Guide | How to setup a validator for Ethereum staking on testnet GOERLI
Become a validator and help secure Ethereum, a proof-of-stake blockchain. Anyone with 32 ETH can join.
As of Feb 3 2023, this post-merge guide is version 5.1.3 and written for testnet GOERLI.
This guide is fully open source and fully powered by home-stakers like you.
Built by home-stakers for home-stakers.
🙏
As a eth staker, you will typically have the following abilities:
- operational knowledge of how to set up, run and maintain a eth beacon node and validator continuously
- a long term commitment to maintain your validator 24/7/365
- basic operating system skills
- Operating system: 64-bit Linux (i.e. Ubuntu 22.0x+ LTS Server or Desktop)
- Processor: Quad core CPU, Intel Core i7–4770 or AMD FX-8310 or better
- Memory: 16GB RAM or more
- Storage: 2TB SSD or more
- Internet: Broadband internet connections with speeds at least 10 Mbps without data limit.
- Power: Reliable electrical power with uninterruptible power supply (UPS)
- ETH balance: at least 32 goerli ETH and some goerli ETH for deposit transaction fees
- Wallet: Metamask installed
Pro Validator Tip: Highly recommend you begin with a brand new instance of an OS, VM, and/or machine. Avoid headaches by NOT reusing testnet keys, wallets, or databases for your validator.
✨
If you need ideas or a reminder on how to secure your staking node, refer to the security best practices guide.
At the end of this guide, you will build a node that hosts three main components in two layers: consensus layer consists of a consensus client, also known as a validator client with a beacon chain client. The execution layer consists of a execution client, formerly a eth1 node.
Validator client - Responsible for producing new blocks and attestations in the beacon chain and shard chains.
Beacon chain client - Responsible for managing the state of the beacon chain, validator shuffling, and more.
Execution client (aka Eth1 node) - Supplies incoming validator deposits from the eth
chain to the beacon chain client.
Note: Teku and Nimbus combines both clients into one process.
How Ethereum fits together featuring Leslie the ETH Rhino, the mascot named after American computer scientist Leslie Lamport
Every 32 ETH you own allows you to make 1 validator. You can run thousands of validators with your beacon node. However on testnet, please only run 1 or 2 validators to keep the activation queue reasonably quick.
- 1.Install dependencies, the ethereum foundation deposit tool and generate your two sets of key pairs.
Each validator will have two sets of key pairs. A signing key and a withdrawal key. These keys are derived from a single mnemonic phrase. Learn more about keys.
You will also set your ETH Withdrawal Address, preferably from your Ledger or Trezor hardware wallet.
You have the choice of using the Wagyu GUI, downloading the pre-built Ethereum staking deposit tool or building it from source.
Build from source code
Pre-built staking-deposit-cli
Wagyu
Advanced - Most Secure
Install dependencies.
sudo apt update
sudo apt install python3-pip git -y
Download source code and install.
cd $HOME
git clone https://github.com/ethereum/staking-deposit-cli
cd staking-deposit-cli
sudo ./deposit.sh install
Make a new mnemonic and replace
<ETH_ADDRESS_FROM_IDEALLY_HARDWARE_WALLET> with your ethereum withdrawal address, ideally from a Trezor, Ledger or comparable hardware wallet../deposit.sh new-mnemonic --chain goerli --eth1_withdrawal_address <ETH_ADDRESS_FROM_IDEALLY_HARDWARE_WALLET>
Download staking-deposit-cli.
cd $HOME
wget https://github.com/ethereum/staking-deposit-cli/releases/download/v2.4.0/staking_deposit-cli-ef89710-linux-amd64.tar.gz
echo "c2b12a9e515f904ca359ec39dfbd7022dfefe881c1796ce42319df0a2da05560 *staking_deposit-cli-76ed782-linux-amd64.tar.gz" | shasum -a 256 --check
Example valid output:
staking_deposit-cli-ef89710-linux-amd64.tar.gz: OK
Only proceed if the sha256 check passes with OK!
