This guide is intended to help Windows users set up their Avalanche node on a Linux-based server for validation purposes. The guide covers topics ranging from prerequisites to configuring your validator on the Avalanche network, saving and restoring your staking keys (important!), and monitoring/updating your node.
- Support and Donations
- Prerequisites
- Registering your server
- Logging into your server
- Beginning configuration of your server
- Download Go onto your configured server
- Link your Github account with your server via SSH
- Clone and build the AvalancheGo Github
- Backup your staking keys & Find your NodeID
- How to update, monitor and restore your node
- Disclaimer
- License
If you find this guide useful, please consider donating some AVAX to the following address: 0x721644dff35504c8F9A3c389d7C4dCE5D8afC4d2
. Any amount is greatly appreciated!
- A reliable internet connection.
- A minimum of 2,000 AVAX tokens for staking (accurate at the time of writing; subject to change).
- Basic understanding of command-line interfaces.
Download and install the latest full version of CMDER, a Linux terminal emulator for Windows, which enables you to log into your server: https://cmder.app/
Create an account on GitHub if you don't already have one: https://github.com/signup?source=login
Generate a new SSH keypair to securely log into your server. If you already have a keypair on your PC, you can skip this step.
-
Go to the following directory on your Windows PC:
C:/Users/{your_username}/.ssh
If you see files named
id_rsa
andid_rsa.pub
, you already have a keypair that you can use. -
If you don't have any files or the
.ssh
directory doesn't exist, follow these steps:
- Create a suitable folder (e.g.,
avax_server_AX41-NVME
) in this directory:C:/Users/{your_username}/.ssh
(create the directory if it doesn't exist) for saving your SSH keys inside. - Open the newly created folder.
- Launch Command Prompt by typing
cmd
into Windows search and pressing Enter. This will launch a Windows terminal window. - Type
ssh-keygen
into the terminal. - Enter a file to save your SSH keypair, e.g.,
C:/Users/{your_username}/.ssh/{your_folder_name}/id_rsa
- Enter a secure passphrase to encrypt your SSH key on your Windows device. Choose a passphrase that is at least 12 characters long, with a mix of uppercase and lowercase letters, numbers, and special characters. This passphrase is crucial to protect your SSH key, and you MUST remember it!
- Close the terminal and confirm that the newly created keypair is saved into the new folder you created previously, then copy the file named
id_rsa
(not the one that saysid_rsa.pub
). - Navigate to the following directory on your Windows PC:
C:/Users/{your_username}/.ssh
- Paste a copy of your
id_rsa
file into this directory. - Go back to the original directory:
C:/Users/{your_username}/.ssh/{your_folder_name}
- Open the file named
id_rsa.pub
in Notepad and then minimize Notepad. You will come back to it later.
By this point you should have:
- Cmder.exe downloaded & installed.
- A Github account.
- A SSH keypair.
This guide gives an example walkthrough of how to register a server using popular/cheap provider Hetzner
for illustrative purposes, although you may prefer/need to use an alternative provider instead. Please refer to the minimum specs required for a validator from the official ava-labs Github.
Start by purchasing an AX41-NVME server on Hetzner in Germany or Finland, keeping in mind any one-time setup fees: Hetzner AX41-NVME Configurator
- For the purposes of this guide we will keep the option
Primary IPv4
checked and selected, as we will use it. - Select the latest version of Ubuntu LTS with no control panel (at the time of writing, this is Ubuntu 22.04.1 LTS (base)).
- Optionally consider upgrading to ECC RAM near the bottom of the order page (not required).
Click "Order" to proceed to the checkout page. On the checkout page, you will have the option to log in to your server using either a password or a public key. Choose the public key option.
- If you followed the earlier part of this guide, your Notepad with the public key should be open already. Copy the entire contents of the file containing your public key and paste it into the
Key Data
field. - If you're not sure where to find your public key, go to the following directory:
C:/Users/{your_username}/.ssh
and find the file namedid_rsa.pub
, not the one namedid_rsa
.
Save and complete your order. You may have to wait a few hours until the server is available.
