Several people asked me to write a guide about Hetzner as an alternative to platforms like Amazon and Google, because it’s relatively inexpensive but very reliable. I decided to include Termius here instead of conventional SSH clients like PuTTY which I already covered extensively in my SSH guide, because it is a good modern mobile alternative to the powerful but dated established desktop clients. It’s available for all major desktop and mobile platforms (with a clear focus on mobile) and free to use in the basic version. Even if you decide not to use Hetzner, the process of getting SSH access is very similar for all providers, so you can still take this guide as an example.
I’m writing this article in the context of my Fusion guide, but of course you can do whatever you want with your system, just adapt the settings according to your needs.
If you’re looking for an alternative to Hetzner, you can also check out my Google guide.
Hetzner Online GmbH is an ISO 27001 certified and many times awarded datacenter operator and hosting provider in Germany with many years of experience, offering a wide range of services. My company heavily utilizes most of these, and Hetzner has proven to be a reliable partner over the years.
To get access to their platform, please register first. Make sure you choose a hard to guess, long password with several special characters (I’m using KeePass and automatically generated 16 character passwords), because anyone who gets access to your account also has access to your server!
Hetzner doesn’t like anonymous registrations, so use a valid email address (they’ll send you a confirmation link) and your actual personal data. After you completed the registration, you can login to the Cloud Console. Depending on the data you provided during registration, you might see this notification as you want to start using the console:
In this case, please do as requested and go to Account Verification. You can either provide a valid passport or make an up front payment to verify that you’re a legitimate user.
After you’ve done so, please also enable Two-factor Authentication. No matter how good your password is, you still might lose it and you really don’t want anyone to gain access to your account!
After you entered your account password once again, you’ll be given a separate recovery login and key in case you ever need to reset your 2FA info, for example because you lost your smartphone. Keep this info in a safe place, which means not on your computer, or at least heavily encrypted. In case you lose this info as well, for example because your house burns down, Hetzner will send you a letter to the address you registered with (which is kind of unfortunate if your house burns down; just avoid that okay).
You can then setup a Yubikey or authenticator app like you’ve probably done before in your life, especially when you’re dealing with crypto. Yubikeys are quite expensive, so you’ll most likely use a smartphone app like Google Authenticator or Authy. Just scan the QR code, enter your account password again, enter the one-time password (OTP) you see on your device and that’s it. You’ll need an OTP in the future everytime you login to the Cloud Console.
While you’re waiting to be verified by Hetzner, you can already install Termius on your smartphone. It’s available for both Android and iOS. Personally I’m using Android (because it’s Linux, kind of) but I assume it looks similar on iOS for a consistent user experience.
You just want to use the basic version and don’t create an account (at least for now, if you like the app please support the developer!), so touch the left arrow at the top and then continue without account. Then open the main menu, select keychain and touch the + button to add a new SSH key.
Enter a name and optionally select a different key type and size if you want. I’m using 4096 bit RSA here but it hardly matters, there’s no insecure option. Also enter an optional passphrase to protect the key, which you can save for convenience. You generally want the key to be protected (for example when you export it to a file later), but maybe don’t want to enter it everytime you’re using the app. In this case I highly recommend also enabling PIN lock in the app’s general settings though (the paid version also supports fingerprints).
After you touch the checkmark icon, the actual key generation starts, which takes a few moments. You’ll then be back in the keychain menu, where the newly added key should appear. At this point, you have several different options to achieve what comes next: getting your public key and adding it to your Hetzner account.
To get the public key, you can
- touch the key in the keychain menu, scroll down to the public key section, select all and copy
- touch the key in the keychain menu and select export to file or send by email from the three dot menu
- touch and hold the key in the keychain menu and select export to file or send by email from the three dot menu
The public key will be exported to a file called Key.pub. Its format depends on the key type you selected earlier. Use any method you want to transfer it to your computer, pasting it to Gmail or Evernote would be fine too for example, it’s a public key after all. Alternatively you can also open the Cloud Console with your smartphone browser.
Maybe Hetzner already verified your account by now, then you can move on without a delay. Open the Cloud Console again and create an new unique project. A project can contain multiple servers, volumes, networks, user access definitions and other stuff which you want to be logically separated from other projects. Note that there are limits to the resources you can use by default, which you can see under the corresponding menu item in the user menu on the top right. You have to write a formal request to increase these limits if you really need to.
After you created a new project, select access from the lefthand menu and then click add SSH key.
Paste the public key you just extracted from Termius by using the method of your choice into the corresponding text field and give it a unique name. The name would normally be taken from the public key’s comment field if it had one, but Termius doesn’t add that. Click add SSH key again to save the new key under its given name.
Now select servers from the lefthand menu in the Cloud Console and click add server to start the actual server setup.
Here you have to select a datacenter location first. Hetzner currently has two locations in Germany, as well as one in Finland. I usually choose Finland just because I like the country and its people.
Also select an operating system image of your choice, where Ubuntu 18.04 LTS is the default.
The server type determines its number of vCPUs, the amount of memory and available storage. You can still add a volume in the next step or anytime later to extend it, so don’t focus on that too much.
