Interactive Solo Ethereum staking guide for Ubuntu OS

Complete guide to stake one as well as thousands of validators on multiple chains through a single staking node. Simply made, interactive, well explained. The guide on this webpage is focused on staking Ethereum.

Disclaimer

This guide is for informational and education purposes only - accuracy is not guaranteed, see disclaimer.

Prerequisites for this Ethereum staking

  1. Staking Node for Ethereum staking, see

    options and guides for Staking Node

  2. Access to Staking Node Operating System

  3. Interest in staking

Securying Ubuntu OS

In the matter of security, you must think about the way you are going to connect to / access your node - see the guide below.

Upgrade & update on the latest software and security updates.

$ sudo apt update && sudo apt -y upgrade
$ sudo apt dist-upgrade && sudo apt autoremove
$ sudo reboot

You can also create a shell script that will do this either on manual request or a schedule, see Update and Restart Ubuntu server Utility.

Install UFW, configurate deny state for incoming and allow state for outgoing traffic

  • Install UFW (if not installed yet) 
    sudo apt install ufw
  • Set default Fireall configuration 
    sudo ufw default deny incoming
sudo ufw default allow outgoing

NOTE: Installed firewall is required for enabling custom SSH port for remote connection. Firewall activation itself will be processed later, after additional configuration made in next steps.

Managing the SSH access

  • SSH allows to connect to the server remotely either from the local or remote network.
  • If you are going to connect your node locally only (= with monitor and keyboard connected right in the node), you do not need to install SSH or you can simply disable it, if is already installed.

Check, whether SSH is installed on the server

which sshd

This command should print directory of the SSH service. If it prints an empty response, SSH is not installed on the server and thus connecting to server over SSH is not possible.

With allowed SSH access, you must protect SSH access to your server from attackers. Based on your network confifuration, access may be possible from:

  • From any network (Your server has public IP)
  • From a local network only (Your server is behind nat)
  • From a VPN network the node is assigned to

Even if you have enabled access from a local netowk only (your node is behind NAT), you should still protect your SSH access as a potential attacker may use a compromised device in your local network to access your node. The defense consists in increasing the number of obstacles that must be overcome to access your node.

If SSH is not installed yet (which sshd returns an empty response), SSH server can be installed with following command: 
sudo apt install openssh-server

After the installation, you can use command poweroff to shut down the server and unstick monitor and keyboard. Next connections can be remote over SSH since now. As there is no SSH key used right now, on Linux/Mac, a remote connection can be made with following command:

ssh -o IdentitiesOnly=yes -o PreferredAuthentications=password username@server_id -p 22

Remote connection from Windows OS requires installation of SSH client such as e.g. Putty. See more information about remote connections from Windows at this Guide.

Before configuring security matters and connecting to your node, take note the basic rule to maintain also the security of the computer(s) you are going to use for connecting to your node (stealing the SSH keys) as well as other devices required for connection (stealing 2FA codes) etc.

  • Configure SSH keys

    By default, SSH connections can be made using a combo of username and password. As password is usually somewhat "short" and thus susceptible to brute-force attacks, key loggers attacks and so on. This is why SSH keys significantly enhances the security of the login process.

    SSH keys step by step guide.

  • Modify default 22 SSH port

    As port 22 is default port for SSH connections, it's the first port that a potential attacker tests. Change it to a different free port.

    1. Choose any number between 21 and 49151

      Choose a port number for SSH:
    2. Check whether the selected port for SSH is not already in use 
      sudo ss -tulpn | grep ':22'
      • blank response = port is not in used
      • red text response, the port is already in used. Check availability of a different port number in such case.
    3. Change SSH port from default 22 to 22 in the SSH config file
      1. Open sshd_config config file 
        sudo nano /etc/ssh/sshd_config

      2. Find mark Port, usually Port 22. The mark specifies currently port used for SSH access.

        Rewrite the port value for Port

      3. Press CTRL + X then Y then ENTER to save and exit the config file.
    4. Enable the Port 1024 for SSH/TCP connection 
      sudo ufw allow 1024/tcp
    5. Disable the default 22 port for SSH/TCP connection 
      sudo ufw deny 22/tcp
    6. Restart the SSH service and reboot the system to reflect the changes. 
      sudo systemctl restart ssh && sudo reboot

      After the restart, you will not able to connect through the SSH over port 22 anymore. Be sure you are connecting over the 1024 next time.

    NOTE: If you are facing an issue to sign in over SSH after changing the port, try reboot the staking node and sign in again.

  • Configuring 2FA authentization

    2FA (2 Factor authentization) comes with additional code you must provide to access your node. You may know 2FA from crypto exchanges. In the same way you can protect loging to your node.

    2FA Google Authentication activation guide.

  • Configuring Brute-force & DDoS protection

    To defend against Brute Force and DDoS attacks, one can monitor incoming connections and block IP addresses that repeatedly attempt to log in with incorrect credentials. Installing the Fail2Ban package can assist with this.

    Guide to activate Fail2Ban.

