Builder's Guide
  • Welcome to the Builder's Guide to the LND Galaxy!
  • The Lightning Network
    • Overview
    • Payment Channels
      • Lifecycle of a Payment Channel
      • Watchtowers
      • Understanding Sweeping
      • Etymology
    • The Gossip Network
      • Identifying Good Peers on the Lightning Network
    • Pathfinding
      • Finding routes in the Lightning Network
      • Channel Fees
      • Multipath Payments (MPP)
    • Lightning Network Invoices
      • Understanding Lightning Invoices
    • Making Payments
      • The Payment Cycle
      • Timelocks
      • ⭐Hashed Timelock Contract (HTLC)
      • Payment Etymology
      • ⭐What Makes a Good Routing Node
      • Understanding Submarine Swaps
      • Instant Submarine Swaps
    • Liquidity
      • ⭐Understanding Liquidity
      • Managing Liquidity on the Lightning Network
      • Liquidity Management for Lightning Merchants
      • How to Get Inbound Capacity on the Lightning Network
      • Lightning Service Provider
    • L402: Lightning HTTP 402 Protocol
      • Macaroons
      • L402
      • 📋Protocol Specification
      • Implementations and Links
    • Taproot Assets
      • Taproot Assets Protocol
      • Taproot Assets on Lightning
      • Edge Nodes
      • Taproot Assets Trustless Swap
      • FAQ
      • Glossary
  • Lightning Network Tools
    • LND
      • 🛠️Get Started
      • lnd.conf
      • First Steps With LND
      • Wallet Management
      • Sending Payments
      • Atomic Multi-path Payments (AMP)
      • Receiving Payments
      • Unconfirmed Bitcoin Transactions
      • Channel Fees
      • Inbound Channel Fees
      • Macaroons
      • Configuring Watchtowers
      • Pathfinding
      • Blinded Paths
      • Key Import
      • Secure Your Lightning Network Node
      • Configuration of a Routing Node
      • Quick Tor Setup
      • Configuring Tor
      • Enable ‘Neutrino mode’ in Bitcoin Core
      • Send Messages With Keysend
      • Partially Signed Bitcoin Transactions
      • Bulk onchain actions with PSBTs
      • Sweeper
      • Debugging LND
      • Fuzzing LND
      • LND API documentation
      • Channel Acceptor
      • RPC Middleware Interceptor
      • HTLC Interceptor
      • NAT Traversal
      • Recovery: Planning for Failure
      • Migrating LND
      • Disaster recovery
      • Contribute to LND
    • Lightning Terminal
      • What is Lightning Terminal?
      • 🛠️Get litd
      • Run litd
      • Integrating litd
      • Demo: Litd Speed Run
      • Connect to Terminal
      • Recommended Channels
      • Rankings
      • Health Checks
      • Liquidity Report
      • Opening Lightning Network Channels
      • Managing Channel Liquidity
      • Autofees
      • AutoOpen
      • LND Accounts
      • Loop and Lightning Terminal
      • Loop Fees
      • Pool and Lightning Terminal
      • Command Line Interface
      • Troubleshooting
      • Lightning Node Connect: Under the hood
      • LNC Node Package
      • LITD API Documentation
      • Privacy and Security
      • Privacy Policy
      • Terms of Use
    • Loop
      • 🛠️Get Started
      • The Loop CLI
      • Autoloop
      • Static Loop In Addresses
      • Instant Loop Outs
      • Peer with Loop
      • Loop API Documentation
    • Pool
      • Overview
      • Quickstart
      • 🛠️Installation
      • First Steps
      • Accounts
      • Orders and Asks
      • Sidecar Channels
      • Zero-confirmation Channels
      • Channel Leases
      • Batch Execution
      • Account Recovery
      • Pool API Documentation
      • FAQs
    • Taproot Assets
      • Get Started
      • First Steps
      • Taproot Assets Channels
      • Asset Decimal Display
      • Become an Edge Node
      • RFQ
      • Collectibles
      • Universes
      • Asset Loop
      • Debugging Tapd
      • Multisignature
      • Minting Assets With an External Signer
      • Lightning Polar
      • Operational Safety Guidelines
      • Taproot Assets API Documentation
    • Aperture
      • ⚒️Get Aperture
      • LNC Backend
      • LNC Mailbox
      • Pricing
    • Faraday
      • 🛠️Get Started
      • The Faraday CLI
      • Faraday API Documentation
  • LAPPs
    • Guides
      • Use Polar to Build Your First LAPP
        • Setup: Local Cluster with Polar
        • Setup: Run the Completed App
        • Setup: Run the App Without LND
      • Add Features
        • Feature 1: Connect to LND
        • Feature 2: Display Node Alias and Balance
        • Feature 3: Sign and Verify Posts
        • Feature 4: Modify Upvote Action
      • Make Your own LNC-powered Application
    • Next Steps
  • Community Resources
    • Resource List
    • Lightning Bulb 💡
    • Glossary
    • FAQ
Powered by GitBook
On this page
  • Your device
  • Your platform
  • Your LND
  • Your wallet
  • Your macaroons
  • Your channels
  • Operational safety
  • Your external applications

Was this helpful?

