🦏
ETH Home Staking Collection
DVT Home Staking Curriculum
DVT Home Staking Curriculum
  • The DVT Home Staking Curriculum
  • Curriculum breakdown & timeline
  • Understanding ETH validators
    • Introduction to ETH Validators
    • Roles & Responsibilities of a node operator
    • Rewards and penalties
    • Importance of client diversity
    • Distributed Validator Technologies (DVTs)
    • Economics of using DVTs (WIP)
      • Diva Staking (WIP)
      • Obol (WIP)
      • SSV (WIP)
    • Bonded Validators
    • Economics of bonded validators (WIP)
  • Hardware & systems setup
    • Setup Overview
    • Hardware & system requirements
    • Procuring your hardware
    • Assemble your hardware
    • Practicing for free on Cloud VMs
      • Google Cloud
      • Alibaba Cloud
  • Linux OS, Networking, & Security
    • Install and prepare the OS
    • Networking & network security
    • Device level security setup
    • Verifying checksums
  • Installing & configuring your EL+CL clients
    • Set up and configure execution layer client
      • Nethermind
      • Besu
      • Geth
      • Erigon
      • Reth
    • Set up and configure consensus layer client
      • Teku BN
      • Nimbus BN
      • Lodestar BN
      • Lighthouse BN
      • Prysm BN
  • Keystore generation & MEV-Boost
    • Validator key generation
    • Set up and configure MEV-boost
  • Native Solo Staking Setup
    • Validator client setup
      • Teku VC
      • Nimbus VC
      • Lodestar VC
      • Lighthouse VC
      • Prysm VC
    • Depositing 32 ETH into your validator
    • Exiting your validator
  • Monitoring, Maintenance, and Updates
    • Set up monitoring suite
      • Installing & configuring Prometheus
      • Installing & configuring Node Exporter
      • Installing & configuring Grafana
      • Beaconcha.in App API
      • Client Uptime Check
    • Maintenance & Updates
      • Nethermind
      • Besu
      • Teku
      • Nimbus
      • Lodestar
      • Updating the monitoring suite
      • Preparing for Pectra
  • DVT Setup
    • Diva Staking
      • Diva Staking client setup
        • Default - All-in-one setup
        • Advanced - with standalone Lodestar VC
      • Registering your Diva node
      • Updating your Diva client
      • Monitoring your Diva Node
    • Obol
      • Techne Bronze Speedrun (Launchpad)
      • Obol + Bonded Validators (Techne Silver)
        • Obol + Lido CSM
    • SSV
      • SSV + Lido CSM (WIP)
      • SSV Operator
      • SSV Staker
  • Bonded Validators Setup
    • Lido CSM
      • Generating CSM keystores
      • Set Fee Recipient Address
        • Method 1: Configure on validator keys
        • Method 2: Configure on separate validator client
        • Verifying Fee Recipient Registered on MEV Relays
      • Upload/Remove/View validator keys
      • Rewards & bonds
      • Exiting CSM validators
        • "Lazy" exits (TESTNET ONLY)
        • Proper Exits
      • Role/Address management
      • Monitoring
      • Automations
        • CSM with ETHPillar
        • CSM with ETH Docker
        • CSM with Dappnode
    • Puffer
      • Non-Enclave: 2 ETH
    • Ether.fi
      • Receive distributed validator keyshares
    • Stader (WIP)
    • Rocketpool (WIP)
  • Liquid Staking Vaults
    • Stakewise V3
  • Mainnet
    • Mainnet Deployment
    • Heroglpyhs (WIP)
  • Best practices
    • Slashing prevention
    • Maximising uptime and performance
    • Optimising security
    • Managing your withdrawal wallet
  • Tips
    • Advanced networking
    • Downloading files from your node
  • Useful resources
    • General resources
    • Holesky Faucets
  • Automation/tools
    • ETHPillar
    • ETH Docker
    • Automated power on/off
      • Wake-on-LAN (WoL)
      • Network UPS Tools (NUT)
    • Validator Healthcheck Alerts
  • Solo Stakers Guild
    • Lido CSM+SSV+Obol (Testnet)
Powered by GitBook
On this page
  • Overall Workflow
  • Hardware Setup (Testnet)
  • Installing ETH Docker
  • SSV Setup
  • Register SSV Operator
  • Complete ETH Docker Setup
  • Customise ETH Docker Settings
  • Start ETH Docker
  • Configure DKG endpoint
  • View logs
  • Complete SSV Operator Metadata
  • Obol Setup
  • Cluster Creation
  • Preparing your cluster
  • Restart ETH Docker
  • Monitoring Charon
  • Lido CSM Setup
  • View logs
  • Exiting validator keys
  • Lido CSM
  • Securing your device
  • Firewall Rules
  • Other Security SOPs
  • Support
  1. Solo Stakers Guild