If you have been following the guide and have opted to use Hetzner as your server provider, then once your server has finished being configured, it should appear in the Server ID
section of the Hetzner Robot dashboard. For example, you might see AX41-NVMe #1871660
.
-
Find your server's IP address
Click on your Server's ID and then copy the IP address. You can make a note of the IP somewhere for future reference, or you can always find it using the link provided above.
-
Connect to your server using Cmder
Make sure to replace
{IP}
with the IP address of your server that you copied from the link above.Launch:
Cmder.exe
Run:
ssh root@{IP}
-
Trust the key fingerprint
Your Linux terminal emulator will now connect to your server and prompt you to trust the key fingerprint. This will only be asked once, during the initial setup. Type
yes
and press Enter. -
Enter your secure passphrase for your SSH keypair when prompted.
Now that you have successfully logged into your server, you're ready to begin configuration. The following steps will guide you through setting up your node. Make sure to follow the steps sequentially, as entering the code out of order may result in a failure to set up the node. It's recommended that you read the explanation of the code before entering it into your server so you are aware of what each line performs.
Run: sudo apt update && sudo apt upgrade
After entering, press Y
when prompted (to continue) and may also need to press Enter
on your keyboard to select okay a few times during the configuration process. You don't need to restart any more processes than recommended; simply press Enter
when prompted.
Run: sudo adduser mainuser
After entering, set a new password. It doesn't really matter what you set it to, as you won't use it. Just make it sufficiently complex so it's not hacked before you disable password login (but make sure to remember it). If you get Authentication token manipulation error
you entered two differet passwords, just try again. When prompted to enter new values for the user such as Full Name
, etc... just press Enter
a few times to set default new user values. Then press Y
to show information is correct.
Run: usermod -aG sudo mainuser
Run: exit
This will log you out of your server. Next enter the following command, replacing {ip}
with your server's IP address:
Run: ssh mainuser@{ip}
Press Enter
to skip the SSH passphrase, this time only, instead you will use your newly created user password (the one you were supposed to remember). If you take too long, it may say Connection closed by {ip} port 22
; just try again, but do it faster this time.
-
First make a new SSH directory in your server:
Run:
mkdir -p ~/.ssh
-
Then, from your Windows File Explorer, open the
id_rsa.pub
file in your SSH directory (C:/Users/{your_username}/.ssh
) using Notepad, and then copy the entire contents of the file. Once the public key string is copied, go back to Cmder where you are logged into your server. Type the following, replacing{public_key_string}
with your entire SSH public key string that you copied from Notepad:Run:
echo {public_key_string} >> ~/.ssh/authorized_keys
-
Verify the above line worked with the following command, which will show your public SSH key:
Run:
nano /home/mainuser/.ssh/authorized_keys
If you can see your public SSH key then you have completed the step successfully. Close the Nano text editor by pressing
CTRL
+X
.
-
Secure your SSH configuration by setting the appropriate permissions, ownership, and updating the configuration file:
Run:
chmod -R go= ~/.ssh
Run:
chown -R mainuser:mainuser ~/.ssh
-
Open the SSH configuration file with nano:
Run:
sudo nano /etc/ssh/sshd_config
Then enter your user password (the one you were supposed to remember).
-
Find and change the following lines (double check them afterwards):
- Set
Port 22
toPort 2222
and remove#
if nescessary - Set
PermitRootLogin
toPermitRootLogin no
and remove#
if nescessary - Set
PubkeyAuthentication
toPubkeyAuthentication yes
and remove#
if nescessary - Set
PasswordAuthentication
toPasswordAuthentication no
and remove#
if nescessary - Set
PermitEmptyPasswords
toPermitEmptyPasswords no
and remove#
if nescessary
- Set
-
Save and exit the file:
- Press
Ctrl + X
to initiate the save process. - Press
Y
to confirm the save. - Press
Enter
to save the modified buffer and exit.
- Press
-
Restart the SSH service to apply the changes:
Run:
sudo systemctl restart ssh
Your SSH configuration has been made more secure by following these steps. However, it's crucial to remember that no system can be completely secure, and you should always stay up to date with best practices and security recommendations.