Note that if you want to run a Fusion node, a CX21 with 2 vCPUs and 4GB of memory would generally be sufficient, but you’ll eventually run into storage issues sooner or later. As of July 2019, the whole system and chaindata utilize less than 5GB, but that’ll grow quicker with increased network usage. So either choose a CX31 from the start, or go with a CX21 and add a separate volume, the size of which you can increase on demand (even without stopping the system). This requires additional configuration though.
You can also choose between local and network storage. Local storage is super fast, while network storage is super resilient. By using network storage, in case of a local hardware failure, the server can just be restarted elsewhere. With local storage, you can also get dedicated vCPUs, meaning actual physical CPU cores which are reserved for you alone, unlike the shared cores you normally get. This can improve performance under heavy load or with time-critical applications.
I already mentioned the volumes you can add, which consist of fast SSD storage with up to 10TB capacity (you’ll have to write a request that you want to raise your limits first though).
A network allows you to connect multiple servers in a local private network (like a LAN) instead of just using their public external IP addresses.
The user data option allows you to customize your server on initialization by invoking a set of scripts and utilities called cloud-init.
You can also enable backups for your server; by default you’ll lose your data in case of a critical failure, especially when you’re using local storage.
The SSH key option is important, please select the key you added earlier here or you won’t be able to access the server via SSH!
Finally give the server some unique name.
You can create multiple servers at once, unless you’d exceed the limits mentioned earlier by doing so. They’ll automatically be named by adding an incrementing number. During the whole process, you can transparently see the current total price of your selections.
Click create & buy now to create and start the configured server(s). This will take a few moments.
You can find a lot more information about cloud servers in Hetzner’s wiki.
You’ll now see the name of the newly created server in the list. You can copy its IP address just by clicking on it. Write it down or just remember it, you’ll need it soon to configure Termius. In the three dot menu you’ll see a few more options, including shutting down the server or launching a simple browser based console which you can use to access it if SSH doesn’t work (for example because you misconfigured your SSH keys or the system’s firewall).
If you click the on your server in the list, you can access additional details and statistics and many more options.
I won’t explain all of it in full detail here, most of it should be self-explanatory. What I really like about Hetzner besides its pricing and reliability is how easy it is to change and extend the server setup retroactively by adding new features, much of it even while the system is running.
Note the ISO images menu, from which you have access to way more operating system images than during the initial setup, including Windows.
Via the rescue menu, you can reset the server’s root password, which you can then use to login as root using the browser based console. You can also boot a rescue system from here.
The rescale menu allows you to change the number of vCPUs and amount of memory available to the system. By default, the disk size isn’t changed, which allows you to downgrade again later. Note that if you choose to change the disk size as well, you still have to extend the filesystem of your server manually while it’s running, for example by running resize2fs under Linux.
Back in Termius, open the main menu, select hosts and touch the + button to add a new host.
Enter an alias (name) for the new host and the IP address you noted earlier (if you didn’t you can just look it up again in the Cloud Console). Scroll down a bit and enter root as your username (Hetzner doesn’t create an unprivileged user by default but just lets you login as root), then select the SSH key you generated ealier. After you touch the checkmark icon, the new host will be added.
You can now just touch the host in the list and start an SSH connection to your server. On the first connection attempt you’ll be asked to confirm the host key’s fingerprint as an additional security measure to make sure you connect to the right system.
If you work with many hosts in Termius, you might want to add an Identity. An identity is a preconfigured set of username, password and key which you can select during host setup instead of assigning this info to each host individually. That way, if you ever have to change your key for example, you only have to do so in one place.
A final note about Hetzner: they also offer a powerful API and an open source command-line client (CLI) called hcloud which utilizes that API to manage servers aside from the Cloud Console webinterface, so you can fully automate the management of your cloud servers. There’s also an app called My Hetzner in the iOS and Android app stores, but since that is not an official app I can’t really recommend it, you have to try it for yourself if you think you can trust the developer.
To use any of these features, you have to create an API token in the access menu of the Cloud Console, which serves as authentication data for your project’s management API. You can create individual tokens for all of your different use cases.
Note that if you actually wanted to run a Fusion node, the next and final step would be to execute the following command to complete the setup:
bash -c "$(curl -fsSL https://raw.githubusercontent.com/FUSIONFoundation/efsn/master/QuickNodeSetup/fsnNode.sh)"Also see my full guide or the official guide (from step 4).
If you need additional help, please join the official Telegram groups:
https://t.me/FUSIONFoundation for general Fusion discussions
https://t.me/FsnDevCommunity for development and node info
Also follow these announcement channels for updates:
https://t.me/fusionannouncements
https://t.me/fusiondevelopersannouncement
If you think this article was helpful in any way, feel free to buy me a beer!
FSN: 0x0afAB9b6dA9FBb79f3260F71E4a17d4AF9AC1020
ETH: 0x0afAB9b6dA9FBb79f3260F71E4a17d4AF9AC1020
BTC: 16yAtsdjzEaQbH8ucK1nbtkqrpo791EZ7a
