-- DISCLAIMER: By using this guide, you assume sole risk and waive any claims of liability against the author.
-- Note: This guide is for running a Cosmos Validator on a virtual private server (VPS), running Ubuntu 20.04.1 LTS
-- Note: This guide assumes your local machine is a Windows, but most instructions are executed on the remote (VPS) machine.
-- Note: anything preceded by "#" is a comment.
-- Note: anything all-caps in between "<>" is an instruction; e.g. "" might be "foo.txt".
-- Special thanks to Chris Graffagnino and others for sharing their knowledge of Linux and how to secure and hardening Linux

The world’s leading software development platform · GitHub

(If you do not have a ssh key on your computer)

From your local PC
Generate private & public keys (public key will have a ".pub" extension)
When prompted, name it something other than "id_rsa" (in case you're using that somewhere else)

ssh-keygen -t rsa

Lock down private key

chmod 400 ~/.ssh/<YOUR KEY>

Push key up to your box
See below if using Digital Ocean for vps

ssh-copy-id -i ~/.ssh/<YOUR KEYNAME>.pub root@<YOUR VPS PUBLIC IP ADDRESS>

ssh -i ~/.ssh/<YOUR SSH PRIVATE KEY> root@<YOUR VPS PUBLIC IP ADDRESS>

Change this to something identifiable to you

sudo hostnamectl set-hostname <NEW_HOSTNAME>

Edit the hosts file to add your new hostname to the 127.0.0.1. Replace the old hostname with the new one."

sudo nano /etc/hosts

Change the following line:

127.0.0.1 <OLD_HOST_NAME> to 127.0.0.1 SkyNet-Provider

Type ctrl+o to save, ctrl+x to exit

Reboot (You will be kicked off... wait a couple minutes before logging in)

reboot

useradd <USERNAME> && passwd <USERNAME>
usermod -aG sudo <USERNAME>

Give permissions to new user (please type sudo here... even as root user) sudo visudo

sudo visudo

Add entry for new user under "User privilege specification"

<USERNAME> ALL=(ALL:ALL) ALL

Add directory and permissions

mkdir /home/<USERNAME>

chown <USERNAME>:<USERNAME> /home/<USERNAME> -R

Copy pub key to new user

rsync --archive --chown=<USERNAME>:<USERNAME> ~/.ssh /home/<USERNAME>

Set new user's login shell to bash

chsh -s /bin/bash <USERNAME>

sudo apt update
sudo apt upgrade
sudo apt install jq
sudo apt install unzip
sudo apt install net-tools
sudo apt install -y build-essential libssl-dev

Note: there is also a file called "ssh_config"... don't edit that one

nano /etc/ssh/sshd_config

Find the line that says "# Port 22", change that to "Port <CHOOSE A PORT BETWEEN 1024 AND 65535>"
e.g. "Port 2222"

Type ctrl+o to save, ctrl+x to exit

Disable firewall

ufw disable

Set defaults for incoming/outgoing ports

ufw default deny incoming
ufw default allow outgoing

Open ssh port (We are only allowing connection from our own IP)

ufw allow from <IP you will login from> to any port <CHOOSE A PORT BETWEEN 1024 AND 65535 | Same port as above> proto tcp

Double-check the port you chose for ssh was the same as what you set in /etc/ssh/sshd_config

cat /etc/ssh/sshd_config | grep Port

Re-enable the firewall

ufw enable
ufw status verbose

Double-check your new user is in the sudo group

grep '^sudo:.*$' /etc/group | cut -d: -f4

If the above does not return the new username then run this command and repeat the grep:

usermod -aG sudo <USERNAME>

Reboot (You will be kicked off... wait a couple minutes before logging in)

reboot

ssh -p <SSH PORT> -i ~/.ssh/<YOUR SSH PRIVATE KEY> <USERNAME>@<YOUR VPS PUBLIC IP ADDRESS>

sudo nano /etc/ssh/sshd_config

(Change "PermitRootLogin" from "yes" to "no")

ctrl+o to save, ctrl+x to exit

Reboot (You will be kicked off... log back in)

reboot

The following is optional but will give your a colorful terminal window. Note for my Google Cloud instance, this was already there so just add the above two lines to the bottom of the .bashrc file:

