Install Linux (ubuntu: ethonaram) - Ajay1559/rocketpool-on-arm GitHub Wiki

Quick Start: Follow the steps here

1. Get your hardware (Pi 4 8GB/16GB, MicroSD, 2TB USB 3.0 SSD, etc.)
2. Download and flash the image into a MicroSD card
3. Connect the SSD and the Ethernet cable & power on the device
4. Let it run for at least 15 minutes to an hour
   • Run updates: sudo apt update && sudo apt list --upgradable
     • sudo apt upgrade -y
   • Update hostname: hostnamectl set-hostname [new_hostname] or sudo vi /etc/hostname
   • Update timezone: timedatectl set-timezone [Region/City] or sudo rm -rf /etc/localtime && sudo ln -s /usr/share/zoneinfo/[target_timezone] /etc/localtime

SSH setup

Generate keys

1. Generate an Ed25519 SSH key:
   • ssh-keygen -t ed25519 -C "[your_email_here]"
   • ssh-copy-id -i $HOME/.ssh/id_ed25519.pub [email protected]
     • OR add/create file /home/ethereum/.ssh/authorized_keys
2. sudo vi /etc/ssh/sshd_config
   • Port [random_port_#]
   • PasswordAuthentication no
   • PermitRootLogin no
   • KbdInteractiveAuthentication no (replaces deprecated ChallengeResponseAuthentication)

SSH Config file

• HowTo use ssh config file
• touch ~/.ssh/config
• chmod 600 ~/.ssh/config

~/.ssh/config:

Host [target_name]
    HostName 192.168.x.x

Host *
    User [username]
    Port [random_port_#]
    IdentityFile ~/.ssh/id_ed25519

SSH Tunnels with systemd

• HowTo use ssh tunnels
• HowTo ssh tunnel as systemd service
• Check open ports: ss -ltnp

/etc/systemd/system/[email protected]:

[Unit]
Description=Setup a local tunnel to %I
After=network-online.target

[Service]
EnvironmentFile=/etc/default/secure-tunnel@%i
ExecStart=/usr/bin/ssh -o ServerAliveInterval=60 -o ExitOnForwardFailure=yes -nNT -L ${LOCAL_PORT}:localhost:${REMOTE_PORT} ${TARGET}
Restart=always
RestartSec=10
User=ethereum

[Install]
WantedBy=multi-user.target

/etc/default/secure-tunnel@{target_name}:

TARGET=[target_name]
LOCAL_PORT=[port]
REMOTE_PORT=[port]

---

Default service ports for reference:

• lighthouse -> geth: 8551
• validator -> geth: 8545
• validator -> lighthouse: 5052
• beacon -> mev-boost: 18550

Monitoring via SSH tunnel

To access Prometheus/Grafana running on the node from another machine without opening firewall ports, use an SSH tunnel:

ssh -N \
  -L 9100:localhost:9100 \
  -L 6060:localhost:6060 \
  -L 5054:localhost:5054 \
  -L 5064:localhost:5064 \
  [email protected]

Or use autossh for a persistent tunnel — see the Install Geth & Lighthouse services page for details.

Overclocking Pi

• https://docs.rocketpool.net/guides/node/local/prepare-pi.html#overclocking-the-pi

Securing the node

• https://docs.rocketpool.net/guides/node/securing-your-node.html
• https://github.com/imthenachoman/How-To-Secure-A-Linux-Server