Setting up my node

Hi all
I am creating a thread to document my journey on getting an earth node up and running on my system, I am fairly tech savvy on the hardware side of things but not so much on the software side. This is going to be a steep learning curve for my but I’m fairly confident all will be ok after following the great guide here on worldmobileclub

My system specs are :

Asus maximus formula z690, LGA 1700 motherboard
Intel i9 12900k, 24 core CPU
64gb DDR5 Ram
RTX 3080Ti GPU
3 x nvme gen 4 ssd’s (2 x 250gb 1 x 4TB)
Fully water cooled using 2 x 420mm rads, 14mm hardline tubing, processor, VRM’s and GPU

Ubuntu 24.04.1 installed on one 250gb drive

2 Likes

So my first stumbling block seems be be with Tailscale
I have downloaded and created account using a new email address

Connected the server to it fine and also connected my iPhone to it fine

I can run the ping command and it works however when I try to connect using the ‘ssh root@ (my ip) it doesent connect
Or app on my phone is showing both connections active and also on the Tailscale connection view paconnections are active

First head scratching moment

Also on the initial set up says to set up two factor authentication… is that on my email or on my server or on Tailscale ?
Or am I just getting an authentication app on the desktop

Managed to install the ssh software and seem to have got further to the point where it says “warning permanently added xxxxxx
However it will not let me type my password ??
It asks for password but will not allow anything to be typed ?


The password I enter is correct however I just get permission denied

update: now reinstalled ubuntu to start from scratch again

1 Like

Hi James,

Congratulations on your setup! From the details you’ve shared, it looks solid and future-proof.

Two-factor authentication (2FA) can secure various aspects of your setup, including:

  • Your email account
  • Access to your server (via SSH)
  • Operations on your server (using sudo)

With Tailscale in your configuration, you’re securing your server by making it accessible only through Tailscale. This setup is quite secure, but it also means Tailscale becomes a critical point of vulnerability. Before accessing your server, Tailscale will likely require you to verify your identity by logging into your identity provider (e.g., Google, Apple). Therefore, the most important place to enable 2FA first is on your identity provider. I recommend using methods like OTP (one-time passwords) or hardware-based solutions like YubiKey for added security.

To address your first question:

“Also, the initial setup says to enable two-factor authentication… is that for my email, server, or Tailscale?”

Answer: It’s for your email (or identity provider). This step secures your login credentials used by Tailscale.

Regarding your second question:

“It won’t let me type my password. It asks for the password but doesn’t show anything being typed?”

When typing your password in the terminal, it’s normal for no characters to appear on screen. This is a security feature to prevent anyone from seeing what you’re typing. Simply type your password and press Enter. It will process your input even if it looks like nothing is happening.

Let me know if you have any further questions—happy to help!

1 Like

Thanks for the reply coffee, is much appreciated

Will get myself a yubikey to secure everything

Will start over again today to try and get Tailscale sorted, it wouldn’t let me connect to it from root yesterday… just said access denied when I ran the command : ssh [email protected]

Thanks again for taking the time to help me Coffee…
I’m fairly sure this thread will end up being quite lengthy but also sure it will help others that are not quite so knowledgeable

1 Like

Hi @JamesEN500,

When it comes to YubiKeys or any other hardware security keys, it’s best to purchase them directly from the manufacturer or a trusted source to ensure authenticity and security.

Regarding the ssh [email protected] command, it will only work if the IP address is correct & accessible and the root user exists. Typically, VPS providers like Hetzner or DigitalOcean create a root or admin user during the initial setup and provide you with a password. In cases where you configure the server yourself, Ubuntu prompts you to create a first user during setup, which becomes your root or primary user.

1 Like

so my progress so far i have listed in steps

  1. terminal - install curl version 8.5.0ubuntu10.4 to allow the curl tailscale command to download and install tailscale

  2. run the tailscale download command

  3. run : sudo tailscale up

  4. open the link and sign in with my google account on tailscale page on the browser

  5. click connect

  6. ‘success’ shows in my terminal and also my server name shows in ‘machines’ on tailscale page on the browser and also shows as connected

  7. run ‘sudo passwd root’ and set the new password for root account

  8. run ‘su -’ and new password and now logged into terminal as: root@EarthNode500:~#

  9. confirmed my ip address by using settings then wifi settings and its listed next to ipv4 address

  10. run the command ‘ssh [email protected]

now the terminal shows :
ssh: connect to host 192.168.0.150 port 22: connection refused

and thats as far as i can get at the moment, clearly im doing something wrong

wondering if i need to run the command: ```
sudo apt-get install openssh-server

1 Like

Hi @JamesEN500

Do you have 2 machines (your computer and your server) or only one computer?
Run ‘sudo passwd root’ is it on the server or local computer?