Extract the archive.
tar -xvf staking_deposit-cli-ef89710-linux-amd64.tar.gz
mv staking_deposit-cli-ef89710-linux-amd64 staking-deposit-cli
rm staking_deposit-cli-ef89710-linux-amd64.tar.gz
cd staking-deposit-cli
Make a new mnemonic and replace
<ETH_ADDRESS_FROM_IDEALLY_HARDWARE_WALLET> with your ethereum withdrawal address, ideally from a Trezor, Ledger or comparable hardware wallet../deposit new-mnemonic --chain goerli --eth1_withdrawal_address <ETH_ADDRESS_FROM_IDEALLY_HARDWARE_WALLET>
Wagyu (formerly known as StakeHouse) is an application aimed at lowering the technical bar to staking on Ethereum 2.0.
Dubbed a 'one-click installer', it provides a clean UI automating the setup and management of all the infrastructure necessary to stake without the user needing to have any technical knowledge.
After creating the validator keys locally, you'll want to copy these validator keys via USB key or rsync file transfer to your staking node.
To align with this guide's steps, first make a default path to store your validator keys.
mkdir -p $HOME/staking-deposit-cli/validator_keys
If using USB key, mount the key then copy.
cp <directory-with-keys>/*.json $HOME/staking-deposit-cli/validator_keys
If using rsync, copy your validator keys from your local computer to your staking node with the following command. Change ssh port if needed.
rsync -a "ssh -p 22" <directory-with-keys>/*.json <username>@<remote_host>:/home/<username>/staking-deposit-cli/validator_keys
[ Optional ] Pro Security Tip: Run the staking-deposit-cli tool and generate your mnemonic seed for your validator keys on an air-gapped offline machine booted from usb.
🔥
The Tails OS is an amnesic operating system, meaning it will save nothing and leave no tracks behind each time you boot it.
Part 0 - Prerequisites
You need:
- 2 storage mediums (can be USB stick, SD cards or external hard drives)
- One of them must be > 8GB
- Windows or Mac computer
- 30 minutes or longer depending on your download speed
Part 1 - Download Tails OS
Make sure you follow the guide on the Tails website to verify your download of Tails.
Part 2 - Download and install the software to transfer your Tails image on your USB stick
For Windows, use one of
Part 3 - Making your bootable USB stick
Run the above software. This is an example how it looks like on Mac OS with etcher, but other software should be similar.
Select the Tails OS image that you downloaded as the image. Then select the USB stick (the larger one).
Then flash the image to the larger USB stick.
Part 4 - Download and verify the staking-deposit-cli
You can refer to the other tab on this guide on how to download and verify the staking-deposit-cli.
Copy the file to the other USB stick.
Part 5 - Reboot your computer and into Tails OS
After you have done all the above, you can reboot. If you are connected by a LAN cable to the internet, you can disconnect it manually.
Plug in the USB stick that has your Tails OS.
On Mac, press and hold the Option key immediately upon hearing the startup chime. Release the key after Startup Manager appears.
On Windows, it depends on your computer manufacturer. Usually it is by pressing F1 or F12. If it doesn't work, try googling "Enter boot options menu on [Insert your PC brand]"
Choose the USB stick that you loaded up with Tails OS to boot into Tails.
Part 6 - Welcome to Tails OS
You can boot with all the default settings.
Part 7 - Run the staking-deposit-cli
Plug in your other USB stick with the
staking-deposit-cli file.You can then open your command line and navigate into the directory containing the file. Then you can continue the guide from the other tab.
Make a new mnemonic and replace
<ETH_ADDRESS_FROM_IDEALLY_HARDWARE_WALLET> with your ethereum withdrawal address, ideally from a Trezor, Ledger or comparable hardware wallet../deposit.sh new-mnemonic --chain goerli --eth1_withdrawal_address <ETH_ADDRESS_FROM_IDEALLY_HARDWARE_WALLET>
If you ran this command directly from your non-Tails USB stick, the validator keys should stay on it. If it hasn't, copy the directory over to your non-Tails USB stick.
Make sure you have saved your validator keys directory in your other USB stick (non Tails OS) before you shutdown Tails. Tails will delete everything saved on it after you shutdown..
🔥
Congrats on learning how to use Tails OS to make an air gapped system. As a bonus, you can reboot into Tails OS again and connect to internet to surf the dark web or clear net safely!