-
For this step, we will be using UFW because it's incredibly simple to use and very powerful. Install UFW by running the following command:
Run:
sudo apt install ufw
-
Allow port 2222 for SSH. If your IP is fixed, or you use a VPN, you can change this to
sudo ufw allow from {IP} to any port 2222
, which is more secure and limits the attack surface of a DDOS attack. It is strongly advised, although technically not strictly necessary. If your fixed IP changes in the future, you will have to update the firewall from your server dashboard, as you won't be able to login via SSH from an IP that has not been whitelisted.Run:
sudo ufw allow 2222
-
Allow port 9651 for your Avalanche node to communicate with other nodes on the Avalanche network. Do not change this.
Run:
sudo ufw allow 9651
-
Enable UFW and confirm when prompted:
Run:
sudo ufw enable
Press
y
to proceed. -
Check the UFW status to ensure that ports 2222 and 9651 are open and accessible. Port 22 should not be open. If port 22 is open, you can close it with
sudo ufw delete allow 22
.Run:
sudo ufw status numbered
-
Please note that from now on, to log into your server, you will have to specify port 2222. Use the following command when logging in with Cmder:
Run:
ssh mainuser@{IP} -p 2222
Enter your secure passphrase for your SSH keypair when prompted.
-
Open the sudoers file for editing by running the following command:
Run:
sudo visudo
Enter your user password
-
Add the following line to grant your user sudo privileges without a password:
Add:
mainuser ALL=(ALL) NOPASSWD:ALL
-
Save and exit the file:
- Press
Ctrl + X
to initiate the save process. - Press
Y
to confirm the save. - Press
Enter
to save the modified buffer and exit.
- Press
-
Disable the password requirement for your current user by running the following command:
Run:
sudo passwd -d $(whoami)
Now you have completed the configuration process, you can download and install Go, which you will need for your node to validate the Avalanche network.
-
Go to https://go.dev/dl/ to find the latest Linux version of Golang. You want to find the version that ends with
.linux-amd64.tar.gz
. At the time of writing, the latest version isgo1.20.2.linux-amd64.tar.gz
. Copy the version namego1.20.2.linux-amd64.tar.gz
, or the latest version available when you check. Then change the first two lines of code below to account for the latest version and enter them into your Cmder terminal:Run:
wget -c https://golang.org/dl/go1.20.2.linux-amd64.tar.gz
Run:
sudo tar -C /usr/local -xvzf go1.20.2.linux-amd64.tar.gz
The first command does this thingy, while the second command does this other thingy.
-
Take ownership of the
/usr/local/go
directoryRun:
sudo chown -R mainuser:mainuser /usr/local/go
-
Make 3 new folders inside the
/usr/local/go
directoryRun:
mkdir -p ~/go_projects/{bin,src,pkg}
-
Use a text editor such as nano to open the
.profile
file so you can configure environment variables.Run:
nano ~/.profile
-
Add the following following lines to the file (you can paste them above the line that says #if running bash):
export GOPATH=$HOME/go export PATH=$PATH:$GOPATH/bin export PATH=$PATH:/usr/local/go/bin export GOPATH="$HOME/go_projects" export GOBIN="$GOPATH/bin"
-
Save and exit the file:
- Press
Ctrl + X
to initiate the save process. - Press
Y
to confirm the save. - Press
Enter
to save the modified buffer and exit.
- Press
-
Reload the
.profile
file to apply the changes:Run:
. ~/.profile
-
Verify that the environment variables are set correctly:
This command displays the content of the
PATH
environment variable, ensuring that the Go-related paths have been added successfully.Run:
echo $PATH
-
Verify the installed Go version:
This command prints the version of Go installed on your system. If the output shows the expected Go version, it indicates that the environment variables have been configured correctly. If not, double-check the previous steps.
Run:
go version
Now you need to link your GitHub account with your server via SSH so you can download AvalancheGo from GitHub.
Run: cd /home/mainuser/.ssh
Run: ssh-keygen -t ed25519 -C your_github_email@example.com
Make sure to replace your_github_email@example.com
with your actual GitHub account email. You can find your GitHub email at the following link: GitHub
- Press
Enter
to accept the default file save location. - Enter a secure passphrase if desired.
