Run Claude Code safely on a server
Claude Code can run any command your user can. What the skip permissions flag changes, and how to contain the blast radius, from sandbox to disposable VPS.
Filtering by topic #hardening · clear
Claude Code can run any command your user can. What the skip permissions flag changes, and how to contain the blast radius, from sandbox to disposable VPS.
Lock down SSH on your VPS: switch to key-only login, disable root and passwords with a drop-in config, and layer Fail2ban and a VPN on top.
Agent Zero runs code, a browser, and a shell from a Web UI, so exposing it carelessly is dangerous. Set it up on a VPS and lock the Web UI down.
A new VPS is a target from its first minute. This ten-minute runbook creates a user, sets SSH keys, disables root, and turns on the firewall.
Set up unattended-upgrades on Ubuntu so your VPS installs security patches on its own. What to auto-apply, how to handle reboots, how to verify.
OpenHands is an AI agent that writes and runs code, so its setup needs care. Install it on a VPS with Docker and lock down the Web UI and its secrets.
OpenClaw runs shell commands and browses the web, so a careless setup is dangerous. Harden it on a VPS: unprivileged user, firewall, secrets, systemd.
Running a service as root turns one bug into full server access. Give each service its own unprivileged account, or let systemd do it with DynamicUser.