🎉
Part 1 - Create a Ubuntu 20.04 USB Bootable Drive
Part 2 - Install Ubuntu 20.04 from the USB Drive
You can copy via USB key the pre-built staking-deposit-cli binaries from an online machine to an air-gapped offline machine booted from usb. Make sure to disconnect the ethernet cable and/or WIFI.
2. If using staking-deposit-cli, follow the prompts and pick a KEYSTORE password. This password encrypts your keystore files. Write down your mnemonic and keep this safe and offline.
Do not send real mainnet ETH during this process! Use only goerli ETH.
🛑
Caution: Only deposit the 32 ETH per validator if you are confident your execution client (ETH1 node) and consensus client (ETH2 validator) will be fully synced and ready to perform validator duties. You can return later to launchpad with your deposit-data to finish the next steps.
3. Follow the steps at https://goerli.launchpad.ethereum.org while skipping over the steps you already just completed. Study the eth2 phase 0 overview material. Understanding eth2 is the key to success!
Batch Depositing Tip: If you have many deposits to make for many validators, consider using Abyss.finance's eth2depositor tool. This greatly improves the deposit experience as multiple deposits can be batched into one transaction, thereby saving gas fees and saving your fingers by minimizing Metamask clicking.
🐳
Make sure to switch to GÖRLI network.
4. Back on the launchpad website, upload your
deposit_data-#########.json found in the validator_keys directory.5. Connect to the launchpad with your Metamask wallet, review and accept terms. Ensure you're connected to GÖRLI network.
6. Confirm the transaction(s). There's one deposit transaction of 32 ETH for each validator.
For instance, if you want to run 3 validators you will need to have (32 x 3) = 96 goerli ETH plus some extra to cover the gas fees.
Your transaction is sending and depositing your ETH to the goerli ETH2 deposit contract address.
Check, double-check, triple-check that the goerli Eth2 deposit contract address is correct.
Critical Crypto Reminder: Keep your mnemonic, keep your ETH.
🔥
- Write down your mnemonic seed offline. Not email. Not cloud.
- Make offline backups, such as to a USB key, of your
validator_keysdirectory.
Ethereum requires a connection to the execution client in order to monitor for 32 ETH validator deposits. Hosting your own execution client is the best way to maximize decentralization and minimize dependency on third parties such as Infura.
Do not run your processes as ROOT user.
🛑
😱
A jwtsecret file contains a hexadecimal string that is passed to both Execution Layer client and Consensus Layer clients, and is used to ensure authenticated communications between both clients.
#store the jwtsecret file at /secrets
sudo mkdir -p /secrets
#create the jwtsecret file
openssl rand -hex 32 | tr -d "\n" | sudo tee /secrets/jwtsecret
#enable read access
sudo chmod 644 /secrets/jwtsecret
To strengthen Ethereum's resilience against potential attacks or consensus bugs, it's best practice to run a minority client in order to increase client diversity. Find the latest distribution of execution clients here: https://clientdiversity.org/
Geth
Besu
Nethermind
Erigon
Geth - Go Ethereum is one of the three original implementations (along with C++ and Python) of the Ethereum protocol. It is written in Go, fully open source and licensed under the GNU LGPL v3.
Install from the repository
🧬
sudo add-apt-repository -y ppa:ethereum/ethereum
sudo apt-get update -y
sudo apt-get install ethereum -y
Setup and configure systemd
⚙
Run the following to create a unit file to define your
eth1.service configuration.Simply copy/paste the following.
cat > $HOME/eth1.service << EOF
[Unit]
Description=Geth Execution Layer Client service
Wants=network-online.target
After=network-online.target
[Service]
Type=simple
User=$USER
Restart=on-failure
RestartSec=3
TimeoutSec=300
ExecStart=/usr/bin/geth \
--goerli \
--metrics \
--pprof \
--authrpc.jwtsecret=/secrets/jwtsecret
[Install]
WantedBy=multi-user.target
EOF
Nimbus Specific Configuration: Add the following flag to the ExecStart line.
--ws
Move the unit file to
/etc/systemd/system and give it permissions.sudo mv $HOME/eth1.service /etc/systemd/system/eth1.service
sudo chmod 644 /etc/systemd/system/eth1.service
Run the following to enable auto-start at boot time.
sudo systemctl daemon-reload
sudo systemctl enable eth1
Start geth
⛓
sudo systemctl start eth1
Hyperledger Besu is an open-source Ethereum client designed for demanding enterprise applications requiring secure, high-performance transaction processing in a private network. It's developed under the Apache 2.0 license and written in Java.
