Hardening your SmartNode
Most of the following changes are already covered by SmartNode Bash Scripts.
BE CAREFUL: Please do only apply changes illustrated below if you know what you are doing. Also make sure you have done a backup/snapshot of your VPS first, so that you are able to recover in case of an error.
The steps described in this section have been written to the advantage that they all can be applied separately.
Security Change your SSH port
Think of a number you want to use instead of the default SSH port number (22).
In this example we have chosen port number 15735. (But please make up your own!)
- Whitelist your custom ssh port with your VPS provider. The procedure depends on which service you are using. You have to basically login to your VPS web front-end, navigate to network security rules (or similar) and add a Custom TCP Rule which allows inbound connections to this specific port.
- Connect to your VPS with root credentials and add the custom ssh port to your firewall:
ufw disable
ufw allow 15735/tcp
ufw limit 15735/tcp
ufw logging on
ufw enable
If you used the SmartNode Setup Guide to begin with, this step is crucial.
- Change the default port number to the custom one in the SSH daemon:
pico /etc/ssh/sshd_config
Change the line Port 22
to your custom port, in this example Port 15735
and save.
- Recheck with
ufw status
and pico /etc/ssh/sshd_config
if your custom port changes have been applied.
- Reboot your server.
- Now connect to your VPS using your custom SSH port. If everything went fine, you can remove the default SSH port entrys from your firewall now:
ufw delete allow 22/tcp
ufw delete limit 22/tcp
- Reboot your server once again.
- Finally login to the web front-end of your VPS provider and remove the default SSH port 22 from the list of open ports (list where you added your custom port in step 1).
Stability Setup cronjobs to keep SmartNode always running
- Connect to your VPS with root credentials and create a directory for the cronjob scripts:
mkdir smartnode
cd ~/smartnode/
- Download the appropriate scripts (taken from the SmartNode Bash installer:
wget https://raw.githubusercontent.com/SmartCash/smartnode/master/makerun.sh
wget https://raw.githubusercontent.com/SmartCash/smartnode/master/checkdaemon.sh
- Give execute permission to the cron scripts:
chmod 0700 ./makerun.sh
chmod 0700 ./checkdaemon.sh
- Open crontabs with
crontab -e
and add the following lines to it:
@reboot smartcashd
*/5 * * * * ~/smartnode/makerun.sh
*/30 * * * * ~/smartnode/checkdaemon.sh
- Apply the cronjobs by reloading them with
/etc/init.d/cron reload
or service cron reload
Stability Setup cronjob to clear debug.log
This step is to prevent the debug.log from getting too large.
- Connect to your VPS with root credentials and create a directory for the cronjob script (if it not already exists):
mkdir smartnode
cd ~/smartnode/
- Download the appropriate script (taken from the SmartNode Bash installer:
wget https://raw.githubusercontent.com/SmartCash/smartnode/master/clearlog.sh
- Give execute permission to the cron script:
chmod 0700 ./clearlog.sh
- Open crontabs with
crontab -e
and add the following line to it:
0 0 */2 * * ~/smartnode/clearlog.sh
- Apply the cronjob by reloading with
/etc/init.d/cron reload
or service cron reload
Stability Set a Connection Limit
- Connect to your VPS with your smartadmin user and stop your SmartNode:
smartcash-cli stop
Open your smartcash.conf with pico ~/.smartcash/smartcash.conf
and add the following line:
maxconnections=64
- Restart your SmartNode:
smartcashd
Stability Allocating a Swap File
This step is especially recommended to those who run a VPS with less than 2 GB RAM.
- Make you sure you have at least 4 GB additional space to spare on your VPS.
- Connect to your VPS with root credentials and run the following commands:
fallocate -l 4G /swapfile
chmod 600 /swapfile
mkswap /swapfile
swapon /swapfile
- Open
pico /etc/fstab
and add the following line at the end of the file (press tab to separate each word/number):
/swapfile none swap sw 0 0
- Finally reboot your server, a 4 GB sized swap file should have been created.
SmartNode Hardening Guide written and maintained by nflaw. (Last updated: 2018-01-30)
SmartNode FAQ
What are the requirements to run a SmartNode?
