SSH and VPN Tunnel
Having a remote blockchain node generally requires secure and persistent access during maintenance. This page covers the SSH service and VPN tunnels, essential tools for maintaining encrypted, remote connections to allow secure management, monitoring, and interaction with your node from anywhere in the world.
SSH Service
Open Secure Shell software allows secure communication and high-speed data transfer among two networked devices. It is a necessary tool for remote management, secure file transfer, and executing shell commands over an assured channel. In a blockchain context, running an OpenSSH server on one's node allows secure management from outside networks and is especially beneficial with cloud-based setups or when reaching the homenetwork while travelling.
| Feature | Description |
|---|---|
| Enables encrypted, remote access, which is crucial when your node is permanently hosted at home or on a cloud-based server but requires maintenance from a different location. | |
| Provides terminal-level management, perfect for minimal servers like Ubuntu that are primarily controlled via shell and don't have any peripherals connected to their machines. | |
| It uses public and private keys instead of passwords, making unauthorized access from anywhere in the world significantly more difficult, as only specific devices are allowed access. | |
| It offers strong support for secure tunnels, which allow users to reach other services, like RPC ports or local dashboards, using encrypted connections for data security and privacy. | |
| It works across all operation systems or even ARM-based devices. High interoperability allows unified access, even if you are restricted to devices while travelling. |
VPN Tunnel
A Virtual Private Network creates an encrypted tunnel between a remote device and your device even through untrusted networks like the internet or wireless hotspots. VPNs are beneficial when secure ongoing access to a server is needed without exposing it publicly and protect against:
- Spying on unencrypted traffic or packages
- IP-based censorship or filtering
- Geographic routing restrictions
- Unreliable or changing IP addresses
WireGuard
WireGuard is a next-generation VPN protocol that is a sophisticated virtual private networking technology. It is highly valued for its ease of use, strong security features, and high-speed performance.
| Feature | Description |
|---|---|
| Minimal configuration. Easier to set up and audit due to a smaller codebase compared to other VPN protocols. | |
| High-performance protocol using modern ChaCha20 cryptography with lower latency and better throughput. | |
| Strong encryption with Perfect Forward Secrecy while only built upon widely peer-reviewed protocols. | |
| Cross-platform support for Linux, Windows, macOS, iOS, Android, and routers. |
Tailscale
Tailscale is a free identity-based VPN service, simplifying the creation of secure peer-to-peer connections between devices without having to deal with additional keys, IP addresses, or firewall rules. Its well-suited at linking personal or team devices in one private network, without the need to open ports or manually operate a VPN protocol.
| Feature | Description |
|---|---|
| Authenticates users via Google, GitHub, or Microsoft to configure access rules aside of IPs. | |
| All connections are encrypted using the WireGuard protocol for performance and security. | |
| Uses NAT Traversal for direct streams to reduce latency behind behind intermediate firewalls. | |
| Devices are automatically assigned internal IPs and routing without manual setup. | |
| Web-based dashboard for monitoring, revoking access, and managing devices. | |
| Connect across Windows, macOS, Linux, Android or iOS using related clients or apps. |