Server Setup
Before installing Sentinel Hub, prepare the host. Skip this section if you've already set up a Linux server you maintain elsewhere.
Requirementsβ
Home or Dedicated Serverβ
To run a Full Node, the recommended minimum hardware requirements are as follows:
- CPU: 8+ cores with a clock speed of 3.5 GHz or higher
- RAM: At least 32GB DDR4
- Storage: 500GB NVMe in RAID 1 configuration
- Bandwidth: Unmetered connection with a speed of 1Gbps
- Operating System: Linux (Debian or Ubuntu preferred)
Change Root Passwordβ
Assuming you are logged into your server as root, first of all, let's change the root password and add a new one.
passwd root
Update the systemβ
apt update && apt upgrade -y
Install sudo package
apt install sudo
Create New Userβ
Creating a new user is crucial because you should avoid managing your full node under the root user account.
Our user will be named sentinel, and you will be asked to create a new password for this user.
adduser sentinel
Grant sudo access to sentinel user. Open the sudoers file
nano /etc/sudoers
Add the following line
sentinel ALL=(ALL:ALL) ALL
Switch to the newly created user
su - sentinel
SSHβ
To securely access your server, you will use an SSH connection.
Client Sideβ
If you don't already have one, generate an SSH key pair on your client
ssh-keygen -t ed25519
Navigate to the SSH directory, and you should see both the public and private SSH keys
ls -l .ssh/
total 2
-rw-------. 1 user user size Mar 12 18:08 id_ed25519
-rw-r--r--. 1 user user size Mar 12 18:08 id_ed25519.pub
Add your public SSH key to the authorized_keys file on your VPS to enable secure SSH connections. If you do not perform this step you will be locked out and unable to connect to your VPS as it will be refused!
ssh-copy-id -i ~/.ssh/id_ed25519.pub username@server_ip
Server Sideβ
If importing the SSH key fails, check if the .ssh/ directory exists on your server. If it doesnβt, create it along with the authorized_keys file by running the following commands:
mkdir -p ~/.ssh
chmod 700 ~/.ssh
touch ~/.ssh/authorized_keys
chmod 600 ~/.ssh/authorized_keys
After that, run the ssh-copy-id command again from your client.
To verify that your public key has been added on your server, run:
cat ~/.ssh/authorized_keys
For security purposes it is recommended to change the default port 22 to another one; let's say 2222. Check if the port is not already being used by another service
grep 2222 /etc/services
On your server machine, install the firewall and openssh
sudo apt install ufw openssh-server
If the port is not already being used by another service, you can add it to your firewall
sudo ufw allow 2222/tcp
Enable the firewall
sudo ufw enable
Check firewall status to see if the port has been enabled
sudo ufw status
Open the SSH config file
sudo nano /etc/ssh/sshd_config
Set the following fields
# For security purposes we want to use a port number which is not the default one 22
Port 2222
# Better disable root login via SSH. If needed better to switch to root once
# connected with a normal user
PermitRootLogin no
# Authentication with public key is preferred
PubkeyAuthentication yes
# Better not to use password authentication
PasswordAuthentication no
Reload and restart the ssh service
sudo systemctl daemon-reload
sudo systemctl enable ssh
sudo systemctl start ssh
sudo systemctl status ssh
Connect to your machine via SSH using the new port
ssh sentinel@machine_ip -p 2222