Lido CSM+SSV+Obol (Testnet)

PreviousValidator Healthcheck Alerts

Last updated 18 days ago

Overall Workflow

  1. SSV: Set up SSV node + SSV DKG services & Execution + Consensus Clients using Eth Docker

  2. Obol: Set up Obol Charon service & Validator Client using Eth Docker to import Obol-compatible validator keyshares

  3. Lido CSM: Set up a second and Dedicated Validator Client using EthPillar to import Lido CSM-compatible validator keys

Hardware Setup (Testnet)

Spin up a virtual machine on a cloud service with the following specifications using the reference page below.

  • CPU: 4 cores

  • RAM: 8GB

  • SSD: 250GB

  • OS: Ubuntu 24.04

Example:

Tip: Open these reference pages in a new tab/window so that you can switch between them easily

Installing ETH Docker

cd ~ && git clone https://github.com/eth-educators/eth-docker.git && cd eth-docker
sudo usermod -aG sudo $USER

Exit your virtual machine/hardware and re-login to add your host user into the sudo & docker user group.

exit
cd eth-docker
./ethd install

Enable ethd to be called from anywhere on your terminal.

source ~/.profile

SSV Setup

ethd config

Follow along the prompts in the terminal UI (TUI) to:

  • Choose Hoodi Testnet >> SSV node - consensus, execution and ssv-node

  • Select yes for Do you want to participate in DKG ceremonies as an operator?

  • Once you see the screen below, select <Cancel> as we don't have our Operator ID yet.

  • Then copy your SSV node public key from your terminal output and save it on a text editor

ETH Docker TUI Navigation
  • Arrow keys & Tab key: Cycle options

  • Space bar: Select option

  • Enter: Confirm option

  • CTRL+C: Exit individual screen monitoring view

  • ESC: Quit

Register SSV Operator

  1. Select Join as Operator >> Register Operator

  2. Paste your SSV node public key into the Operator Public Key field. Make sure there are no whitespaces in your pasted string.

  3. Keep Operator Status to Public

  4. Set the annual fee to 1.5 SSV per validator key, representing ~1.5% staking rewards fee at current $ETH and $SSV prices ($2650 & $23).

  5. Register operator and sign the transaction on your wallet

  6. Your SSV Operator ID will then be generated. Copy it and save it in a text editor file.

Setting your Operator Status to Public allows other stakers to select your SSV node as one of their DV operators, allowing them to pay you for your service. You can also easily net off the fees among your own DVT cluster members if you wish.

Complete ETH Docker Setup

Go back to the terminal of your VM.

ethd config
  1. Choose Hoodi Testnet >> SSV node - consensus, execution and ssv-node

  2. Select yes for Do you want to participate in DKG ceremonies as an operator?

  3. Because you now have your SSV Operator ID, you can paste it in the requested field

  4. Select the consensus and execution client of your choice

  5. Use the provided URL for Checkpoint Sync, select yes for MEV Boost, yes for Grafana dashboards

  6. Set Rewards Address to an ERC-20 wallet address that you control (e.g., Metamask, hardware wallet)

  7. use default Graffiti, yes for generate validator keys

Customise ETH Docker Settings

Open up the ETH Docker .env file for editing.

nano ~/eth-docker/.env

Press CTRL+W, type "SSV_NODE_TAG" and hit ENTER.

Using the arrow keys & keyboard only, change the value of SSV_NODE_TAG= from latest to v2.2.0-unstable.1

CTRL+O, ENTER, CTRL+X to save and exit.

Start ETH Docker

cd
ethd up

Configure DKG endpoint

Find the external IP address of your VM on your Cloud account >> Console >> Compute Engine >> Look under "External IP".

Your DKG endpoint will be <EXTERNAL_IP_ADDRESS>:3030,without the pointy brackets. Note that down and save it in a text editor file.