How did you install ubuntu and which version of ubuntu did you setup? Indeed the ssh service needs to run on the server (if not installed yet).

Have you modified the firewall on the server?

1 Like

Just to let you know, all your efforts and inputs are very much appreciated! Thank you so much for sharing your journey setting this up.

3 Likes

At the moment I have just the one machine which I want to run my earth node on

I will get a second laptop in the next couple weeks

I have installed Ubuntu 24.04.1 the latest LTS version I found
Maybe Ubuntu server would be better ?

I have not modified any firewall settings

Do you think I should now wait until I get my second pc ? Also my internet service provider is going to change in the next week or two to a much faster one so maybe I’m better to wait for now

Hi @JamesEN500 , thank you for the details.

  • If you plan to use this machine exclusively for running the EarthNode:
    • Stick with Ubuntu Server. It’s leaner, more secure by default, and better suited for server-specific tasks.
    • This would simplify securing the machine since there won’t be non-server-related processes.
  • If you want to use the machine for other tasks as well:
    • Be aware that this can increase security risks.
    • Take extra steps to isolate the EarthNode environment as much as possible.

The trouble you were encountering is because part of the guide assumes a setup with two devices: one as your everyday computer and the other as a dedicated server. This setup includes steps to secure the connection between the two devices and lock down the server to minimize its attack surface to a minimum.

Since you’re currently working with just one computer (both as your everyday machine and server), Tailscale and SSH aren’t necessary right now. Instead, you can manage everything locally by using a normal user account with sudo privileges for administrative tasks.

To make things easier and more tailored to your current setup, I can create a simplified guide specifically for a single-computer configuration. This will allow you to focus on securing the machine locally without worrying about remote connections for now?

Note: In a home setup, it’s essential to properly configure your router and firewall. You’ll need to allow specific incoming connections to enable your node to communicate with the network. However, it’s crucial to restrict access to only the necessary services required for the node’s operation. This minimizes the attack surface and ensures your system and rest of your network remains secure while functioning effectively.

Doh !!! Now I feel like a bit of an idiot

That makes more sense now !

I will NOT be using this pc as a server and everyday tasks, it will 100% be dedicated to the earth node and nothing else at all

I will get Ubuntu server installed for the time being and then maybe revisit the guide once I have my second machine

I don’t want you to write a single machine guide just on my account coffee… I already feel like I’m consuming a load of your precious time, however if you feel a single machine simplified guide would benefit others also then maybe it’s not a bad idea

I’ll start learning firewall and router settings over the next week or so, also I found a decent looking tutorial guide here below

Thank you so much @Coffee_WMTX

1 Like

System update :
Decided to get rid of the 4 x 16gb Ram modules and go with 2 x 32gb Kingston fury DDR5, now memory running at 5600 mhz with just xmp1 enabled in the bios

1 Like

Awesome on the upgrade!

I think I will also end up with a home server after all so looking into hardware options!

So I’m wondering for the second air gapped machine I’ll need, can this just be a fairly basic laptop ? As in not super high specs, just something I can install Ubuntu desktop on ?

Hi @JamesEN500,

There’s always an ideal setup, and then there’s the setup we have to compromise with. :blush:

In an ideal setup (based on Cardano—since we don’t know the specifics for WMT yet):

  • Air-gapped machine: This can be very basic but must remain super clean, never connected to the internet, and used exclusively for handling your keys (both hot and cold). You’d only perform key operations on this machine, and once finished, it should be turned off.
  • Server: This machine would be internet-accessible to communicate with other nodes. On the server, you would only use hot keys. In the event the server is compromised, your keys (eNFTs or WMTx) remain safe. However, a hacker could potentially manipulate your pool if he has access to the hot keys (fees, url and other attributes).

Since we don’t yet know how keys and EN authentication will work, I don’t want to lead you into buying unnecessary equipment. In short, the air-gapped machine can be very basic but maybe wait a bit longer before buying! For testing purposes, you can use your day to day computer fine. Just be careful with how you handle your wallet and keys, as you probably do already now!