Securying remote access tips

  • Staking node is accessible from public IP:
    • If you do not need o connect to your node from remote networks, move your node behind the router that prevents accessing the node.
    • If you want to keep this feature, you should still consider move the node behind the router, set VPN on the router, and when connecting to the node, firstly connect to the router VPN and then connect the node from "local" network through its local IP.
  • Staking node is not accessible from public IP:
    • If you need connecting your node from remote networks, you must either set a VPN, such as Tailscale (either on the server itself or any other device in your local network), or buy public IP from your ISP and follow the points for server accessible from the public IP.

If you have SSH installed and running on your server, you must either disable ports for SSH traffic, disable SSH or remove it. If SSH is not installed on your machine, you can skip this step - ssh access is not possible already.

  • Option 1: Stop and disable the ssh service

    sudo systemctl stop ssh
sudo systemctl disable ssh

    If preferred, you can remove the SSH server client from the machine

    sudo apt remove openssh-server

  • Option 2: Disable traffic on SSH port

    Check 22/tcp port for enabled traffic with command

    sudo ufw status numbered

    Note: default 22 port could be changed, as well as could not be enabled. If there's any tcp traffic enabled, disable it. Code below is for default SSH port 22.

    sudo ufw deny 22/tcp

Configure the Firewall

  • Enable Firewall 
    $ sudo ufw enable
  • Check Firewall Ports 
    sudo ufw numbered

Consider installing and setting VPN to hide your public IP

VPN allows the server to access the internet through an intermediary in a form of a VPN server. In such case, your server's IP address (and location) is hidden behind the VPN server IP address. The disadvantage is the potential instability of the VPN server, in terms of connection speed and possible crashes into offline state.

Install, configurate and activate VPN service on Ubuntu server.

Note: If you need to have active Mullvad and Tailscale VPNs simultaneously, follow a guide for setting rules for netfilter.

Check / set basic config for your node machine

  • Check, you are not logged in as root. If so, create a new user with sudo, see section Staking on rented hardware
  • Check a swap space 
    free -h

    If there's no swap space created on your node, configurate a swap space.

  • Check timedatectl service for option to synchronize time

    Check current state:

    timedatectl status
  • Create downloads directory in your machine 
    mkdir ~/downloads

    This folder will be used for downloading clients

Generate Client Authentication Secret for ethereum

  • Create a new directory for jwtsecret files 
    sudo mkdir -p /var/lib/jwtsecret
  • Generate the JWT file using the openssl cryptography software library. 
    openssl rand -hex 32 | sudo tee /var/lib/jwtsecret/ethereum.hex > /dev/null
  • Check the generated authentication secret 
    $ nano /var/lib/jwtsecret/ethereum.hex
    Press CTRL + X to exit the config file.

Install and configurate preferred execution client

Installing Nethermind client

Nethermind documentation: https://docs.nethermind.io/

  1. Find the latest stable version of Nethermind on Github

  2. Download Nethermind version 1.32.4-1c4c7c0a to your node

    cd ~/downloads && curl -LO https://github.com/NethermindEth/nethermind/releases/download/1.32.4/nethermind-1.32.4-1c4c7c0a-linux-x64.zip

  3. Install package for unzipping

    sudo apt-get install -y unzip

  4. Unzip the downloaded file

    unzip nethermind-1.32.4-1c4c7c0a-linux-x64 -d nethermind

  5. Copy the client to /usr/local/bin/

    sudo cp -a nethermind /usr/local/bin/nethermind

  6. Remove downloaded files

    cd ~/downloads && rm nethermind-1.32.4-1c4c7c0a-linux-x64.zip && rm -r nethermind

Create a system user and data directory for Nethermind service

  • Create a user

    : 
    sudo useradd --system --no-create-home --shell /bin/false eth-nethermind

  • Create a folder for Nethermind data on Ethereum chain

    : 
    sudo mkdir -p /var/lib/ethereum/nethermind

  • Set access permission and ownership for the Nethermind data folder

    sudo chown -R eth-nethermind:eth-nethermind /var/lib/ethereum/nethermind

Configurate & Run Nethermind service

  • Choose ports for communication

    Change the default ports below if you are going to stake on more chains simultaneously (e.g. Ethereum and Gnosis at once) on the same machine. If you are going to stake ethereum only, you can keep the default ports. If you are changing the default ports, be sure that the newly selected port is not already in used. A port in used may be checked with following code:

    ss -tuln | grep ':PORT'
    • If it returns empty response, the port is free and can be used.

    Ports selection

    • (Default port: 30303)
    • (Default port: 8545)
    • (Default port: 8551)

    If needed, check JSON RPC server and fundamentals in Nethermind documentation.

  • Enable ports communication

    To allow execution client synchronization, there's need to enable port 30303 reserved for P2P traffic to TCP (allows the node to connect to peers) and UDP (allows node discovery). It may be done with following UFW setup:

    $ sudo ufw allow 30303

    Use this option only if you need operate execution client and beacon client on different machines.

    • Enable port 30303 for P2P traffic

      To allow execution client synchronization, there's need to enable port 30303 reserved for P2P traffic to TCP (allows the node to connect to peers) and UDP (allows node discovery). It may be done with following UFW setup:

      $ sudo ufw allow 30303
    • Enable port 8551 for IP of your second machine 
      sudo ufw allow from 192.168.88.0/27 to any port 8551

      Note: Be sure you use proper IP of your second machine / proper local network configuration.

