# Node Operator Notes

## <mark style="color:green;">Before We Begin</mark>

The following pages are essential reading before proceeding to any technical implementation. They are designed to help you organize your notes, confirm your virtual server specifications, and understand cloud provider requirements. Reviewing this information will ensure a smooth setup process and reduce the likelihood of configuration errors.

These sections are especially helpful for first-time Node Operators. However, experienced or technically proficient users may choose to skim or skip them as needed.

Topics covered in this section:

* **Setting Up Your Notes** — Guidance on preparing and organizing the information you'll need throughout the node setup process.
* **Understanding Your VPS Specifications** — Ensure that your virtual server meets the required hardware and system configuration.
* **Cloud Provider Specific Guides** — Reference materials tailored to specific providers like AWS, DigitalOcean, and Heztner.

{% hint style="success" %}
Take the time to review this material thoroughly before beginning any technical work.
{% endhint %}

## Purpose <a href="#purpose" id="purpose"></a>

This document suggests a method for keeping notes and tips accessible when preparing to or operating your node.

We hope that referring back to your notes for reminders on managing your node and recalling necessary passphrases or passwords will be time-saving, useful, and efficient.

{% hint style="info" %}
Even the most advanced users with the best memory will forget the necessary information to access the various aspects of running a node.  Keeping notes is important.
{% endhint %}

***

## Understanding Passphrase  & Passwords

There are **3** main passwords that we must have an understand and control of the concepts to make the administration of our nodes simple and less aggravating.&#x20;

{% stepper %}
{% step %}

### SSH Remove Access

Passphrase used to complete the connection authentication.

This is used to access your **VPS/node** from your local system. You’ll typically enter it **once per session** when establishing a connection to your node.
{% endstep %}

{% step %}

### Administer Your Node

Password used to confirm authorization.

When issuing **administrative commands** on your node, you will be required to enter your [**sudo** ](#user-content-fn-1)[^1]**password** associated with the <mark style="color:green;">**nodeadmin**</mark> user whenever a privileged action is executed or your session times out.

The <mark style="color:green;">**nodectl**</mark>**&#x20;utility** operates with elevated privileges and therefore **requires `sudo` access** to perform many of its core functions.
{% endstep %}

{% step %}

### P12 Key Store

PKCS#12, or PFX

The P12 keystore (also referred to as **PKCS#12** or **PFX**) contains your cryptographic key pair, both the private and public keys. it is used for signing transactions on the node. These keys also serve as a**uthentication credentials** for managing your node’s **hot wallet**.&#x20;

The passphrase protecting this keystore is critical: it is required to authorize actions related to **rewards**, **collateral** management, and **token transfers**. Store this passphrase securely, as losing it may result in permanent loss of access to these functions.

{% hint style="success" %}
If you have previously imported your node’s private key into the Stargazer wallet, it is possible to recover access to your funds even if the P12 keystore is lost or the keystore passphrase is forgotten. This is because the private key alone is sufficient to restore control over the associated wallet and its assets.
{% endhint %}
{% endstep %}
{% endstepper %}

## Password and Note Storage <a href="#suggested-medium" id="suggested-medium"></a>

The following mediums are a good start to where you should record and maintain your notes.

|          Medium          | Description                                                                                                                                                         |
| :----------------------: | ------------------------------------------------------------------------------------------------------------------------------------------------------------------- |
| Secured Software Manager | There are password managers that allow for keeping passwords, passphrases, notes, and documents. From LastPass, 1Password, Bitwarden, Dashlane, KeePass, to others. |
|         USB Stick        | Placing your information on a USB stick that is stored in a secure location such as a safe.                                                                         |
|  Physical Piece of Paper | Writing down your notes and storing in a secure location such as a safe.                                                                                            |

{% hint style="danger" %} <mark style="color:red;">**Make sure to create backups that will be stored in a safe location.**</mark>
{% endhint %}

### Warnings[​](https://docs-v1.constellationnetwork.io/validate/resources/nodectl-notes#-warnings) <a href="#warnings" id="warnings"></a>

**🚑&#x20;**<mark style="color:red;">**PLEASE DO NOT**</mark>**&#x20;🚒**

Do **not** use the same passphrases or other sensitive values/information as shown in this example.