  1. Lightning Network Tools
  2. LND

Secure Your Lightning Network Node

Learn what best practices to follow to make sure nobody is gaining unauthorized access to your Lightning Node and satoshis or lose funds in accidents.

PreviousKey ImportNextConfiguration of a Routing Node

Last updated 24 days ago

Was this helpful?

Your Lightning Network node holds a range of cryptographic keys that need to be guarded against error, loss and theft. As a node operator you are solely responsible for your own funds. To guard against any kind of loss or compromise of your Lightning node you will have to take a multi-layered approach considering a variety of risks and strategies.

Your device

If your Lightning node is set up on a physical device you control, be mindful of who could gain access to its physical interfaces. If you rented a dedicated server or provisioned a virtual private server, inform yourself about the trustworthiness of the provider, their security policies and track record. You may for example check how your account can be secured and whether hidden administration panels exist that may need to be disabled or locked down separately.

Similarly, all your personal devices that contain Bitcoin wallets, ssh keys or authentication tokens need to be secured as well and accounted for in your threat model.

Your platform

Your device’s operating system needs to be actively maintained and regularly updated. This includes all services and third-party code that may be used to operate your system, such as OpenSSH.

Use a firewall to limit exposure to your platform and the services running on it. To open port 9735 is not required, but recommended to accept incoming connections and inbound channels. REST and RPC (default ports 8080 and 10009) only need to be exposed when required by an external application you configured.

You may consider making some endpoints only available inside trusted networks, or connect to your node only via SSH or a VPN. Configure your platform to only use keys for authentication, not passwords.

Your LND

When installing LND, verify the authenticity of the binaries or source code using PGP and git verify-tag as well as that of all dependencies, such as Go.

Just like the operating system of your node and personal device, lnd will need to be regularly updated. You may check the , check for announcements on the or follow Lightning Labs on to not miss important security announcements.

How you update your LND will depend on how you installed it. You may for example replace the binary on your machine with its latest version, or run the following commands in your lnd git directory when updating from source:

git pull make clean && make && make install tags="autopilotrpc chainrpc invoicesrpc routerrpc signrpc walletrpc watchtowerrpc wtclientrpc"

Your wallet

When creating your wallet with lncli create, you are given a 24 word long "aezeed" seed phrase. Similar to a BIP39 seed phrase, it can be used to recover your on-chain Bitcoin, meaning that if it falls into the wrong hands your bitcoin are at risk of being taken. Similarly, if you are not in possession of this seed phrase yourself, you may not be able to regain control over your funds in the event of an error.

You may write your seed phrase, in its correct order, on a piece of paper and store it somewhere securely. Alternatively, you may store it in encrypted storage elsewhere, such as your password manager.

Never run two separate LND nodes with the same seed!

Your private key is contained in your node's wallet.db. This wallet database and the macaroon database are encrypted with the password chosen when initializing the wallet using lncli create. If you lose your wallet password, you may recreate the wallet and macaroon database using the seed.

Your macaroons

Your node uses macaroons to authenticate API calls, including from lncli. Make sure your macaroons can only be accessed by authorized applications. To invalidate a macaroon, it is not enough to delete it. Instead, the macaroons.db has to be deleted in its entirety. A specific macaroon can be invalidated using lncli deletemacaroonid and its macaroon ID.

Your channels

In the event that your hard drive becomes corrupted or the entire device destroyed or deleted, you may recover your on-chain funds using the seed phrase above. Your channels however can’t be backed up directly, though a mechanism exists to recover them separately from your on-chain funds.

You can typically find your channel backups in the file ~/.lnd/data/chain/bitcoin/mainnet/channel.backup

The channel.db file is not suitable for backups. Keeping an up-to-date backup of this file is close to impossible, and you may lose your funds when recovering from an outdated channel.db file. This file can only be used when migrating your node, not when restoring.

Operational safety

When operating your node, it is important to note that you not interrupt lncli commands that alter the channel.db file, such as:

openchannel closechannel and closeallchannels

abandonchannel updatechanpolicy restorechanbackup

To safely shut down your Lightning Node, use the command lncli stop

Your external applications

LND uses macaroons to authenticate external applications. These may be applications running on the same machine as LND or externally.

By default you will see the admin.macaroon, invoice.macaroon, readonly.macaroon and router.macaroon files in your <lnddir>/data/chain/bitcoin/mainnet/ directory. They each have their own permissions, and you may create your own macaroons with specific purposes. Only share these macaroons with applications on devices you trust.

To recreate macaroons you may delete all of the macaroon files and restart LND. However, this will NOT invalidate old macaroons. To invalidate old macaroons, you will have to delete the macaroon.db file as well before restarting LND.

This file is changed every time a channel is opened or closed. You may set up a script that , or copy it manually. It is necessary to back up this file whenever a new channel has been opened. Invoking the channel.backup initiates a force close by your remote peers.

latest releases on Github
blog
Twitter
When migrating an LND node, please refer to the Migrating LND Guide.
backs up this file whenever it is changed