Verify that your DKG endpoint is accessible from external sources.

cd ~/eth-docker
sudo docker compose run --rm ssv-dkg ping --ip https://<External_IP>:3030

Expected output:

View logs

ethd logs ssv-node -f --tail 20
ethd logs consensus -f --tail 20
ethd logs execution -f --tail 20

Complete SSV Operator Metadata

Complete SSV Operator Metadata

Select the ... drop down at the top right >> Edit Details

Select all options under MEV Relays.

The MEV Relays are actually set in your ETH Docker config and this step is just to signal the relays that you are using.

All cluster members must use the same relays to avoid missing block proposals due to a lack of consensus!

Use all available MEV Relays so that it's easier for stakers to choose your SSV Node.

Input your DKG endpoint and append :443 at the end if you are using a Tailscale funnel.

The other fields are optional but fill them up to attract stakers to select your SSV Operator!

Obol Setup

Go back to your Home folder.

cd

Cluster Creation

  1. Read and click through the Advisories

  2. Input your cluster details as follows

    1. Cluster Name: Any

    2. Cluster Size: 4

    3. Validators: 1

    4. Withdrawal & Fee Recipient Address: Your own wallet address

Example screenshot
  1. Create your cluster by signing an onchain transaction on your wallet

  2. Copy the resulting "Create Cluster" command generated on the Obol Launchpad and run it on your terminal.

Example command

docker run -u $(id -u):$(id -g) --rm -v "$(pwd)/:/opt/charon" obolnetwork/charon:v1.3.0-rc3 create cluster --definition-file="https://api.obol.tech/v1/definition/0xf5960ceabdb3b528e85e2e174c997e86fe48b546d2c4abbc6dfd7d00595cc72c" --network=hoodi --cluster-dir="cluster" --publish

The following folders and files will be created:
  • cluster

    • node0

      • charon-enr-private-key cluster-lock.json deposit-data.json validator_keys

        • keystore-0.json keystore-0.txt

    • node1

      • charon-enr-private-key cluster-lock.json deposit-data.json validator_keys

        • keystore-0.json keystore-0.txt

    • node2

      • charon-enr-private-key cluster-lock.json deposit-data.json validator_keys

        • keystore-0.json keystore-0.txt

    • node3

      • charon-enr-private-key cluster-lock.json deposit-data.json validator_keys

        • keystore-0.json keystore-0.txt

Preparing your cluster

Set the necessary permissions to your newly generated Obol ENR private key and cluster file.

sudo chmod 777 ~/cluster/node0/charon-enr-private-key
sudo chmod 777 ~/cluster/node0/cluster-lock.json

Copy the following files from one of the cluster folders (e.g., node0) above into the ~/eth-docker/.eth folder and set the necessary permissions.

sudo cp ~/cluster/node0/validator_keys/* ~/eth-docker/.eth/validator_keys
sudo cp ~/cluster/node0/* ~/eth-docker/.eth
sudo chown -R $USER:$USER ~/eth-docker/.eth

Edit the .env file of Eth Docker.

nano ~/eth-docker/.env

In the COMPOSE_FILE line:

  • Append :lido-obol.yml and :cl-shared.yml

  • Edit the "consensus"-cl-only.yml file to "consensus".yml. e.g., From nimbus-cl-only.yml to nimbus.yml

Example:

Press CTRL+W, type "CL_NODE" and hit ENTER.

  • Change the CL_NODE line to http://charon:3600 (from http://consensus:5052)

Example:

CTRL+O, ENTER, CTRL+X to save and exit.

Restart ETH Docker

ethd down && ethd up

Print the generated password of your Obol validator keyshard and copy the output to your clipboard.

cat ~/eth-docker/.eth/validator_keys/keystore*.txt && echo

After all your services running via Docker "warmed up" for ~5 minutes, import your validator keyshard and paste the password when prompted.

ethd keys import

Monitoring Charon

Print the logs of the Obol Charon & Validator Client.

ethd logs charon -f --tail 20
ethd logs validator -f --tail 20

Lido CSM Setup

/bin/bash -c "$(curl -fsSL https://raw.githubusercontent.com/coincashew/EthPillar/main/install.sh)"

Then, type + enter ethpillar and follow along the prompts in the terminal UI (TUI) to:

