Safety and Security
Venturing into the digital world and engaging in a crypto project can be thrilling, but following top security practices is essential. Here is a general guide to security and safety, including basic measures for securing servers and home PCs. Your adherence to these practices contributes to the stability of the Autonomys network and, of course, the safety of the community's cryptoassets.
Enjoy your Autonomys journey with peace of mind!
Wallet Security
-
Be sure to make the password long enough, combining both registers letters, numbers, and special characters. An 11-character password increases the bruteforce attack time to normally impossible limit. Take a look at passwords brutforce time illustrating table. However, even a complex password is not all, that is required for proper protection.
-
Avoid using common or easily guessed combinations of words or letters, as well as parts of your online data or reusing any of your existing passwords.
Weak password example:
S0methin9C00l!
Strong password example:
^p$O_~a!4h{G'9C*
-
Consider using a password manager to generate complex passwords and store them securely. There are plenty of password managers available. Ensure that the password manager of your choice stores data in encrypted form, boasts a robust password generator, receives positive reviews, and has a history of consistent updates. For example, well-regarded options include KeePass, Bitwarden, 1Password, LastPass, Dashlane, and Keeper. However, it's crucial to do your own research and consult ratings before making a decision.
-
Boost the security of your accounts by enabling 2FA (two-factor authentication) wherever possible. This extra layer of protection requires a second verification step, such as a code from a mobile app or hardware token, in addition to your passwords.
-
Do not share your 12-word seed phrase or private keys.
-
A hardware wallet is by far the most secure way to store your private keys. Unlike online exchanges and wallets, hardware wallets store the keys offline and protect from potential malware or hacking attempts. The most popular hardware wallets are Ledger and Tresor.
-
Back up your wallets by securely storing the backups offline or in an encrypted cloud storage. This guarantees that you can recover your funds in case of a device loss, damage, or theft. Many encrypted cloud storage services are available, such as Tresorit, pCloud, Sync.com, SpiderOak, and Mega (the order doesn't matter). However, always conduct your own research.
-
Keep all software up to date.
-
Be cautious of public Wi-Fi.
Community Security
Autonomys team members will never initiate direct messages with you.
Should you receive an unsolicited message, it's best to ignore it, block the sender, and promptly report the incident to our "scam report" channel.
Exercise caution with regard to phishing attacks. Do not click on links within our forum, Discord, or Telegram, unless those links have been shared by a trusted member of our team, such as ambassadors or staff. Scammers can create deceptive links that mimic legitimate websites, so it's advisable to scrutinize the message's author (on all the mentioned platforms) before clicking any links. Trust should generally be reserved for project team members, ambassadors, or highly reputable farmers.
Server Security
SSH RSA Keys-based Secure Authentication
Let's run through some basics.
SSH is a network protocol used for secure remote access to computer systems, cloud infrastructure, secure file transfer (SFTP), and tunneling. It's a fundamental tool for system administrators and developers. SSH uses the Diffie-Hellman algorithm for secure connections and authentication methods like password or SSH key pairs.
SSH Connection Establishment.
When a client initiates a TCP connection, the server responds with supported protocol versions and its public host key. Both parties negotiate a session key using the Diffie-Hellman algorithm to ensure secure communication. This session key encrypts the entire session.
User Authentication.
After establishing session encryption, user authentication begins. Password authentication involves securely transmitting the user's account password. SSH key pairs, consisting of public and private keys, are a recommended alternative for authentication. The client sends a key pair ID to the server, which checks for a matching public key. The server encrypts a random number with the public key, sends to the client, who decrypts it with the private key. The client computes an MD5 hash using the decrypted number and the shared session key, sending it back to the server for verification.
RSA encryption.
In RSA, encryption and decryption use different keys: the encryption key is public, and the decryption key is private. A user creates a public key based on two large prime numbers and an auxiliary value, while keeping the prime numbers secret. Messages can be encrypted with the public key but can only be decrypted by someone who knows the prime numbers.
Together, SSH and RSA provide secure, authenticated, and encrypted connections to protect sensitive information. To enhance security, though it is possible to create an SSH key with a passphrase.
Creating RSA Key Pair
To allow PublicKey authentication on your server, as root run:
vi /etc/ssh/sshd_config
PubkeyAuthentication no --> PubkeyAuthentication yes
systemctl restart ssh
Create RSA keys on a Home PC:
ssh-keygen
you will get two keys:
$HOME/.ssh/id_rsa
Your private RSA key to keep on local PC
$HOME/.ssh/id_rsa.pub
Your public RSA key to send to a server
Transfer RSA Keys to a Server:
sudo ssh-copy-id -p 12345 user_name@server-ip-addres
This utility specifically designed for copying SSH keys to a remote server.
It automatically handles the key placement and permissions on the remote server, making it more convenient.
Use -p
flag to specify not standard port, if you have changed it.
If you have created keys before, don't overwrite it! As you will not be able to authenticate using the previous key anymore. But you can keep them somewhere else and generate them next.
Alternative Ways to Transfer RSA Public key to a Remote Server:
If you have created keys before and store them elsewhere, you can use rsync to copy the contents of the public key from any other place to authorized_keys
by specifying the path to the keys:
sudo rsync -e "ssh -p 12345" ~/.ssh/user2/id_rsa.pub USER@SERVER_IP:~/.ssh/authorized_keys
Use -p
flag for specifying non-standard port
This command will create an .ssh dir on a server(or skip if it has) and add the keys to the end of authorized_keys
file:
cat ~/.ssh/id_rsa.pub | ssh username@remote_host "mkdir -p ~/.ssh && cat >> ~/.ssh/authorized_keys"