Securing SSH Access to a Node on Cardano Mainnet (Ubuntu 20.04)

Fellow operators, here is a link to the first in a series on best-practices for running a stake pool. Please ask any questions you may have here. Cheers, Chris Graffagnino

Securing SSH Access to a Node on Cardano Mainnet

3 Likes

Thank you, Chris!

MASTR Rocks!

Thx, but I recommend not storing any of the ssh private keys on any Internet connected servers or desktops, what I do is I use a Ledger Nano as a deterministic ssh key storage by installing the SSH/PGP app on it. It works exactly the same as You would handle your wallets, it just expose the public key and only sign a request on the device that the user must accept. Even my pools op rewards and owner pledges (accessed by different PIN as plausible deniability) priv keys are on the same device though the others savings are on diff device. So, one 24-word phrase handles all pool ops related stuffs. Except the cold keys for which I created a BIP39 like tools to generatecold keys from a mnemonics for DR recovery purpose.

2 Likes

@_ilap could you elaborate on how you went about using BIP39 tools for generating cold keys in mnemonics please? Sounds like a fantastic idea.

Here comes: https://gist.github.com/ilap/8001dc5883d09088ee752bcf0f91be06

2 Likes