# ~/.bashrc: executed by bash(1) for non-login shells.
# see /usr/share/doc/bash/examples/startup-files (in the package bash-doc)
# for examples

# If not running interactively, don't do anything
[ -z "$PS1" ] && return

# don't put duplicate lines in the history. See bash(1) for more options
# ... or force ignoredups and ignorespace
HISTCONTROL=ignoredups:ignorespace

# append to the history file, don't overwrite it
shopt -s histappend

# for setting history length see HISTSIZE and HISTFILESIZE in bash(1)
HISTSIZE=1000
HISTFILESIZE=2000

# check the window size after each command and, if necessary,
# update the values of LINES and COLUMNS.
shopt -s checkwinsize

# make less more friendly for non-text input files, see lesspipe(1)
[ -x /usr/bin/lesspipe ] && eval "$(SHELL=/bin/sh lesspipe)"

# set variable identifying the chroot you work in (used in the prompt below)
if [ -z "$debian_chroot" ] && [ -r /etc/debian_chroot ]; then
    debian_chroot=$(cat /etc/debian_chroot)
fi

# set a fancy prompt (non-color, unless we know we "want" color)
case "$TERM" in
    xterm-color) color_prompt=yes;;
esac

# uncomment for a colored prompt, if the terminal has the capability; turned
# off by default to not distract the user: the focus in a terminal window
# should be on the output of commands, not on the prompt
force_color_prompt=yes

if [ -n "$force_color_prompt" ]; then
    if [ -x /usr/bin/tput ] && tput setaf 1 >&/dev/null; then
        # We have color support; assume it's compliant with Ecma-48
        # (ISO/IEC-6429). (Lack of such support is extremely rare, and such
        # a case would tend to support setf rather than setaf.)
        color_prompt=yes
    else
        color_prompt=
    fi
fi

if [ "$color_prompt" = yes ]; then
    PS1='${debian_chroot:+($debian_chroot)}\[\033[01;32m\]\u@\h\[\033[00m\]:\[\033[01;34m\]\w\[\033[00m\]\$ '
else
    PS1='${debian_chroot:+($debian_chroot)}\u@\h:\w\$ '
fi
unset color_prompt force_color_prompt

# If this is an xterm set the title to user@host:dir
case "$TERM" in
xterm*|rxvt*)
    PS1="\[\e]0;${debian_chroot:+($debian_chroot)}\u@\h: \w\a\]$PS1"
    ;;
*)
    ;;
esac

# enable color support of ls and also add handy aliases
if [ -x /usr/bin/dircolors ]; then
    test -r ~/.dircolors && eval "$(dircolors -b ~/.dircolors)" || eval "$(dircolors -b)"
    alias ls='ls --color=auto'
    #alias dir='dir --color=auto'
    #alias vdir='vdir --color=auto'

    alias grep='grep --color=auto'
    alias fgrep='fgrep --color=auto'
    alias egrep='egrep --color=auto'
fi

# some more ls aliases
alias ll='ls -alF'
alias la='ls -A'
alias l='ls -CF'

# Alias definitions.
# You may want to put all your additions into a separate file like
# ~/.bash_aliases, instead of adding them here directly.
# See /usr/share/doc/bash-doc/examples in the bash-doc package.

if [ -f ~/.bash_aliases ]; then
    . ~/.bash_aliases
fi

# enable programmable completion features (you don't need to enable
# this, if it's already enabled in /etc/bash.bashrc and /etc/profile
# sources /etc/bash.bashrc).
#if [ -f /etc/bash_completion ] && ! shopt -oq posix; then
#    . /etc/bash_completion
#fi

Now lets configure our .profile/.bash_profile file. Good news, for my Google Could and Ubuntu 20.04 installation the file was already configured to call .bashrc. If not, just create the file and paste the following into it. You should create it in your $HOME directory:

To open/create the file

nano ~/.profile

# ~/.profile: executed by Bourne-compatible login shells.

if [ "$BASH" ]; then
  if [ -f ~/.bashrc ]; then
    . ~/.bashrc
  fi
fi

mesg n 2> /dev/null || true

To save the file:

CTRL+o and ENTER
CTRL+x

To enable the above:

source .profile  

GO -> Akash Validator Installation Guide OR other Cosmos Validator installation guide. Applicable to all Cosmos SDK Sentries/Validators