Install java dependency
🧬
sudo apt update
sudo apt install openjdk-17-jdk -y libjemalloc-dev
Download and unzip Besu
🌜
Run the following to automatically download the latest linux release, un-tar and cleanup.
BINARIES_URL="$(curl -s https://api.github.com/repos/hyperledger/besu/releases/latest | grep -o 'https://hyperledger.jfrog.io/hyperledger/besu-binaries/besu/.*tar.gz' | sed -e 's/.*\\n\(https.*.tar.gz$\)/\1/')"
echo Downloading URL: $BINARIES_URL
cd $HOME
wget -O besu.tar.gz "$BINARIES_URL"
tar -xzvf besu.tar.gz -C $HOME
rm besu.tar.gz && mv besu-* besu
Setup and configure systemd
⚙
cat > $HOME/eth1.service << EOF
[Unit]
Description=Besu Execution Layer Client service
Wants=network-online.target
After=network-online.target
[Service]
Type=simple
User=$USER
Restart=on-failure
RestartSec=3
KillSignal=SIGINT
TimeoutStopSec=300
Environment="JAVA_OPTS=-Xmx5g"
ExecStart=$HOME/besu/bin/besu \
--network=goerli \
--metrics-enabled=true \
--sync-mode=X_CHECKPOINT \
--data-storage-format=BONSAI \
--data-path="$HOME/.besu" \
--engine-jwt-secret=/secrets/jwtsecret
[Install]
WantedBy=multi-user.target
EOF
Move the unit file to
/etc/systemd/system and give it permissions.sudo mv $HOME/eth1.service /etc/systemd/system/eth1.service
sudo chmod 644 /etc/systemd/system/eth1.service
Run the following to enable auto-start at boot time.
sudo systemctl daemon-reload
sudo systemctl enable eth1
Start besu
⛓
sudo systemctl start eth1
Nethermind is a flagship Ethereum client all about performance and flexibility. Built on .NET core, a widespread, enterprise-friendly platform, Nethermind makes integration with existing infrastructures simple, without losing sight of stability, reliability, data integrity, and security.
Install dependencies
⚙
sudo apt-get update
sudo apt-get install curl libsnappy-dev libc6-dev jq libc6 unzip -y
Download and unzip Nethermind
🌜
Run the following to automatically download the latest linux release, un-zip and cleanup.
cd $HOME
curl -s https://api.github.com/repos/NethermindEth/nethermind/releases/latest | jq -r ".assets[] | select(.name) | .browser_download_url" | grep linux-x64 | xargs wget -q --show-progress
unzip -o nethermind*.zip -d $HOME/nethermind
rm nethermind*linux*.zip
Setup and configure systemd
⚙
Run the following to create a unit file to define your
eth1.service configuration.Simply copy/paste the following.
cat > $HOME/eth1.service << EOF
[Unit]
Description=Nethermind Execution Layer Client service
Wants=network-online.target
After=network-online.target
[Service]
Type=simple
User=$USER
Restart=on-failure
RestartSec=3
KillSignal=SIGINT
TimeoutStopSec=300
WorkingDirectory=$HOME/nethermind
ExecStart=$HOME/nethermind/Nethermind.Runner \
--config goerli \
--baseDbPath $HOME/.nethermind_goerli \
--Metrics.Enabled true \
--Metrics.ExposePort 6060 \
--Metrics.IntervalSeconds 10000 \
--Sync.SnapSync true \
--JsonRpc.JwtSecretFile /secrets/jwtsecret
[Install]
WantedBy=multi-user.target
EOF
Move the unit file to
/etc/systemd/system and give it permissions.sudo mv $HOME/eth1.service /etc/systemd/system/eth1.service
sudo chmod 644 /etc/systemd/system/eth1.service
Run the following to enable auto-start at boot time.
sudo systemctl daemon-reload
sudo systemctl enable eth1
sudo ln -s /usr/lib/x86_64-linux-gnu/libdl.so.2 /usr/lib/x86_64-linux-gnu/libdl.so
Start Nethermind
⛓
sudo systemctl start eth1
Erigon - Successor to OpenEthereum, Erigon is an implementation of Ethereum (aka "Ethereum client"), on the efficiency frontier, written in Go.
