Security recommendations for running a node in massa


In this article we will address a very important aspect when running a Massa node, security.

Create a non-root user with sudo privileges

Access your server session using an account without root privileges, this way you will avoid accidentally deleting files or making other errors that compromise the system.

To do this, access SSH through root and perform the following steps:

For this example we will use a new user named massa.

 sudo useradd -m -s /bin/bash massa

Assign a password to your new user.

sudo passwd massa

Add user massa to the sudo group.

sudo usermod -aG sudo massa

Update the list of packages in the repositories

Repositories are the list of programs that Linux contains. It is VERY IMPORTANT to keep your system updated with the latest security patches to prevent malicious attacks. This way you will have a safe and reliable place from which to download the software. To update the list of repositories use the following commands.

To update the software lists in the repositories.

sudo apt update

To download the packages that are available.

sudo apt-get upgrade

Change the default listening port of the SSH service

The SSH client is a service that allows you to remotely control your server and access other computers, transmitting data over an encrypted channel. The default port used by SSH is 22 and it is frequently compromised by denial of service attacks. To avoid this you must change this port.
Modify the SSH configuration file.

See also  ORACLES, what are they and how do they work?
vi /etc/ssh/sshd_config

Type INSERT to be able to move around the file and edit it.
Use the keyboard arrows until you find the line and modify in:

“#Port 22”

Change the 22 to whatever port you want, removing the comment character #.¶

Port 49157

Use the ESC key, and then the following command to exit.


Next restore the SSH service.

/etc/init.d/ssh restart

Enable the Ubuntu UFW Firewall

UFW is one of the most popular Linux Firewalls. To install and configure it, follow these steps:

Install UFW from the Firewall.

sudo apt install ufw

Check the status of the Firewall.

sudo ufw status

Enable the SSH service.

sudo ufw allow "OpenSSH"

Enable the ports we need. ( do not forget to open the 31244 & 31245 to make the node routable )

sudo ufw allow 49157

List the applications allowed by the Firewall.

sudo ufw app list

Activate the Firewall.

sudo ufw enable

Install fail2ban

Fail2ban is an SSH login intrusion prevention application. It works by blocking unknown IP addresses that try to enter the system without authorization. It is recommended to use this program to protect against denial of service attacks and hacking of servers.

Install fail2ban.

sudo apt install fail2ban

Start the service.

sudo systemctl start fail2ban

Enable the service.

sudo systemctl enable fail2ban

Restores the service.

sudo systemctl restart fail2ban

Check the fail2ban logs.

sudo less /var/log/fail2ban.log

Original made by Cumulo for Massa Labs

To be aware of the project, you can subscribe to the following channels:

Telegram Massa Esp:

See also  Permanently set the speed and full duplex of my VPS or Dedicated server

Telegram oficial:

Discord Oficial:

Leave a Reply

Your email address will not be published. Required fields are marked *

Previous Post

Earn Mass Tokens : Testnet Program

Next Post

Spanish Crypto Exchange, Bit2Me hits the sky with Airdrop: 1 Million Participants in 72 Hours

Disclaimer : This website does not invite anyone to invest in the projects we are talking about. This is simple information about crypto projects that we find interesting.
Related Posts