- 100,000 SMART
- A computer for running a local wallet to start nodes and hold funds
- A VPS server for remote node running 24hrs/day with the following specs:
- 1GB or 2GB RAM (add 4GB swap if 1GB RAM selected)
- 20GB drive
- 1 Static IPV4 Address per node (IPV4 address that never changes) (No IPV6)
What is the ROI for SmartNodes?
Is there a install script for SmartNodes?
Yes, there is a bash installer for SmartNodes on Ubuntu. It comes with cronjobs to make sure that your node is always running and up-to-date as well as secure against DDoS attacks.
Please not that this installer is only suitable for a dedicated VPS. The anti-DDoS script in this installer will disable all ports including the HTTP, HTTPS and DNS ports. It will only leave the SmartNode port open as well as a custom port for SSH.
How long does it take for my SmartNode to change it's status from PRE_ENABLED to ENABLED?
It can take up to 30 minutes. If it takes longer than that you can run smartcash-cli smartnode status
and it will show you why it can't proceed.
If it turns to EXPIRED you have to check if there's something wrong with your setup.
Do I have to have the desktop wallet always on when running a SmartNode?
No, as soon as the SmartNode reached it's ENABLED status, you basically just have to make sure that you VPS keeps running. The software wallet enables you to monitor and re-enable your node.
When did SmartNode reward payments start?
SmartNode rewards were activated at block height 300,000 on Jan 31, 2018 5:25:00 AM UTC.
How are SmartNode reward payments determined?
Every SmartNode appears in the global list. Their position in this list is determined by the time from the last payment. New SmartNodes and SmartNodes that received a payment are placed at the end of the list. It is recommended to only use the command ‘start-missing' to start SmartNodes since it will only start nodes that need to be started. You can also use ‘start-alias’ and specify the specific node you want to start. The start-all command will reset the payment queue on any active nodes.
As SmartNodes are moved to the end of the global list, the remaining SmartNodes slowly migrate towards the top of the list. Once a SmartNode reaches the top 10% of the global list, it is eligible for selection from the selection pool. As an example, if there are 8000 active SmartNodes, the top 800 SmartNodes in the global list are eligible for selection.
Once in the selection pool, selection for payment is determined by the block hash and transaction ID which is used to randomly select the next node in the pool to pay.
How to ensure my SmartNode is eligible for reward payments?
- SmartNodes must have a unique SmartCash address per 100k collateral transaction.
- SmartNodes must have a unique static IPV4 address per smartnode the IP address needs to be the same as what is used in the smartnode.conf file.
- SmartNodes must run 24/7 and not stop for longer than 1 hour or they drop off the payment queue. Any transaction that sends from the specific 100,000 SMART collateral transaction will drop the node off from the payment queue.
- SmartNodes also qualify for SmartRewards. SmartRewards are paid on the 25th of each month as long as there has been over 1000 in an address and no transaction sent from that address from the previous 25th. Sending a smartnode payment from your wallet will disqualify rewards even if you don’t send from the 100,000 SMART collateral transaction.
Note: There is a
delay for first payment after the initial 100,000 smart collateral transaction. This delay is calculated by
(2.6 minutes) * (number of enabled nodes). After the first payment, the rewards are calculated as stated above.
Example: If I make my 100,000 smart collateral transactions to a new address for a fresh node with the current 8000 node count, it will take up to 14 days for the first reward. (Thanks to
allemeister for pointing this out.)
Node status error "Not capable smartnode: Smartnode not in smartnode list"
You most likely haven't applied the steps described in Section 9 of the Setup Guide correctly. The final steps after setting up the VPS are that you move to your desktop computer once again, edit the smartnode.conf there and finally start the node from your software wallet (SmartNodes tab).
Node status error "Not capable smartnode: Can't detect valid external address ...
Your hosting provider most likely doesn't support automatically assignation of the external IP or IPv4. This issue has been reported with AWS (Amazon Web Services), among others.
It can be solved by adding the following line to smartcash.conf on your VPS:
externalip=PUT_EXTERNAL_IP_OF_YOUR_NODE_HERE
Where do I get further support regarding SmartNodes?
Please visit us on Discord in the 🧠-smartnodes channel under "SmartCash Support", you can also post to the dedicated category on SmartCash Community Forums, follow SmartCash support on Twitter or consult our SmartCash support platform.
Frequently asked questions and answers on SmartNodes compiled from Discord by nflaw. (Last updated: 2018-02-11)