  • Create configuration file for Nethermind service

    1. Open Nethermind configuration file

      sudo nano /etc/systemd/system/eth-nethermind.service

    2. Copy the configuration below into the file. If needed, check flags documentation.

      [Unit]
Description=Nethermind Execution Client (Ethereum Mainnet)
After=network.target
Wants=network.target

[Service]
User=eth-nethermind
Group=eth-nethermind
Type=simple
Restart=always
RestartSec=5
WorkingDirectory=/var/lib/ethereum/nethermind
Environment="DOTNET_BUNDLE_EXTRACT_BASE_DIR=/var/lib/ethereum/nethermind"
ExecStart=/usr/local/bin/nethermind/nethermind \
  --config mainnet \
  --datadir /var/lib/ethereum/nethermind \
  --Sync.SnapSync true \
  --Sync.AncientBodiesBarrier 11052984 \
  --Sync.AncientReceiptsBarrier 11052984 \
  --JsonRpc.JwtSecretFile /var/lib/jwtsecret/ethereum.hex \
  --Network.P2PPort 30303 \
  --Network.DiscoveryPort 30303 \
  --JsonRpc.EnginePort 8551 \
  --JsonRpc.Port 8545 \
  --Pruning.Mode Hybrid \
  --Pruning.FullPruningTrigger VolumeFreeSpace \
  --Pruning.FullPruningThresholdMb 512000

[Install]
WantedBy=default.target
    3. Press CTRL + X then Y then ENTER to save and exit the config file.

  • Start the Nethermind service

    sudo systemctl daemon-reload
sudo systemctl start eth-nethermind

  • Check the service

    systemctl status eth-nethermind
journalctl -fu eth-nethermind

    If you see message "Waiting for Forkchoice message from Consensus Layer to set fresh pivot block", you can move on a Consensis Client setup.

  • Start the service automatically on system startup

    sudo systemctl enable eth-nethermind
    • Open Delayed Start shell 
      sudo nano /usr/local/bin/delayed-start.sh

      Configurate service start inside it

      systemctl start eth-nethermind.service
    • Be sure, delayed-start.service service controlling delayed-start.sh is enabled for auto start with system startup 
      sudo systemctl enable delayed-start.service

    1. Configurate Staking Manager util

      • Open the configuration file 
        sudo nano /usr/local/etc/staking/config/clients.conf

        If the file is empty, generate it with command sudo /usr/local/bin/staking.sh init

      • Set link to proper service. It should be as follow: 
        executionServices="eth-nethermind.service"

    2. Activate service to start automatically on OS startup

      • Open Start with delay util 
        sudo nano /usr/local/bin/delayed-start.sh
      • Place or uncomment a command to start the Beacon client(s) 
        /usr/local/bin/staking.sh start execution
      • Verify, that a service `delayed-start.service` exists and is automatically launched on system start. 
        sudo systemctl enable delayed-start.service

Installing Erigon client

Erigon documentation: https://erigon.gitbook.io/erigon

  1. Find the latest stable version of Erigon on Github

  2. Download Erigon version 3.0.15

    cd ~/downloads && curl -LO https://github.com/erigontech/erigon/releases/download/v3.0.15/erigon_v3.0.15_linux_amd64v2.tar.gz

  3. Verify hash of donwnloaded file

    Get hash of downloaded file and compare it with official hashes 
    sha256sum erigon_v3.0.15_linux_amd64v2.tar.gz
    And check it compare to the provided hash for the file from https://github.com/erigontech/erigon/releases/download/v3.0.15/erigon_v3.0.15_checksums.txt (Note: The link links at 3.0.15 version )

  4. Extract the downloaded package

    tar xvf erigon_v3.0.15_linux_amd64v2.tar.gz

  5. Copy extracted Erigon library

    sudo cp -a erigon_v3.0.15_linux_amd64v2 /usr/local/bin/erigonlib

  6. Remove downloaded files

    cd ~/downloads && rm -r erigon_v3.0.15_linux_amd64v2.tar.gz && rm -r erigon_v3.0.15_linux_amd64v2

Create a system user and data directory for Erigon service

  • Create a user

    : 
    sudo useradd --system --no-create-home --shell /bin/false eth-erigon

  • Create a folder for Erigon data on ethereum network

    : 
    sudo mkdir -p /var/lib/ethereum/erigon

  • Set access permission and ownership for the Erigon data folder

    sudo chown -R eth-erigon:eth-erigon /var/lib/ethereum/erigon

Configurate & Run Erigon Service

  • Choose ports for communication

    Change the default ports below if you are going to stake on more chains simultaneously (e.g. Ethereum and Gnosis at once) on the same machine. If you are going to stake ethereum only, you can keep the default ports. If you are changing the default ports, be sure that the newly selected port is not already in used. A port in used may be checked with following code:

    ss -tuln | grep ':PORT'
    • If it returns empty response, the port is free and can be used.

    Ports selection

    • (Default port: 30303)
    • (Default port: 8545)
    • (Default port: 8551)

  • Enable ports communication

    To allow execution client synchronization, there's need to enable port 30303 reserved for P2P traffic to TCP (allows the node to connect to peers) and UDP (allows node discovery). It may be done with following UFW setup:

    $ sudo ufw allow 30303

    Use this option only if you need operate execution client and beacon client on different machines.