Erigon is considered alpha software and requires at least 16GB RAM.
Install Go dependencies
⚙
wget -O go.tar.gz https://go.dev/dl/go1.19.linux-amd64.tar.gz
sudo rm -rf /usr/local/go && sudo tar -C /usr/local -xzf go.tar.gz
echo export PATH=$PATH:/usr/local/go/bin>> $HOME/.bashrc
source $HOME/.bashrc
Verify Go is properly installed and cleanup files.
go version
rm go.tar.gz
Build and install Erigon
🤖
Install build dependencies.
sudo apt-get update
sudo apt install build-essential git
cd $HOME
git clone --recurse-submodules -j8 https://github.com/ledgerwatch/erigon.git
cd erigon
make erigon
Make data directory and update directory ownership.
sudo mkdir -p /var/lib/erigon
sudo chown $USER:$USER /var/lib/erigon
Setup and configure systemd
⚙
Run the following to create a unit file to define your
eth1.service configuration.Simply copy/paste the following.
cat > $HOME/eth1.service << EOF
[Unit]
Description=Erigon Execution Layer Client service
Wants=network-online.target
After=network-online.target
[Service]
Type=simple
User=$USER
Restart=on-failure
RestartSec=3
KillSignal=SIGINT
TimeoutStopSec=300
ExecStart=$HOME/erigon/build/bin/erigon \
--datadir /var/lib/erigon \
--chain goerli \
--metrics \
--pprof \
--prune htc \
--authrpc.jwtsecret=/secrets/jwtsecret
[Install]
WantedBy=multi-user.target
EOF
By default with Erigon,
--prune deletes data older than 90K blocks from the tip of the chain (aka, for if tip block is no. 12'000'000, only the data between 11'910'000-12'000'000 will be kept).
Move the unit files to
/etc/systemd/system and give it permissions.sudo mv $HOME/eth1.service /etc/systemd/system/eth1.service
sudo chmod 644 /etc/systemd/system/eth1.service
Run the following to enable auto-start at boot time.
sudo systemctl daemon-reload
sudo systemctl enable eth1
Start Erigon
⛓
sudo systemctl start eth1
View Logs
Stop
Start
View Status
journalctl -fu eth1
sudo systemctl stop eth1
sudo systemctl start eth1
sudo systemctl status eth1
Now that your execution client is configured and started, proceed to the next step on setting up your consensus client.
If you're checking the logs and see any warnings or errors, please be patient as these will normally resolve once both your execution and consensus clients are fully synced to the Ethereum network.
To strengthen Ethereum's resilience against potential attacks or consensus bugs, it's best practice to run a minority client in order to increase client diversity. Find the latest distribution of consensus clients here: https://clientdiversity.org/
Lighthouse
Nimbus
Teku
Prysm
Lodestar
Lighthouse is an Eth client with a heavy focus on speed and security. The team behind it, Sigma Prime, is an information security and software engineering firm who have funded Lighthouse along with the Ethereum Foundation, Consensys, and private individuals. Lighthouse is built in Rust and offered under an Apache 2.0 License.
4.1. Install rust dependency
⚙
curl --proto '=https' --tlsv1.2 -sSf https://sh.rustup.rs | sh
Enter '1' to proceed with the default install.
Update your environment variables.
echo export PATH="$HOME/.cargo/bin:$PATH" >> ~/.bashrc
source ~/.bashrc
Install rust dependencies.
sudo apt-get update
sudo apt install -y git gcc g++ make cmake pkg-config libssl-dev libclang-dev clang protobuf-compiler
4.2. Build Lighthouse from source
💡
mkdir ~/git
cd ~/git
git clone https://github.com/sigp/lighthouse.git
cd lighthouse
git fetch --all && git checkout stable && git pull
make
In case of compilation errors, run the following sequence.
rustup update
cargo clean
make
This build process may take a few minutes.
Verify lighthouse was installed properly by checking the version number.
lighthouse --version
4.3. Import validator key
🎩
Run the following command to import your validator keys from the staking-deposit-cli tool directory.
