I am going through Coincashew’s guide and did the stake pool school. Using Azure, I have one VM for the core and one for the Relay (probably will add a third VM for second relay).
All ports are closed except the one connecting to my laptop and the core and relay VM have an open port between them. Both nodes are currently syncing with ETA of 2 days.
Some security aspects I still find odd however:
- How are my nodes syncing if I didn’t add any incoming rule for the nodes my relay connects to? (Outgoing is open)
- By having an open port between the core and the relay, couldn’t someone just SSH from my relay into the core node if I open incoming connections in the relay?
- Is there any way to prevent a DDoS on a single stake pool? It seems to me that having 2 relays can be targeted just as easily as one.
- Last one just to confirm: it’s often mentioned don’t put core and relay on the same host. Does that mean don’t put them on the same VM ,for example, (which I’m not doing) or don’t put them on the same VM host like Azure or AWS (which I am doing)
The air gapping is pretty clear to me and I clean installed Ubuntu on an old laptop with no wifi where I already generated some keys
Thanks for reading and happy operating/staking!