    • Enable port 30303 for P2P traffic

      To allow execution client synchronization, there's need to enable port 30303 reserved for P2P traffic to TCP (allows the node to connect to peers) and UDP (allows node discovery). It may be done with following UFW setup:

      $ sudo ufw allow 30303
    • Enable port 8551 for IP of your second machine 
      sudo ufw allow from 192.168.88.0/27 to any port 8551

      Note: Be sure you use proper IP of your second machine / proper local network configuration.

  • Create configuration file for Erigon service

    1. Open configuration file 
      sudo nano /etc/systemd/system/eth-erigon.service
    2. Copy the configuration below into the file 
      [Unit]
Description=Erigon Execution Client (Ethereum Mainnet)
After=network.target
Wants=network.target
[Service]
User=eth-erigon
Group=eth-erigon
Type=simple
Restart=always
RestartSec=5
ExecStart=/usr/local/bin/erigonlib/erigon \
  --chain=mainnet \
  --datadir=/var/lib/ethereum/erigon \
  --authrpc.jwtsecret=/var/lib/jwtsecret/ethereum.hex \
  --port=30303 \
  --http.port=8545 \
# --ws.port=8546 \
  --authrpc.port=8551 \
  --private.api.addr=127.0.0.1:9090 \
  --torrent.port=42069 \
  --externalcl
#  --prune=htcr
#  --private.api.addr= \
#  --prune.r.before=11052984
[Install]
WantedBy=default.target

      NOTE: If you are going to run StakeWise vault, you should set --prune=receipts --prune.to=18470089 according to StakeWise operator service guide.

    3. Press CTRL + X then Y then ENTER to save and exit the config file.

  • Start the service

    sudo systemctl daemon-reload
sudo systemctl start eth-erigon

  • Check the service

    systemctl status eth-erigon
journalctl -fu eth-erigon

  • Start the service on system startup

    sudo systemctl enable eth-erigon
    • Open Delayed Start shell 
      sudo nano /usr/local/bin/delayed-start.sh

      Configurate service start inside it

      systemctl start eth-erigon.service
    • Be sure, delayed-start.service service controlling delayed-start.sh is enabled for auto start with system startup 
      sudo systemctl enable delayed-start.service

    1. Configurate Staking Manager util

      • Open the configuration file 
        sudo nano /usr/local/etc/staking/config/clients.conf

        If the file is empty, generate it with command sudo /usr/local/bin/staking.sh init

      • Set link to proper service. It should be as follow: 
        executionServices="eth-erigon.service"

    2. Activate service to start automatically on OS startup

      • Open Start with delay util 
        sudo nano /usr/local/bin/delayed-start.sh
      • Place or uncomment a command to start the Beacon client(s) 
        /usr/local/bin/staking.sh start execution
      • Verify, that a service `delayed-start.service` exists and is automatically launched on system start. 
        sudo systemctl enable delayed-start.service

Soon

Soon

Consensus client

Install Consensus client

  1. Find the latest stable version of Lighthouse on Github

  2. Download Lighthouse version 7.1.0 to your node

    cd ~/downloads && curl -LO https://github.com/sigp/lighthouse/releases/download/v7.1.0/lighthouse-v7.1.0-x86_64-unknown-linux-gnu.tar.gz

    Extract downloaded file

    $ tar xvf lighthouse-v7.1.0-x86_64-unknown-linux-gnu.tar.gz
  3. Replace old Lighthouse client for new 
    $ sudo cp ~/downloads/lighthouse /usr/local/bin
  4. Remove downloaded files 
    $ cd ~/downloads && rm lighthouse-v7.1.0-x86_64-unknown-linux-gnu.tar.gz && rm -r lighthouse

Configurate Lighthouse Beacon service

  1. Create a user for lighthouse beacon : 
    $ sudo useradd --system --no-create-home --shell /bin/false eth-lighthousebeacon
  2. Create a directory for data : 
    $ sudo mkdir -p /var/lib/ethereum/lighthouse/beacon
  3. Set permission for accessing the directory 
    $ sudo chown -R eth-lighthousebeacon:eth-lighthousebeacon /var/lib/ethereum/lighthouse/beacon

  • Create configuration file for Lighthouse Beacon service

    Open Lighthouse Beacon configuration file

    $ sudo nano /etc/systemd/system/eth-lighthousebeacon.service

    Copy the configuration below into the file. If needed, check flags documentation.

    [Unit]
Description=Lighthouse Consensus Client BN (Ethereum Mainnet)
Wants=network-online.target
After=network-online.target

[Service]
User=eth-lighthousebeacon
Group=eth-lighthousebeacon
Type=simple
Restart=always
RestartSec=5
ExecStart=/usr/local/bin/lighthouse bn \
  --network mainnet \
  --datadir /var/lib/ethereum/lighthouse \
  --http \
  --execution-endpoint http://127.0.0.1:8551 \
  --execution-jwt /var/lib/jwtsecret/ethereum.hex \
#  --target-peers 80 \
  --checkpoint-sync-url https://beaconstate.info \
  --port 9000 \
  --port6 9090 \
#  --discovery-port 9000 \
  --quic-port 9001 \
  --quic-port6 9091 \
  --http-port 5052

[Install]
WantedBy=multi-user.target

    Notes:

    Press CTRL + X then Y then ENTER to save and exit the config file.