The next section of code will show the new SSH keys.
Run: ls -al ~/.ssh
Run: nano ~/.ssh/id_ed25519.pub
Copy the ENTIRE contents of the .pub file to the Windows clipboard, do this simply by highlighting the text and it will auto copy.
Press Ctrl + X
, you should not need to press Y or Enter as you have not modified the file.
Now go to the GitHub SSH Key Page
Press New SSH key
and then paste the .pub file contents into GitHub, set an appropriate title e.g., AVAX Server AX41-NVME
and click Save
.
-
Change directory to your GOPATH.
Run:
cd $GOPATH
-
Make a directory for ava-labs.
Run:
mkdir -p src/github.com/ava-labs
-
Change directory to newly created ava-labs directory.
Run:
cd src/github.com/ava-labs
-
Clone the Ava-Labs Github Repo to this directory.
Run:
git clone git@github.com:ava-labs/avalanchego.git
Accept the key fingerprint and continue connection with
yes
. Then enter your passphrase for your SSH key if you created one. -
Change directory to newly created ava-labs directory.
Run:
cd avalanchego
-
Install & build the directory.
Run:
sudo apt-get install build-essential
Press
Y
, then pressEnter
twice when prompted.Run:
./scripts/build.sh
-
Run the installer script.
wget -nd -m https://raw.githubusercontent.com/ava-labs/avalanche-docs/master/scripts/avalanchego-installer.sh;\ chmod 755 avalanchego-installer.sh;\ ./avalanchego-installer.sh
Press
2
for cloud provider.Press
n
if it doesn't show your IP (it didn't for me).Enter your IP that you use to connect to your server.
Type
private
then typeon
to turn on state sync (unless you NEED the historical data, TIP: most don't). -
Check everything is working as intended.
Run:
sudo systemctl status avalanchego
The above line should show
active (running)
, if it does then just pressq
and then exit the server, give it a day or so to finish bootstrapping.- Note you can also monitor the system output with the following: Run
sudo journalctl -u avalanchego -f
. PressCtrl + c
when you wish to stop reading node output.
- Note you can also monitor the system output with the following: Run
-
You can check that bootstrapping is complete with the following health check.
curl -X POST --data '{ "jsonrpc":"2.0", "id" :1, "method" :"health.health" }' -H 'content-type:application/json;' 127.0.0.1:9650/ext/health
If bootstrapping is complete then one of the final outputs of the health check should be:
"healthy":true
.
-
Next you will NEED to backup your staking keys!!! (Very important!)
-
Open a terminal window on your Windows PC by typing CMD into the windows searchbar and clicking on command prompt.
-
MODIFY the following command to suit your circumstances before entering it into your terminal window:
Run:
scp -r mainuser@xxx.xxx.xxx.xxx:/home/mainuser/.avalanchego/staking C:/Users/{your_username}/avalanche_staking_keys
Make sure to replace
mainuser
with whatever you called your login (if you followed my guide then you chose mainuser anyway so no need to change it), also make sure to replacexxx.xxx.xxx.xxx
with your servers IP, also make sure to replace{your_username}
with your windows username. -
Verify that your staker keys have been saved to the chosen directory on your Windows PC and I also strongly recommend saving them to a pen stick or removable storage device for extra safety. If your node is ever shutdown or goes wrong and you need to restore your NodeID on another server then you will need these files to restore the NodeID and retain your staking uptime. Avalanche requires a MINIMUM staking uptime of 80%+ (at time of writing) for rewards payout.
-
Next you'll need to find out your NodeID. Run the command below from your linux server terminal cmder
curl -X POST --data '{ "jsonrpc":"2.0", "id" :1, "method" :"info.getNodeID" }' -H 'content-type:application/json;' 127.0.0.1:9650/ext/info
Your public Node-ID looks something like this
NodeID-6rRhirfsvBGvtxprBzEVR2AAVy99r9mJt
. This ID is sharable to your friends if they want to delegate AVAX tokens to your node. You'll need this NodeID in order to stake your AVAX.
