# 3.3.1 Provision your server nodes with SSH access
{% hint style="info" %}
**Recomennded requirements for each server:**\
**16GB RAM / 8CPUs / 320 GB Disk / Ubuntu 22.04 (LTS) x64**
{% endhint %}
{% hint style="danger" %}
You must create a PEM(RSA), PKCS8, and RFC4716(OpenSSH) SSH Key for access to your servers. **Be aware that these developers have root level access to your server. If they leave your organisation, it is your responsibility to remove their id\_rsa.pub from the authorized\_keys file in** [**git**](https://github.com/opencrvs/opencrvs-countryconfig/blob/develop/infrastructure/authorized_keys) **and on the servers.**
{% endhint %}
1. Using your hosting provider, setup **1, 3** or **5** Ubuntu server nodes **with an additional backup server node in production**. Take note of all generated IP addresses and server hostnames.
2. Decide which of your IP addresses will be the **manager server node.** This server will be the manager in the Docker Swarm and the main server you will regularly SSH into to perform commands in this documentation.
3. Ensure that you have created SSH keys using [ssh-keygen.](https://www.ssh.com/academy/ssh/keygen) Then use [ssh-copy-id](https://www.ssh.com/academy/ssh/keygen#copying-the-public-key-to-the-server) to copy the public key: **id\_rsa.pub** key to all servers' **.ssh/authorized\_keys** file. Use the following command to copy and paste the **id\_rsa.pub** key into the [**authorized\_keys file in the countryconfig repo here.**](https://github.com/opencrvs/opencrvs-countryconfig/blob/master/infrastructure/authorized_keys) All public keys in this file will have SSH access to the server. **Never reveal the id\_rsa file!**
```
cat ~/.ssh/id_rsa.pub
```
4. For production deployments of 3 or 5 servers, ensure that the **manager server node** can ssh into all the other servers by itself if required in a bash script.\
\
SSH into **manager server node** and create an ssh key using [ssh-keygen.](https://www.ssh.com/academy/ssh/keygen) Then use [ssh-copy-id](https://www.ssh.com/academy/ssh/keygen#copying-the-public-key-to-the-server) to copy the public key: **id\_rsa.pub** key to the 2-4 other servers' **.ssh/authorized\_keys** file. SSH into the **manager server node**, and confirm that you can SSH into all nodes from inside the manager server node.
You are now ready to exit all nodes and run the Ansible command from your local environment to install the required dependencies on the servers. To set up a backup server in production, refer to the next step.
### Setting up a backup server for production
{% hint style="info" %}
In the next step, your servers will be configured. In this configuration process, OpenCRVS can optionally set up a scheduled task in Ubuntu's crontab to backup OpenCRVS every night to another external server.
{% endhint %}
1. If you are setting up a backup server, **SSH into the backup server** to add the **manager server node's** id\_rsa.pub key into its .ssh/authorised\_keys file.
2. Create a directory to store OpenCRVS backups, e.g /root/opencrvs
3. **SSH into the manager server node** and wnsure that the **manager server** can ssh into the backup server.