  • Load changes made in config files to the system

    $ sudo systemctl daemon-reload
  • Start the service 
    $ sudo systemctl start eth-lighthousebeacon
  • Check the state 
    $ systemctl status eth-lighthousebeacon
$ journalctl -fu eth-lighthousebeacon
  • Activate service to start automatically 
    $ sudo systemctl enable eth-lighthousebeacon
    • Open Delayed Start shell 
      sudo nano /usr/local/bin/delayed-start.sh

      Configurate service start inside it

      systemctl start eth-lighthousebeacon.service
    • Be sure, delayed-start.service service controlling delayed-start.sh is enabled for auto start with system startup 
      sudo systemctl enable delayed-start.service

    1. Configurate Staking Manager util

      • Open the configuration file 
        sudo nano /usr/local/etc/staking/config/clients.conf

        If the file is empty, generate it with command sudo /usr/local/bin/staking.sh init

      • Set link to proper services. It should be as follow: 
        beaconServices="eth-lighthousebeacon.service"

    2. Activate service to start automatically on OS startup

      • Open Start with delay util 
        sudo nano /usr/local/bin/delayed-start.sh
      • Place or uncomment a command to start the Beacon client(s) 
        /usr/local/bin/staking.sh start beacon
      • Verify, that a service `delayed-start.service` exists and is automatically launched on system start. 
        sudo systemctl enable delayed-start.service

  1. Installing NodeJS through the Node Version Manager

    Node Version Manager (NVM) is a piece of shell code that allows you to easily install and maintain different versions of Node.js and its associated packages.

    1. Check latest verision of NVM on GitHub.

    2. View code of NVM ver 0.40.1

      curl -o- https://raw.githubusercontent.com/nvm-sh/nvm/v0.40.1/install.sh

    3. Install NVM

      curl -o- https://raw.githubusercontent.com/nvm-sh/nvm/v0.40.1/install.sh | bash

      NVM will be installed with permissions of a user that processing that request (you). NVM is installed to user account, specifically to "~/.bashrc" directory.

    4. source/reload nvm for an option to use it

      source ~/.bashrc

    5. Check available Node.js versions

      nvm list-remote
      Selected version: v

    6. Install requested Node.js version

      nvm install v22.16.0

      Node.js is installed with permissions of a user that processing that request (you)

    7. Show active Node.js version in use

      node -v

      If o version is selected, use nvm use 22.16.0

  2. Get Lodestar Client

    • Install build-essential tools

      sudo apt-get install build-essential -y

    • Install Yarn

      corepack enable
      corepack prepare yarn@stable --activate
      yarn help

    • Build Lodestar

      • Download latest Lodestar client from GitHub 
        cd ~/downloads && git clone -b stable https://github.com/chainsafe/lodestar.git
      • Install yarn 
        cd lodestar && yarn install
      • Build Lodestart client 
        yarn run build

    • Find the latest stable version of Lodestar client on Github

    • Download Lodestar version 1.32.0 to your node

      mkdir ~/downloads/lodestarclient && cd ~/downloads/lodestarclient && curl -LO https://github.com/ChainSafe/lodestar/releases/download/v1.32.0/lodestar-v1.32.0-linux-amd64.tar.gz

    • Extract downloaded file

      $ tar xvf lodestar-v1.32.0-linux-amd64.tar.gz

    • Create lodestar directory and move the client into it

      mkdir ~/downloads/lodestar && mv ~/downloads/lodestarclient/lodestar ~/downloads/lodestar/lodestar

  3. Check version of new Lodestar client

    ~/downloads/lodestar/lodestar -v

  4. Copy new production client to /usr/local/bin directory

    sudo cp -a ~/downloads/lodestar /usr/local/bin

Configurate Lodestar Beacon service

  1. Configuring lodestarbeacon service user and data directory

    • Create a service user

      : 
      $ sudo useradd --system --no-create-home --shell /bin/false eth-lodestarbeacon

    • Enable eth-lodestarbeacon user access NodeJs

      : 
      sudo usermod -aG nodejsusr eth-lodestarbeacon

    • Create a directory for Lodestar Beacon data

      : 
      sudo mkdir -p /var/lib/ethereum/lodestar/beacon

    • Set directory ownership

      sudo chown -R eth-lodestarbeacon:eth-lodestarbeacon /var/lib/ethereum/lodestar/beacon

  2. Create configuration file for the Lodestar beacon service

    • Open the configuration file

      sudo nano /etc/systemd/system/eth-lodestarbeacon.service

    • Copy following configuration to the file

      :
      This can be get with command $ node -v

      [Unit]
Description=Lodestar Consensus Beacon Client (Ethereum mainnet)
Wants=network-online.target
After=network-online.target
[Service]
User=eth-lodestarbeacon
Type=simple
Restart=always
RestartSec=5
WorkingDirectory=/usr/local/bin/lodestar
Environment="PATH=/home/nodejsusr/.nvm/versions/node/v20.11.0/bin:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin"
ExecStart=/usr/local/bin/lodestar/lodestar beacon \
  --network mainnet \
  --dataDir /var/lib/ethereum/lodestar/beacon \
  --execution.urls http://127.0.0.1:8551 \
  --jwt-secret /var/lib/jwtsecret/ethereum.hex \
  --checkpointSyncUrl https://beaconstate.info \
  --port 9000 \
  --discoveryPort 9000 \
  --rest.port 9596
  #--port6 9090
  #--suggestedFeeRecipient 0x.........................
[Install]
WantedBy=multi-user.target
    • Press CTRL + X then Y then ENTER to save and exit the config file.