These examples are public facing and may be used by a nefarious actor as a first attempt to access your node in a penetration attack.

> The example values in these notes are **fictitious**, please replace usernames, passwords, passphrases, etc. with your own.

## Notes for Macintosh[​](https://docs-v1.constellationnetwork.io/validate/resources/nodectl-notes#-notes-for-macintosh) <a href="#notes-for-macintosh" id="notes-for-macintosh"></a>

```
Constellation Validator Node Notes:

To access our node:
    open a terminal and enter:
    ssh -i /home/myuser/.ssh/myprivatekey nodeadmin@113.113.113.113
    
    This command will attempt to SSH into our VPS/node 
    We will be challenged for access to supply the passphrase.
    passphrase: efg6abc13efg6

    If the command hangs or an error message stating 
    "refused" check to make sure that our firewall 
    on the VPS is properly setup to use the local 
    IP address of our system. During installation, 
    we restricted this down to a specific IP of our 
    local system, that may have changed.   
    www.whatismyip.com

To issue commands using nodectl we use sudo
   We need to use our nodeadmin password here:
   passphrase: efg6abc13efg6

If we need to access our p12 file (hot wallet)
   passphrase: abc13efg6abc13

Reminders:
----------
ssh private key: myprivatekey
ssh public key: mypublickey.pub
ssh passphrase: efg6abc13efg6
location of keys:
   - on this USB stick
   - local mac directory: /home/myuser/.ssh/

p12 keystore name (hot wallet): myp12name.p12
p12 keystore passphrase: abc13efg6abc13

VPS IP: 113.113.113.113
VPS SSH port: 22
VPS username: mynodeadmin
VPS sudo password: 

Access My Node
--------------
1. Open Terminal Session
2. ssh -i /Users/yourname/.ssh/myprivatekey nodeadmin@113.113.113.113

* After typing in: sudo nodectl
  you can double-tap the tab key for a list
  of commands.
  
Key Commands
------------
sudo nodectl status
sudo nodectl restart -p all
sudo nodectl upgrade
sudo nodectl check_versions
sudo nodectl check_consensus
sudo nodectl dag -p dag-l0
```

## Notes for Windows[​](https://docs-v1.constellationnetwork.io/validate/resources/nodectl-notes#-notes-for-windows) <a href="#notes-for-windows" id="notes-for-windows"></a>

**Just in Case**

If you are using a Command Prompt verses PuTTy, you may want to copy the Macintosh notes 👆and replace `Terminal` with `Command Prompt` as necessary.

```
Constellation Validator Node Notes:

To access our node:
    open PuTTy
    select our saved session from the 
    PuTTy main menu, load, and then open
    (or double click)
    
    This command will attempt to SSH into our VPS/node 
    We will be challenged for access to supply the passphrase.
    passphrase: efg6abc13efg6

    If the command hangs or an error message stating 
    "refused" check to make sure that our firewall 
    on the VPS is properly setup to use the local 
    IP address of our system. During installation, 
    we restricted this down to a specific IP of our 
    local system, that may have changed.   
    www.whatismyip.com

To issue commands using nodectl we use sudo
   We need to use our nodeadmin password here:
   passphrase: hij678hij678&*()

If we need to access our p12 file (hot wallet)
   passphrase: abc123abc123!@#

Reminders:
----------
ssh private key: myprivatekey
ssh public key: mypublickey.pub
ssh passphrase: efg345efg$%%^
location of keys:
   - on this USB stick
   - <enter saved location here>

p12 keystore name (hot wallet): myConstellationP12File.p12
p12 keystore passphrase: abc123abc123!@#

VPS IP: 113.113.113.113
VPS SSH port: 22
VPS username: nodeadmin
VPS sudo password: hij678hij678&*()

Access My Node
--------------
1. Open Terminal Session
2. ssh -i C:\Users\myuser\.ssh\myprivatekey root@113.113.113.113

* After typing in: sudo nodectl
  you can double-tap the tab key for a list
  of commands.

Key Commands
------------
sudo nodectl status
sudo nodectl restart -p all
sudo nodectl upgrade
sudo nodectl check_versions
sudo nodectl check_consensus
sudo nodectl dag -p dag-l0 (intnet-l0) (dor-dl1)
```

[^1]: super user do ( adminiistrative )