Now offering done-for-you lead generation — qualified leads delivered to your CRM weekly. Learn more →
AutoikigaiAutoikigai

Security Advisory

OpenClaw VPS Security Hardening

Infrastructure · VPS · AI Agent Deployment

Your AI agent runs on your server with full access to your APIs, business data, and client communications. A default installation is an open door. This guide covers what needs to be locked down before your agent handles anything real.

Applies to: Hostinger, DigitalOcean, Hetzner, Vultr, and all VPS-hosted OpenClaw deployments.

Threat Landscape

A fresh VPS is under attack within minutes.

400+Brute-force login attempts per day on an unprotected VPS
<5mTime before automated bots discover a newly provisioned server
100%Of default OpenClaw installations ship with open attack surface

Real audit data: We checked a client's server before hardening — 400+ failed SSH login attempts in a single day. Automated bots constantly scan for open servers. If you're running OpenClaw on a default VPS configuration, your API keys, model tokens, and business data are exposed.

Required Configuration

Security hardening steps

Each step below addresses a specific attack vector. Skipping any of them leaves your deployment vulnerable to data exfiltration, unauthorized agent control, or complete server compromise.

01

Firewall Configuration

UFW Ruleset

All incoming traffic must be denied by default. Only authenticated SSH connections are permitted through explicit allow rules. Requires configuring deny/allow rulesets, verifying rule ordering, and ensuring daemon persistence across reboots.

# Install and apply baseline firewall rules
apt install -y ufw
ufw default deny incoming
ufw default allow outgoing
ufw allow ssh

# Enable — rule ordering matters
ufw --force enable
02

Brute-Force Protection

Fail2ban Service

Fail2ban monitors authentication logs and automatically bans IPs with repeated failed attempts. Requires jail policy configuration, ban threshold tuning, and log path verification for your specific Linux distribution.

# Install and enable the service
apt install -y fail2ban
systemctl enable --now fail2ban

# Jail config: /etc/fail2ban/jail.local
# Requires per-service threshold tuning
03

SSH Key-Only Authentication

Password Login Disabled

Password-based SSH must be disabled entirely. Key-based authentication is the only acceptable method. This involves modifying sshd_config, configuring authorized key paths, setting PermitRootLogin policy, and restarting the SSH daemon.

# Disable password auth — keys only
sed -i 's/^#PasswordAuthentication yes/PasswordAuthentication no/' \
  /etc/ssh/sshd_config
echo "PermitRootLogin prohibit-password" > \
  /etc/ssh/sshd_config.d/hardening.conf
systemctl restart ssh

Ensure your SSH key is deployed to ~/.ssh/authorized_keys BEFORE executing. Misconfiguration results in permanent server lockout with no recovery path.

04

Private Network Overlay

Tailscale Mesh VPN

Tailscale creates an encrypted mesh VPN between your devices. Once configured, SSH and the OpenClaw dashboard become completely invisible to the public internet. Requires ACL policy configuration and device authorization via admin console.

# Install private network overlay
curl -fsSL https://tailscale.com/install.sh | sh
tailscale up

# Restrict SSH to private network ONLY
ufw allow in on tailscale0 to any port 22
ufw delete allow 22/tcp

# Requires Tailscale ACL policy setup
# and device auth via admin console
05

Config & API Key Permissions

File-Level Access Control

OpenClaw stores API keys and model tokens in plaintext config files. Default permissions allow any user or process on the server to read these credentials. File permissions must be restricted to owner-only (600).

# Lock down config files
chmod 600 ~/.openclaw/openclaw.json
chmod 600 ~/.openclaw/.env

# Verify permissions (should show -rw-------)
ls -la ~/.openclaw/
06

Gateway Binding & Secure Dashboard

Loopback + Tailscale Serve

The OpenClaw gateway must be bound to loopback only — never exposed on a public interface. The management dashboard should be served exclusively through Tailscale’s encrypted HTTPS layer. Requires gateway config modification and Tailscale Serve certificate setup.

# In your OpenClaw config:

# Bind to loopback — never expose to internet
gateway.bind = "loopback"

# Enable Tailscale Serve for HTTPS dashboard
gateway.tailscale.mode = "serve"

# Dashboard: https://your-machine.your-tailnet.ts.net
# Requires Tailscale Serve cert + DNS propagation

Agent Configuration

Your agent's brain needs boundaries

OpenClaw agents operate from two core files. Without proper configuration, your agent has no identity constraints, no recovery protocol, and no safety boundaries.

01

SOUL.md

Agent Personality

Defines who your agent is — its rules, boundaries, business context, and communication constraints. A well-written SOUL.md is the difference between a useful agent and an uncontrolled chatbot sending messages on your behalf.

Core rulesBusiness contextBoundariesTone & voice
02

AGENTS.md

Operating Manual

The operational playbook. How your agent reads memory, recovers from crashes, and maintains continuity between sessions. Without this, every restart is amnesia — your agent forgets everything and starts from zero.

Session startupMemory systemCrash recoverySafety protocols

Complete Checklist

Minimum requirements before going live

Every item below is required before your OpenClaw agent should touch real business data or client communications.

01

Firewall deny-all policy with explicit SSH allowlist and rule persistence verification

02

Fail2ban jail policies with tuned ban thresholds and distribution-specific log paths

03

SSH key-only auth with password login disabled and lockout prevention confirmed

04

Tailscale mesh VPN with ACL policies, device authorization, and public port removal

05

Config file permissions locked to owner-only (600) for all .env and .json files

06

Gateway bound to loopback with Tailscale Serve HTTPS and certificate configuration

07

SOUL.md agent personality with business context, communication boundaries, and safety rules

08

AGENTS.md operating manual with memory system, crash recovery, and data exfiltration guards

09

Ongoing monitoring: Fail2ban logs, SSH access patterns, memory file audits, package updates

Advisory

This is infrastructure work. Not a tutorial.

Each step above involves multiple configuration files, service dependencies, and potential failure modes. An incorrect firewall rule can lock you out permanently. A misconfigured Tailscale ACL leaves your dashboard exposed. Incomplete SOUL.md boundaries mean your agent could send unauthorized messages on your behalf.

Need help setting this up? We handle the infrastructure.

We deploy and secure OpenClaw instances for businesses. All hardening, agent configuration, and ongoing monitoring included.

Book a setup call