco.loki/whoami/VPS_LokiServiceNode_Hardening/wiki/This-guide-should-help-new-users-to-secure-%22harden%22-their-Loki-Service-Node.#1-system-update-and-auto-update)
1. [System update and auto-update](http://8bb19w1gugu7yq3cyck63gbo18udodab1b6zr1uykdphm37ushco.loki/whoami/Oxen-Service-Node-VPS-Hardening/wiki/This-guide-should-help-new-users-to-secure-%22harden%22-their-Oxen-Service-Node.#1-system-update-and-auto-update)
9. [Special: Qubes OS - split SSH qube](http://8bb19w1gugu7yq3cyck63gbo18udodab1b6zr1uykdphm37ushco.loki/whoami/VPS_LokiServiceNode_Hardening/wiki/This-guide-should-help-new-users-to-secure-%22harden%22-their-Loki-Service-Node.#9-special-qubes-os---split-ssh-qube)
9. [Special: Qubes OS - split SSH qube](http://8bb19w1gugu7yq3cyck63gbo18udodab1b6zr1uykdphm37ushco.loki/whoami/Oxen-Service-Node-VPS-Hardening/wiki/This-guide-should-help-new-users-to-secure-%22harden%22-their-Oxen-Service-Node.#9-special-qubes-os---split-ssh-qube)
@ -53,7 +53,7 @@ Needless to say, if you are familiar with “server hardening” you can add add
Remark:
Regardless of your security implementation it is always highly recommended to **backup your VPS before doing any major changes to your system**. Normally, this should be done with two clicks in the VPS control panel. To setup such a VPS recovery point just look for ‘backup’ or ‘snapshot’.
If you want to want a quick go-through you can directly jump to the [Express Guide](http://8bb19w1gugu7yq3cyck63gbo18udodab1b6zr1uykdphm37ushco.loki/whoami/VPS_LokiServiceNode_Hardening/wiki/This-guide-should-help-new-users-to-secure-%22harden%22-their-Loki-Service-Node.#express-guide) (time: approx. XX min).
If you want to want a quick go-through you can directly jump to the [Express Guide](http://8bb19w1gugu7yq3cyck63gbo18udodab1b6zr1uykdphm37ushco.loki/whoami/Oxen-Service-Node-VPS-Hardening/wiki/This-guide-should-help-new-users-to-secure-%22harden%22-their-Oxen-Service-Node.#express-guide) (time: approx. XX min).
Hereafter,
* ***username*** stands for your username on your Loki service node
@ -217,7 +217,7 @@ sudo ufw reload
## 3.1 Firewall - Switch SSH port
Optionally: ssh default port is 22 so if you start from a freshly installed Ubuntu you can just proceed. If you want to switch the ssh port you have to explicitly allow this port to get your ssh connection established. If you want to use the default port you can directly move to [4. SSH Keys](http://8bb19w1gugu7yq3cyck63gbo18udodab1b6zr1uykdphm37ushco.loki/whoami/VPS_LokiServiceNode_Hardening/wiki/This-guide-should-help-new-users-to-secure-%22harden%22-their-Loki-Service-Node.#4-ssh-keys).
Optionally: ssh default port is 22 so if you start from a freshly installed Ubuntu you can just proceed. If you want to switch the ssh port you have to explicitly allow this port to get your ssh connection established. If you want to use the default port you can directly move to [4. SSH Keys](http://8bb19w1gugu7yq3cyck63gbo18udodab1b6zr1uykdphm37ushco.loki/whoami/Oxen-Service-Node-VPS-Hardening/wiki/This-guide-should-help-new-users-to-secure-%22harden%22-their-Oxen-Service-Node.#4-ssh-keys).
Following the guidance of ICAAN (Internet Corporation for Assigned Names and Numbers) we should pick a number between 49152 and 65535.
@ -338,7 +338,7 @@ You should see your **private** ssh key, named **lokisn_key** and your **public*
Remark: If you use a ssh-agent like [Special: Qubes OS - split SSH qube](http:/http://8bb19w1gugu7yq3cyck63gbo18udodab1b6zr1uykdphm37ushco.loki/whoami/VPS_LokiServiceNode_Hardening/wiki/This-guide-should-help-new-users-to-secure-%22harden%22-their-Loki-Service-Node.#9-special-qubes-os---split-ssh-qube) you need to set an additional `-f` before `-i`.
Remark: If you use a ssh-agent like [Special: Qubes OS - split SSH qube](http:/http://8bb19w1gugu7yq3cyck63gbo18udodab1b6zr1uykdphm37ushco.loki/whoami/Oxen-Service-Node-VPS-Hardening/wiki/This-guide-should-help-new-users-to-secure-%22harden%22-their-Oxen-Service-Node.#9-special-qubes-os---split-ssh-qube) you need to set an additional `-f` before `-i`.
Afterwards you will ask to enter your **username password** (**not** the key passphrase).