Enter your keystore password to import accounts.
lighthouse account validator import --network goerli --directory=$HOME/staking-deposit-cli/validator_keys
Verify the accounts were imported successfully.
lighthouse account_manager validator list --network goerli
WARNING: Do not import your validator keys into multiple validator clients and run them at the same time, or you might get slashed. If moving validators to a new setup or different validator client, ensure deletion of the previous validator keys before continuing.
4.4. Configure port forwarding and/or firewall
🔥
Specific to your networking setup or cloud provider settings, ensure your validator's firewall ports are open and reachable.
- Lighthouse consensus client requires port 9000 for tcp and udp
- Execution client requires port 30303 for tcp and udp
4.5. Start the beacon chain
⛓
Create a systemd unit file to define your
beacon-chain.service configuration.sudo nano /etc/systemd/system/beacon-chain.service
Paste the following configuration into the file.
# The eth beacon chain service (part of systemd)
# file: /etc/systemd/system/beacon-chain.service
[Unit]
Description=eth beacon chain service
Wants=network-online.target
After=network-online.target
[Service]
Type=simple
User=<USER>
Restart=on-failure
ExecStart=<HOME>/.cargo/bin/lighthouse bn \
--network goerli \
--staking \
--validator-monitor-auto \
--metrics \
--checkpoint-sync-url=https://goerli.beaconstate.info \
--execution-endpoint http://127.0.0.1:8551 \
--execution-jwt /secrets/jwtsecret
[Install]
WantedBy=multi-user.target
To exit and save, press
Ctrl + X, then Y, thenEnter.
Update the configuration file with your current user's home path and user name.
sudo sed -i /etc/systemd/system/beacon-chain.service -e "s:<HOME>:${HOME}:g"
sudo sed -i /etc/systemd/system/beacon-chain.service -e "s:<USER>:${USER}:g"
Update file permissions.
sudo chmod 644 /etc/systemd/system/beacon-chain.service
Run the following to enable auto-start at boot time and then start your beacon node service.
sudo systemctl daemon-reload
sudo systemctl enable beacon-chain
sudo systemctl start beacon-chain
Nice work. Your beacon chain is now managed by the reliability and robustness of systemd.
4.6. Start the validator
🧬
Create a systemd unit file to define your
validator.service configuration.sudo nano /etc/systemd/system/validator.service
Paste the following configuration into the file.
# The eth validator service (part of systemd)
# file: /etc/systemd/system/validator.service
[Unit]
Description=eth validator service
Wants=network-online.target beacon-chain.service
After=network-online.target
[Service]
Type=simple
User=<USER>
Restart=on-failure
ExecStart=<HOME>/.cargo/bin/lighthouse vc \
--network goerli \
--metrics \
--suggested-fee-recipient 0x_CHANGE_THIS_TO_MY_ETH_FEE_RECIPIENT_ADDRESS
[Install]
WantedBy=multi-user.target
- Replace
0x_CHANGE_THIS_TO_MY_ETH_FEE_RECIPIENT_ADDRESSwith your own Ethereum address that you control. Tips are sent to this address and are immediately spendable, unlike the validator's attestation and block proposal rewards.
To exit and save, press
Ctrl + X, then Y, thenEnter.
Update the configuration file with your current user's home path and user name.
sudo sed -i /etc/systemd/system/validator.service -e "s:<HOME>:${HOME}:g"
sudo sed -i /etc/systemd/system/validator.service -e "s:<USER>:${USER}:g"
Update file permissions.
sudo chmod 644 /etc/systemd/system/validator.service
Run the following to enable auto-start at boot time and then start your validator.
sudo systemctl daemon-reload
sudo systemctl enable validator
sudo systemctl start validator
Nice work. Your validator is now managed by the reliability and robustness of systemd.
Nimbus is a research project and a client implementation for Ethereum 2.0 designed to perform well on embedded systems and personal mobile devices, including older smartphones with resource-restricted hardware. The Nimbus team are from Status the company best known for their messaging app/wallet/Web3 browser by the same name. Nimbus (Apache 2) is written in Nim, a language with Python-like syntax that compiles to C.
4.1. Build Nimbus from source
⚙
Install dependencies.
sudo apt-get update
sudo apt-get install curl build-essential git -y