  3. Reload daemon

    sudo systemctl daemon-reload

  4. Run the service

    sudo systemctl start eth-lodestarbeacon

  5. Monitor the running lodestar Beacon service

    systemctl status eth-lodestarbeacon
    journalctl -fu eth-lodestarbeacon

  6. Enable auto start on server statup

    sudo systemctl enable eth-lodestarbeacon
    • Open Delayed Start shell 
      sudo nano /usr/local/bin/delayed-start.sh

      Configurate service start inside it

      systemctl start eth-lodestarbeacon.service
    • Be sure, delayed-start.service service controlling delayed-start.sh is enabled for auto start with system startup 
      sudo systemctl enable delayed-start.service

    1. Configurate Staking Manager util

      • Open the configuration file 
        sudo nano /usr/local/etc/staking/config/clients.conf

        If the file is empty, generate it with command sudo /usr/local/bin/staking.sh init

      • Set link to proper services. It should be as follow: 
        beaconServices="eth-lodestarbeacon.service"

    2. Activate service to start automatically on OS startup

      • Open Start with delay util 
        sudo nano /usr/local/bin/delayed-start.sh
      • Place or uncomment a command to start the Beacon client(s) 
        /usr/local/bin/staking.sh start beacon
      • Verify, that a service `delayed-start.service` exists and is automatically launched on system start. 
        sudo systemctl enable delayed-start.service

  1. Install Java

    cd ~/downloads && wget https://download.oracle.com/java/24/latest/jdk-24_linux-x64_bin.deb
    sudo apt install ./jdk-24_linux-x64_bin.deb
    java --version

  2. Find the latest stable version of Teku on Github

    Find latest Teku version at Github: https://github.com/Consensys/teku/releases
    Write latest stable Teku version:

    This will update the url links in the guide below.

  3. Download the latest Teku version

    cd ~/downloads && curl -LO https://artifacts.consensys.net/public/teku/raw/names/teku.tar.gz/versions/25.7.1/teku-25.7.1.tar.gz

  4. Unpack the downloaded Teku version

    $ tar xvf teku-25.7.1.tar.gz

  5. Copy the Teku Library

    sudo cp -a ~/downloads/teku-25.7.1 /usr/local/bin/teku

  6. Remove downloaded files

    cd ~/downloads && rm teku-25.7.1.tar.gz && rm -r teku-25.7.1

Configurate Teku Beacon service

  • Create a user

    : 
    sudo useradd --system --no-create-home --shell /bin/false eth-tekubeacon

  • Create a folder for Tekubeacon data on Ethereum chain

    : 
    sudo mkdir -p /var/lib/ethereum/tekubeacon

  • Set access permission and ownership for the Teku data folder

    sudo chown -R eth-tekubeacon:eth-tekubeacon /var/lib/ethereum/tekubeacon

Configurate & Run Tekubeacon service

  • Create configuration file for Tekubeacon service

    1. Open Tekubeacon configuration file

      sudo nano /etc/systemd/system/eth-tekubeacon.service

    2. Copy configuration

      [Unit]
Description=Teku Consensus Client (Ethereum Mainnet)
Wants=network-online.target
After=network-online.target
[Service]
User=eth-tekubeacon
Group=eth-tekubeacon
Type=simple
Restart=always
RestartSec=5
Environment="JAVA_OPTS=-Xmx12g"
Environment="TEKU_OPTS=-XX:-HeapDumpOnOutOfMemoryError"
ExecStart=/usr/local/bin/teku/bin/teku \
  --network=mainnet \
  --data-path=/var/lib/ethereum/tekubeacon \
  --ee-endpoint=http://127.0.0.1:8551 \
  --ee-jwt-secret-file=/var/lib/jwtsecret/ethereum.hex \
  #--metrics-enabled=true \
  --rest-api-enabled=true \
  #--validators-proposer-default-fee-recipient=0x... \
  --checkpoint-sync-url=https://beaconstate.info
[Install]
WantedBy=multi-user.target

      See more arguments at https://docs.teku.consensys.io/reference/cli

    3. Press CTRL + X then Y then ENTER to save and exit the config file.

  • Load changes

    sudo systemctl daemon-reload

  • Start the Beacon chain service

    sudo systemctl start eth-tekubeacon

  • Check the service

    systemctl status eth-tekubeacon
journalctl -fu eth-tekubeacon

  • Start the service automatically on system startup

    sudo systemctl enable eth-tekubeacon
    • Open Delayed Start shell 
      sudo nano /usr/local/bin/delayed-start.sh

      Configurate service start inside it

      systemctl start eth-tekubeacon.service
    • Be sure, delayed-start.service service controlling delayed-start.sh is enabled for auto start with system startup 
      sudo systemctl enable delayed-start.service

    1. Configurate Staking Manager util

      • Open the configuration file 
        sudo nano /usr/local/etc/staking/config/clients.conf

        If the file is empty, generate it with command sudo /usr/local/bin/staking.sh init

      • Set link to proper services. It should be as follow: 
        beaconServices="eth-tekubeacon.service"

    2. Activate service to start automatically on OS startup

      • Open Start with delay util 
        sudo nano /usr/local/bin/delayed-start.sh
      • Place or uncomment a command to start the Beacon client(s) 
        /usr/local/bin/staking.sh start beacon
      • Verify, that a service `delayed-start.service` exists and is automatically launched on system start. 
        sudo systemctl enable delayed-start.service

  1. Find the latest stable version of Nimbus on Github

    Find latest Nimbus version at Github: https://github.com/status-im/nimbus-eth2/releases
    Write latest stable Nimbus version:

    This will update the url links in the guide below.