  1. Select the Nimbus-Nethermind option

  2. Wait for the installation to be done and then select 2 - Hoodi for your network (Press "2" & ENTER)

  3. Select the 4 - Lido CSM Validator Client only option

  4. Enter http://127.0.0.1:5052 as your Consensus Client endpoint

  5. Generate validator keys to participate in the Lido CSM

    • Do not choose to disable internet connection when prompted

    • Select Hoodi

    • Enter the Lido's CSM Withdrawal Vault address as the Withdrawal Address: 0x4473dCDDbf77679A643BdB654dbd86D67F8d32f2

    • Set the password for your validator keys

    • Save the 24-word mnemonic securely

  6. Import the generated validator keys onto your validator client

Copy the deposit data generated by the command below for uploading onto the Lido CSM Widget.

The links below include the referral IDs of the tools that we are using today to join Lido CSM. Your rewards will not be affected by using these.

cat $(find ~/ethstaker_deposit-cli -name "deposit*.json" 2>/dev/null)

Example output:

[{"pubkey": "8b29b853aef47eb3da93287a83b4625b418bf5a785bb506086e9f315478170cdb452fb63f32f8134835fc4ebea3313a7", "withdrawal_credentials": "0100000000000000000000004473dcddbf77679a643bdb654dbd86d67f8d32f2", "amount": 32000000000, "signature": "abcff77128a76dff62529f2a081f2143f77404c29087da1f4e12a8c6e8506dfb079085fdf72da8903e9c8c63ddf04129143090e92b6a17c993919e62047880cf54160f350271dff1b70e616e4210a5521836334d1139ece549ba513d503d0d90", "deposit_message_root": "03d0eb169a3c1a5551484185163b3e409dde01ec00515b7e594a6430ff398f69", "deposit_data_root": "961113829f6537828c5f06e69df8b76cf2a6904de03c4d1a25939ab1da9b5a14", "fork_version": "10000910", "network_name": "hoodi", "deposit_cli_version": "11.1.0"}]

View logs

Run the ethpillar command and select the view logs option

ETHPillar TUI Navigation
  1. Arrow keys & Tab key: Cycle options

  2. Space bar: Select option

  3. Enter: Confirm option

  4. CTRL+B, then D: Exit split-screen monitoring view

  5. CTRL+C: Exit individual screen monitoring view

  6. exit command (type "exit" and enter in terminal) : Exit current terminal

Exiting validator keys

Lido CSM

Find the file path of your validator keystores.

cat $(find /var/lib -name "keystore*.json" 2>/dev/null)

Copy the output file path.

Run ethpillar and navigate to validator client >> exit keys and input the file path of your validator keystore.

Enter the password set for your validator keystore when prompted.

You can only exit your validator keystores after they have been activated on the Ethereum beacon chain.

Securing your device

Firewall Rules

sudo ufw default deny incoming
sudo ufw default allow outgoing
sudo ufw allow 22/tcp # for SSH
sudo ufw allow 30303 # for the EL
sudo ufw allow 9000 # for the CL
sudo ufw allow 3000 # for the native Grafana
sudo ufw allow 3030 # for SSV DKG
sudo ufw allow 12001/udp # for SSV node UDP
sudo ufw allow 13001/tcp # for SSV node TCP
sudo ufw allow 3610/tcp # for Obol Charon TCP
sudo ufw enable

Make sure to also configure port forwarding on the ports allowed above.

Other Security SOPs

Support

Go to the and to get and run the installation commands. Run the next 2 commands in sequence.

Go to the , connect your wallet, and set the network to Hoodi.

Go back to the >> Connect your wallet >> Switch to Holesky network >> go to My Account and click on your SSV Operator.

Go to the , scroll down and select "Create a distributed validator alone"

Go to the and copy the latest 1-line installation command and paste it into your terminal.

Verify the fee recipient and withdrawal address on the

Mainnet:

Hoodi:

Google Cloud
ETH Docker repository
SSV webapp
SSV webapp
Obol Hoodi Launchpad
Coincashew website
CSM Operator Portal
https://csm.lido.fi/?ref=ethpillar
https://csm.testnet.fi/?ref=ethpillar
Advanced networking
Networking & network security
Device level security setup
Stakesaurus Node Operator AcademyTelegram
Logo