Secure your masternode with SSH key authentication
If you set up your CHC masternode using Max’s (@highoncoins) tutorial, you might have gotten a message like this:
“Last failed login: Thu Jul 20 20:27:36 UTC 2017 from 123.183.209.136 on ssh:notty
There were 213 failed login attempts since the last successful login.”
In case you haven’t guessed yet, that is someone trying to guess your password and gain access to your root account. Which is not difficult if you have a crappy password… But worry not!
Here is a simple solution using key-pair authentication:
On your local machine, open Terminal and type “ssh-keygen”. Press ‘enter’ twice.
- SSH into your masternode server and type “mkdir -p ~/.ssh && sudo chmod -R 700 ~/.ssh/”. Press ‘Enter’.
- On your local machine, type “scp ~/.ssh/id_rsa.pub root@000.000.000.000:~/.ssh/authorized_keys” (replacing 000.000.000.000 with the your masternode’s IP address). Press ‘Enter’.
- In your masternode server CLI, type “exit” and press ‘Enter’.
- SSH back into your masternode server and notice you didn’t need a password!
…you are still not quite safe, yet
6. In your masternode CLI, type “vi /etc/ssh/sshd_config” and press ‘Enter’
7. Using your arrow keys, navigate down to ‘PermitRootLogin’, move the prompt to the ‘y’ in ‘yes’, and type “cw”. Now type “without-password” and press ‘Esc’.
8. Go down to “#PubkeyAuthentication”, move your prompt over the “#” and press ‘x’.
9. Go down to “PasswordAuthentication” (without “#”), move your prompt over the ‘y’ in ‘yes’, and type “cw”. Now type “no” and press ‘Esc’.
10. Now type “:wq” to save and quit the text editor.
…one last step
11. Type “systemctl restart sshd” and press ‘Enter’.
Congrats! Now you are able to login to your server using key-pair authentication and those pesky hackers have no way to try brute-forcing your password.
