Creating a Cardano Node

First create a new droplet on digital ocean.

Choose a hostname like "cardano-node-relay1"

Select backups when running live node

Log into your server via ssh with Terminal.app

ssh root@143.198.54.87 -p 22

The authenticity of host '164.92.85.5 (164.92.85.5)' can't be established.
ED25519 key fingerprint is SHA256:29tf+S+w0lQyRIAe6JjvXGxhCa0azD7DJUGMtgCQW20.
This key is not known by any other names
Are you sure you want to continue connecting (yes/no/[fingerprint])? yes

Create a user and give administrator privileges

sudo adduser cardano

sudo usermod -aG sudo cardano

sudo su - cardano

whoami

Check if we can execute commands with root privileges

sudo whoami

Add ssh keys to new user

mkdir -p ~/.ssh
touch ~/.ssh/authorized_keys
sudo nano ~/.ssh/authorized_keys
#paste public key into authorized_keys file
sudo chmod 700 ~/.ssh
sudo chmod 600 ~/.ssh/authorized_keys
sudo chown -R cardano:cardano ~/.ssh

Try logging in with new user

ssh -i ~/.ssh/id_rsa_digocean cardano@164.92.85.5 -p 22

Change port of ssh

sudo nano /etc/ssh/sshd_config
# uncomment Port 22
# change to 2288
# Move down to PermitRootLogin
# change to "no"
sudo systemctl restart sshd

Before closing the terminal window, open another one and test that you can login with the new port and user

ssh -i ~/.ssh/id_rsa_digocean cardano@164.92.82.5 -p 2288

Adding swap virtual memory

swapon -s

sudo fallocate -l 8G /swapfile

sudo chmod 600 /swapfile

sudo mkswap /swapfile
sudo swapon /swapfile

echo '/swapfile none swap sw 0 0' | sudo tee -a /etc/fstab

sudo swapon --show

sudo nano /etc/sysctl.conf

Save this file and exit. (Press CTRL + X, press Y and then press ENTER).

Add this to the bottom of the file. /etc/sysctl.conf

vm.swappiness=10
vm.vfs_cache_pressure=50

Save this file and exit. (Press CTRL + X, press Y and then press ENTER).

Update the server

sudo apt-get update -y
sudo apt-get upgrade -y

Installing the node with CNTOOLS

sudo ufw status 
sudo ufw allow proto tcp from any to any port 2288
sudo ufw allow proto tcp from any to any port 6000
sudo ufw enable

Install Google Authenticator

sudo apt install libpam-google-authenticator

google-authenticator

Press y for all after you have backed up the QR codes

modify the sshd_config file to allow 2Way authentication

sudo nano /etc/ssh/sshd_config 
ChallengeResponseAuthentication no 

Save this file and exit. (Press CTRL + X, press Y and then press ENTER).

sudo systemctl restart ssh

sudo nano /etc/pam.d/sshd

Paste this text at the end of the document

#One-time authentication via Google Authenticator
auth required pam_google_authenticator.so

Ctrl+x y Enter

sudo systemctl restart ssh

install fail2ban

sudo apt install fail2ban
sudo systemctl status fail2ban 

Build the nodes

follow the guide starting with "STEP 1 - downloading the prerequisites:"