  2. Download the latest Nimbus client

    cd ~/downloads && curl -LO https://github.com/status-im/nimbus-eth2/releases/download/v25.7.1/nimbus-eth2_Linux_amd64_25.7.1_92defe0f.tar.gz

  3. Extract the downloaded package

    tar xvf nimbus-eth2_Linux_amd64_25.7.1_92defe0f.tar.gz

  4. Copy Nimbus clients to /usr/local/bin

    sudo cp -a nimbus-eth2_Linux_amd64_25.7.1_92defe0f/build /usr/local/bin/nimbus

  5. Remove downloaded files

    rm nimbus-eth2_Linux_amd64_25.7.1_92defe0f.tar.gz && rm -r nimbus-eth2_Linux_amd64_25.7.1_92defe0f

  1. Install Nimbus' dependencies

    sudo apt-get install build-essential git-lfs cmake

  2. Download the latest Nimbus client

    cd ~/downloads && git clone -b stable https://github.com/status-im/nimbus-eth2.git

  3. Move update

    cd nimbus-eth2 && make update

  4. Build Nimbus

    make gnosis-build
    make gnosis-vc-build

  5. Copy Nimbus clients to /usr/local/bin

    sudo cp -a build /usr/local/bin/nimbus

Configurate Nimbus Beacon service

  • Create a user

    : 
    sudo useradd --system --no-create-home --shell /bin/false eth-nimbusbeacon

  • Create a folder for Nimbus beacon data on Ethereum chain

    : 
    sudo mkdir -p /var/lib/ethereum/nimbus/beacon

  • Set access permission and ownership for the Nimbus Beacon data folder

    sudo chown -R eth-nimbusbeacon:eth-nimbusbeacon /var/lib/ethereum/nimbus/beacon

Configurate & Run Nimbus Beacon service

  • Creating a checkpoint

    sudo /usr/local/bin/nimbus/nimbus_beacon_node trustedNodeSync \
  --network:mainnet  \
  --data-dir=/var/lib/ethereum/nimbus/beacon \
  --trusted-node-url=https://beaconstate.info

  • Create configuration file for Tekubeacon service

    1. Open Nimbus Beacon configuration file

      sudo nano /etc/systemd/system/eth-nimbusbeacon.service

    2. Copy configuration

      [Unit]
Description=Nimbus Beacon Consensus Client (Mainnet)
Wants=network-online.target
After=network-online.target

[Service]
User=eth-nimbusbeacon
Group=eth-nimbusbeacon
Type=simple
Restart=always
RestartSec=5
ExecStart=/usr/local/bin/nimbus/nimbus_beacon_node \
  --network=mainnet \
  --data-dir=/var/lib/ethereum/nimbus/beacon \
  --web3-url=http://127.0.0.1:8551 \
  --rest \
  --rest-port=5052 \
  --tcp-port=9000 \
  --udp-port=9000 \
  #--trusted-node-url=https://beaconstate.info \
  --jwt-secret=/var/lib/jwtsecret/ethereum.hex

[Install]
WantedBy=multi-user.target

      See more flags at https://nimbus.guide/options.html

    3. Press CTRL + X then Y then ENTER to save and exit the config file.

  • Load changes

    sudo systemctl daemon-reload

  • Start the Beacon chain service

    sudo systemctl start eth-nimbusbeacon

  • Check the service

    systemctl status eth-nimbusbeacon
journalctl -fu eth-nimbusbeacon

  • Start the service automatically on system startup

    sudo systemctl enable eth-nimbusbeacon
    • Open Delayed Start shell 
      sudo nano /usr/local/bin/delayed-start.sh

      Configurate service start inside it

      systemctl start eth-nimbusbeacon.service
    • Be sure, delayed-start.service service controlling delayed-start.sh is enabled for auto start with system startup 
      sudo systemctl enable delayed-start.service

    1. Configurate Staking Manager util

      • Open the configuration file 
        sudo nano /usr/local/etc/staking/config/clients.conf

        If the file is empty, generate it with command sudo /usr/local/bin/staking.sh init

      • Set link to proper services. It should be as follow: 
        beaconServices="eth-nimbusbeacon.service"

    2. Activate service to start automatically on OS startup

      • Open Start with delay util 
        sudo nano /usr/local/bin/delayed-start.sh
      • Place or uncomment a command to start the Beacon client(s) 
        /usr/local/bin/staking.sh start beacon
      • Verify, that a service `delayed-start.service` exists and is automatically launched on system start. 
        sudo systemctl enable delayed-start.service

