x86 Monero Node Guide - kyc3.life
x86 Monero Node Guide - kyc3.life

x86 Monero Node Guide


Table of Contents


Monero, known for its superior privacy features, empowers users with untraceable and anonymous peer-to-peer cash. This guide focuses on setting up Monero's CLI daemon, a command-line tool that facilitates interaction with the network and ensures your participation in the secure and private Monero ecosystem.

Whether you are a seasoned enthusiast or new to Monero, this guide will walk you through the process of configuring your own Monero node using official binaries, which will function as a personal backend server for XMR wallets and eliminate the need to trust a pre-packaged image or public node instance.


  • Intel/AMD 64-bit computer with Ubuntu Server LTS installed.
  • Minimum 256 GigaByte NVMe/SSD storage.
  • Minimum 4 Gigabytes RAM.
  • Reliable internet connection & power supply.

It's worthwhile checking your system's BIOS power settings and enabling any automatic power-on modes if one is available. This reduces downtime after a power loss by automatically booting the device once power returns.

Install Guide

User Creation

Create a secondary, unprivileged user called "monero."

sudo addgroup --system monero
sudo adduser --system --home /var/lib/monero --ingroup monero --disabled-login monero


Create the following new directories.

sudo mkdir /var/run/monero
sudo mkdir /var/log/monero
sudo mkdir /etc/monero

Set the correct folder permissions for the unprivileged user "monero."

sudo chown monero:monero /var/run/monero
sudo chown monero:monero /var/log/monero
sudo chown -R monero:monero /etc/monero

Run a complete system upgrade.

sudo apt update && sudo apt upgrade -y

Install required dependencies.

sudo apt install ufw perl gpg bzip2 curl -y

Local IP

Run the following command if you don't know your node's local IP. Please note it for future reference.

hostname -I

Firewall Configuration

To ensure the system is hardened, UFW locks down the firewall, allowing access only to the ports required for SSH and restricted RPC access.

Deny all non-explicitly allowed ports.

sudo ufw default deny incoming
sudo ufw default allow outgoing

Allow SSH access.

sudo ufw allow ssh

Allow restricted RPC access.

sudo ufw allow 18089/tcp

Enable UFW.

sudo ufw enable

Configure Tor

Create a new sources file for Tor.

sudo nano /etc/apt/sources.list.d/tor.list

Paste the following lines, then save and exit the file with "control+x," confirm with "y," then "enter."

deb [signed-by=/usr/share/keyrings/tor-archive-keyring.gpg] https://deb.torproject.org/torproject.org jammy main
deb-src [signed-by=/usr/share/keyrings/tor-archive-keyring.gpg] https://deb.torproject.org/torproject.org jammy main

Import the Tor project's gpg key.

sudo wget -qO- https://deb.torproject.org/torproject.org/A3C4F0F979CAA22CDBA8F512EE8CBC9E886DDD89.asc | gpg --dearmor | sudo tee /usr/share/keyrings/tor-archive-keyring.gpg >/dev/null

Install Tor and Tor Debian keyring.

sudo apt update && sudo apt install tor deb.torproject.org-keyring -y

Create a directory for the Tor hidden service files.

sudo mkdir /var/lib/tor/hidden_service

Set the correct folder permissions.

sudo chown debian-tor:debian-tor /var/lib/tor/hidden_service

Open the "torrc" file.

sudo nano /etc/tor/torrc

Paste the following at the top of the file, then save and exit.

# Hidden Service Monerod
HiddenServiceDir /var/lib/tor/hidden_service/monero-rpc
HiddenServicePort 18089

Reload the Tor service.

sudo systemctl restart tor

Configure Monero Daemon

Download & Verify Monerod

Create a downloads directory.

mkdir ~/downloads

Enter the directory.

cd ~/downloads

Download Monerod.

torsocks wget -O monero-linux-x64.tar.bz2 https://downloads.getmonero.org/cli/linux64

Download Monerod hashes.

torsocks wget -O hashes.txt https://www.getmonero.org/downloads/hashes.txt

Import Monero developer's keys.

torsocks curl -s https://api.github.com/repos/monero-project/monero/contents/utils/gpg_keys | \
grep download_url | cut -d '"' -f 4 | \
xargs -n 1 curl -O && \
ls *.asc | xargs -n 1 gpg --import && \
rm *.asc

Verify the authenticity of the downloaded "hashes.txt" file.

gpg --verify hashes.txt

This will perform signature checks for the public keys that signed the hashes file.

The output should show a "gpg: Good signature" message from any imported developer keys that signed the file.
Don't worry about "This key is not certified with a trusted signature!" warnings. Enhanced trust levels have not been manually set for the imported keys.

Obtain the SHA256 hash of the downloaded Monerod binary.

shasum -a 256 monero-linux-x64.tar.bz2

Confirm that the outputted hash matches the "monero-linux-x64" hash in the verified "hashes.txt" file.

grep -e $(sha256sum monero-linux-x64.tar.bz2) hashes.txt

Once the hashes are a confirmed match, remove the hashes file.

rm hashes.txt

Installing Monero

Unpackage Monerod.

tar xvf monero-linux-*.tar.bz2

Remove the archive.

rm monero-linux-*.tar.bz2

Copy the files to the correct directory.

sudo cp -r monero-x86_64-linux-gnu-*/* /usr/local/bin/

Remove the remaining folder.

rm -rf monero-x86_64-linux-gnu-*


Create a Monerod configuration file.

sudo nano /etc/monero/monerod.conf

Paste in the following lines.


If you wish to configure RPC login credentials for wallet connections, unhash the "rpc-login" line and replace "USERNAME" and "PASSWORD" with your chosen credentials.

Once completed, save and exit the file with "control+x," "y," and then "enter."

Service File

Create a service file.

sudo nano /etc/systemd/system/monerod.service

Paste in the following lines.

Description=Monerod RRPC Node

ExecStart=/usr/local/bin/monerod --config-file=/etc/monero/monerod.conf --pidfile /var/run/monero/monerod.pid --detach




Save and exit the file and then reload systemd.

sudo systemctl daemon-reload

Starting Monerod

If your router has VPN capabilities, it is recommended that you configure a tunnel for your node's IP via the router's VPN director, further enhancing user privacy.

Enable the newly created systemd file.

sudo systemctl enable monerod

Start Monerod via the systemd service file.

sudo systemctl start monerod

To monitor block download progress, run the following command. The logs can be exited at any time with "control+c."

sudo tail -f /var/log/monero/monerod.log

Wallet Connections

Run the following command to obtain the onion address required for remote wallet connections over Tor.

sudo cat /var/lib/tor/hidden_service/monero-rpc/hostname

You can now enter the onion address into the node settings section of your chosen wallet. In the port section, be sure to use port 18089.

If your Monero wallet does not have integrated Tor capabilities, check out the Orbot Tor VPN/proxy application.

To connect local wallets on the same network, you can use the node's local IP address instead of the onion address.

If you previously chose to configure an RPC username and password, also be sure to include these to pair the wallet successfully.

Congratulations, you are now hosting a private Monerod node and have configured remote wallet connections via Tor.

Support Kyc3.life with a donation ❤️