Note: This is an incredibly important part of this guide. You will need to monitor your node for the duration of time you are staking. Failing to monitor your node is likely to lead to a rewards payout miss for you and your delegators. At the time of writing the required uptime for staking rewards is 80% and there is no slashing. Non-default subnets may have different requirements to the C/X/P chains. It's your responsibility to be aware of the full requirements to recieve staking rewards and your responsibility to research the full risks involved for validating any subnets.
-
Firstly, you can do a health check when logged into your server by entering the following into the terminal:
curl -X POST --data '{ "jsonrpc":"2.0", "id" :1, "method" :"health.health" }' -H 'content-type:application/json;' 127.0.0.1:9650/ext/health
- Note that this check is not sufficient on it's own to ensure your node is functioning appropriately!
-
Every so often a new version of AvalancheGo will come out. Be sure to follow the public Avalanche Announcements on Discord, Telegram and Twitter:
-
You can (and should!) also check directly from the avalanchego releases page of the ava-labs github. This may be the best way to get the most accurate and timely information.
On the release page linked above, click the drop down arrow next to
Watch
at the top right hand side of the page then selectCustom
, then selectReleases
and clickApply
. This should send you notifications whenever there is a new release. You can also get Android/iOS push notifications for releases if you download the Github app onto your device. -
You should also use the official Avalanche Node notification service to monitor your node:
-
You should also use the validator dashboard: (enter your NodeID into the NodeID box on the page)
-
You should also use AllNodes:
-
You should also use VScout
-
You should also use AVASCAN:
-
I suggest you bookmark the links in steps 4 to 7 inclusive, with your NodeID entered to each, so you can quickly and easily check your node performance. It is not sufficient to only use 1 provider.
-
If you have the installer script configured (you should if you followed this guide) then you can run:
./avalanchego-installer.sh
If the above doesn't work then try:
wget -nd -m https://raw.githubusercontent.com/ava-labs/avalanche-docs/master/scripts/avalanchego-installer.sh;\ chmod 755 avalanchego-installer.sh;\ ./avalanchego-installer.sh --reinstall
Press
2
for cloud provider.Press
n
if it doesn't show your IP (it didn't for me).Enter your IP that you use to connect to your server.
Type
private
then typeon
to turn on state sync (unless you NEED the historical data, TIP: most don't). -
Give the prior step a few mins first (suggested 3-5 mins) and then do a health check to confirm everything is working.
curl -X POST --data '{ "jsonrpc":"2.0", "id" :1, "method" :"health.health" }' -H 'content-type:application/json;' 127.0.0.1:9650/ext/health
You can also check uptime:
curl -X POST --data '{ "jsonrpc":"2.0", "id" :1, "method" :"info.uptime" }' -H 'content-type:application/json;' 127.0.0.1:9650/ext/info
Now go back to the node monitoring sites above (AllNodes/VScout are usually the fastest to update in my experience) and check your node has updated to the latest revision.
Lets imagine your node has gone offline and you are now trying to restore your staking keys to a fresh node, then the process you would follow is as follows: (bear in mind you should only have your staking keys active on 1 node at a time to prevent potential network conflicts).
-
Open up a windows terminal by typing
cmd
into the windows search and clicking to open command prompt. -
Type the following 3 lines of code into your terminal, make sure to replace
{your username}
,mainuser
andxxx.xxx.xxx.xxx
with the actual values that reflect your circumstances. (you may have to edit the full directory path if you saved your staking keys elsewhere. This will use SSH to copy and paste your staking keys from the directory where they are saved to a temporary directory on your server.Run:
scp C:/Users/{your username}/avalanche_staking_keys/staking/staker.crt mainuser@xxx.xxx.xxx.xxx:/home/mainuser/temp
Run:
scp C:/Users/{your username}/avalanche_staking_keys/staking/staker.key mainuser@xxx.xxx.xxx.xxx:/home/mainuser/temp
Run:
scp C:/Users/{your username}/avalanche_staking_keys/staking/signer.key mainuser@xxx.xxx.xxx.xxx:/home/mainuser/temp
-
Now you have copied your staking keys into a temporary directory in your server, you'll need to move them to the staking directory. Open up Cmder and log into your server then type:
Run:
mv /home/mainuser/temp/staker.crt /home/mainuser/.avalanchego/staking/
Run:
mv /home/mainuser/temp/staker.key /home/mainuser/.avalanchego/staking/
Run:
mv /home/mainuser/temp/signer.key /home/mainuser/.avalanchego/staking/
Note: You will have to overwrite those files to get your prior NodeID back.