  1. Find the latest stable version of Prysm on Github

  2. Download Prysm clients to your node

    cd ~/downloads && curl -LO https://github.com/prysmaticlabs/prysm/releases/download/v6.0.4/beacon-chain-v6.0.4-modern-linux-amd64
    cd ~/downloads && curl -LO https://github.com/prysmaticlabs/prysm/releases/download/v6.0.4/validator-v6.0.4-linux-amd64

  3. Rename downloaded files

    mv beacon-chain-v6.0.4-modern-linux-amd64 beacon-chain && mv validator-v6.0.4-linux-amd64 validator

  4. Set files permissions

    chmod +x beacon-chain && chmod +x validator

  5. Copy clients to /usr/local/bin

    sudo cp ~/downloads/beacon-chain /usr/local/bin
    sudo cp ~/downloads/validator /usr/local/bin

  6. Start services using Prysm clients

    // Start all validator instances using Prysm clients on all chains
// sudo systemctl start prysmvalidator1
// sudo systemctl start prysmvalidator2
// sudo systemctl start prysmRocketpoolValidator
// sudo systemctl start prysmStakewiseValidator
// ...
// Start beaconchain clients using PrysmBeacon client on all chains
sudo systemctl start prysmbeacon
    /usr/local/bin/staking.sh start consensus

    Check the services status

    /usr/local/bin/staking.sh check

  7. Monitor

    journalctl -fu prysmbeacon.service
    journalctl -f -u prysmvalidator.service -u prysmvalidator2.service
    ...
    /usr/local/bin/staking.sh check consensus
    /usr/local/bin/staking.sh monitor consensus

  8. Remove downloaded files

    cd ~/downloads && rm beacon-chain && rm validator

Configurate Prysm Beacon service

  • Create a user

    : 
    sudo useradd --system --no-create-home --shell /bin/false eth-prysmbeacon

  • Create a folder for Prysmbeacon data on Ethereum chain

    : 
    sudo mkdir -p /var/lib/ethereum/prysm/beacon

  • Set access permission and ownership for the Prysm data folder

    sudo chown -R eth-prysmbeacon:eth-prysmbeacon /var/lib/ethereum/prysm/beacon

Configurate & Run PrysmBeacon service

  • Create configuration file for Tekubeacon service

    1. Open PrysmBeacon configuration file

      sudo nano /etc/systemd/system/eth-prysmbeacon.service

    2. Copy configuration

      [Unit]
Description=Prysm Consensus Client BN (Mainnet)
Wants=network-online.target
After=network-online.target

[Service]
User=eth-prysmbeacon
Group=eth-prysmbeacon
Type=simple
Restart=always
RestartSec=5
ExecStart=/usr/local/bin/beacon-chain \
  --mainnet \
  --datadir=/var/lib/ethereum/prysm/beacon \
  --execution-endpoint=http://127.0.0.1:8551 \
  --jwt-secret=/var/lib/jwtsecret/ethereum.hex \
  --suggested-fee-recipient=FeeRecipientAddress \
  #--local-block-value-boost=0 \
  --checkpoint-sync-url=CheckpointSyncURL \
  --genesis-beacon-api-url=CheckpointSyncURL \
  --accept-terms-of-use

[Install]
WantedBy=multi-user.target

      NOTE: Be sure to set the FeeRecipientAddress above to a valid Ethereum address within your control to receive the validator fees. For example: --suggested-fee-recipient=0xd8dA6BF26964aF9D7eEd9e03E53415D37aA96045

      NOTE: Be sure to set the CheckpointSyncURL above (both occurrences) to a valid checkpoint sync URL. --checkpoint-sync-url and --genesis-beacon-api-url Enables the Checkpoint Sync feature to greatly speed up the Beacon Chain Node sync. More information here. Provide a URL to a synced Beacon Chain Node for the sync. You can get one here.

    3. Press CTRL + X then Y then ENTER to save and exit the config file.

  • Load changes

    sudo systemctl daemon-reload

  • Start the Beacon chain service

    sudo systemctl start eth-prysmbeacon

  • Check the service

    systemctl status eth-prysmbeacon
journalctl -fu eth-prysmbeacon

  • Start the service automatically on system startup

    sudo systemctl enable eth-prysmbeacon
    • Open Delayed Start shell 
      sudo nano /usr/local/bin/delayed-start.sh

      Configurate service start inside it

      systemctl start eth-prysmbeacon.service
    • Be sure, delayed-start.service service controlling delayed-start.sh is enabled for auto start with system startup 
      sudo systemctl enable delayed-start.service

    1. Configurate Staking Manager util

      • Open the configuration file 
        sudo nano /usr/local/etc/staking/config/clients.conf

        If the file is empty, generate it with command sudo /usr/local/bin/staking.sh init

      • Set link to proper services. It should be as follow: 
        beaconServices="eth-prysmbeacon.service"

    2. Activate service to start automatically on OS startup

      • Open Start with delay util 
        sudo nano /usr/local/bin/delayed-start.sh
      • Place or uncomment a command to start the Beacon client(s) 
        /usr/local/bin/staking.sh start beacon
      • Verify, that a service `delayed-start.service` exists and is automatically launched on system start. 
        sudo systemctl enable delayed-start.service

Continue with your Staking option preference