-
Delete the temp folder:
Run:
rm -r /home/mainuser/temp
-
Your Staking keys should now be restored onto your server. Now you'll need to restart the Avalanchego process:
Run:
sudo systemctl stop avalanchego
Run:
sudo systemctl start avalanchego
-
Check the system process is running:
Run:
sudo systemctl status avalanchego
-
Make sure port 9651 is open, if you have UFW installed (you will if you followed this guide) then type.
Run:
sudo ufw status numbered
-
You should see that 9651 is open along with the SSH port (we are using port 2222 in this guide), if it isn't then do:
Run:
sudo ufw allow 9651
Run:
sudo ufw allow 2222
Run:
sudo ufw disable
Run:
sudo ufw enable
Run:
sudo ufw status numbered
You should now see that both the SSH port (2222) and 9651 are open.
You are almost finished with this guide. If you need any further help I reccomend going to the Avalanche discord.
Please be careful of scammers reacing out to you in your Direct/Private messages, they may pretend to be from the Avalanche team.
This guide is provided for educational and informational purposes only, on an "as-is" basis, without any warranties or guarantees, either expressed or implied, regarding its accuracy, completeness, or effectiveness. The author does not claim to be an expert in the subject matter and has created this guide based on personal experience, research, and understanding. Users are encouraged to verify the information independently and consult additional sources.
Neither the author nor any associated parties can be held responsible for any losses, damages, or issues that may arise from following the instructions provided. By using this guide, you acknowledge that you are participating in the Avalanche network as a validator entirely at your own risk.
Setting up a cryptocurrency staking validator on the Avalanche network involves multiple steps, and the outcome can vary depending on your specific hardware, software, and network configurations. The author cannot guarantee that following this guide will result in a fully functional validator or ensure that you will receive staking rewards.
Before proceeding, please make sure you have a thorough understanding of the Avalanche network and the risks associated with cryptocurrency staking. Furthermore, it is essential to stay up-to-date with any changes to the Avalanche network or staking requirements, as these may affect your validator's performance and rewards eligibility.
As a validator, you must understand that maintaining an up-to-date node is critical for continued participation in the Avalanche network and earning staking rewards. You are responsible for keeping your node running with the latest required version of AvalancheGo and ensuring that all necessary packages are updated as needed.
The Avalanche network may introduce new features, security patches, or performance improvements that require an updated version of the software. If you fail to update your node and its dependencies, your validator may become ineligible for staking rewards or face penalties. It is your responsibility to monitor the official Avalanche communication channels and stay informed about any changes or updates that may impact your node's performance and staking eligibility.
By following this guide, you agree to comply with any applicable terms of service, rules, or regulations associated with the Avalanche network and any relevant third-party services or platforms. The author and any associated parties take no responsibility for issues, losses, or damages that may arise due to violations of any terms of service. It is your responsibility to familiarize yourself with and adhere to these terms while participating in the Avalanche network as a validator.
By following this guide, you agree to assume full responsibility for keeping your node updated and acknowledge that neither the author nor any associated parties will be held responsible for any issues that may arise. You also release the author and any associated parties from any liability. If you are uncertain about any steps or require further assistance, please consult the official Avalanche documentation, seek help from the community, or consult a professional.
The author will not be held liable for any errors, omissions, or inaccuracies in the guide or for any decisions made based on the information provided in the guide. Users are encouraged to seek professional advice or consult the official documentation and resources related to the subject matter, as the guide may not cover all aspects or may not be suitable for all users.
This project is licensed under the MIT License.