In the previous post, I showed you how to provision a hardened server with a single YAML file. Today, we are going to use that foundation to deploy something more exciting: your own AI assistant that can actually do things.
OpenClaw (formerly Clawdbot, and briefly known as Moltbot) is the hottest open-source project of January 2026. It connects to WhatsApp, Telegram, Discord, and runs on your own hardware. It can execute shell commands, manage your calendar, send emails, and basically act as a 24/7 digital employee.
The problem? People are deploying it like it is 1999.
The Shodan Reality Check
Go to Shodan right now, I will wait.
You will find over 1700 instances broadcasting their presence to the entire internet. Many of them have:
- No authentication enabled
- mDNS leaking filesystem paths and SSH ports
- Port 18789 wide open to the world
- Full shell access to whoever connects first
This is not a theoretical risk. Security researchers have already documented instances with conversation histories, API keys, and in some cases, full system access exposed to anyone who bothers to look.
Hetzner tops the list. Not because it’s insecure, but because it’s popular, affordable, and people are moving fast without slowing down for security.
No judgment here. Let’s fix it.
What We Are Building
By the end of this post, you will have:
- A hardened Ubuntu server on Hetzner
- OpenClaw installed and running
- Zero ports exposed to the public internet (except SSH)
- SSH tunnel scripts ready to use - just run and connect
- A firewall protection that blocks everything except SSH
All from a single cloud-init config. No VPN software to install. No extra ports to open. Just SSH, which you love and already use.
The Secure Cloud-Init Config
Here is the complete configuration. Paste this into Hetzner’s “Cloud Config” field and your server boots up locked down:
#cloud-config
packages:
- fail2ban
- ufw
- curl
- git
- jq
package_update: true
package_upgrade: true
users:
- name: openclaw
groups: users, admin, adm, docker
sudo: ALL=(ALL) NOPASSWD:ALL
shell: /bin/bash
ssh_authorized_keys:
- ssh-ed25519 YOUR_SSH_KEY_HERE
write_files:
- path: /etc/ssh/sshd_config.d/99-hardening.conf
content: |
PermitRootLogin no
PasswordAuthentication no
KbdInteractiveAuthentication no
ChallengeResponseAuthentication no
MaxAuthTries 2
X11Forwarding no
AllowAgentForwarding no
AllowUsers openclaw
# Allow local port forwarding for SSH tunnels
AllowTcpForwarding local
- path: /etc/fail2ban/jail.local
content: |
[sshd]
enabled = true
banaction = iptables-multiport
- path: /etc/systemd/system/openclaw.service
content: |
[Unit]
Description=OpenClaw Gateway
After=network.target
[Service]
Type=simple
User=openclaw
WorkingDirectory=/home/openclaw
Environment=PATH=/home/openclaw/.npm-global/bin:/usr/local/bin:/usr/bin:/bin
Environment=NODE_ENV=production
Environment=HOME=/home/openclaw
ExecStart=/home/openclaw/.npm-global/bin/openclaw gateway
Restart=always
RestartSec=10
[Install]
WantedBy=multi-user.target
runcmd:
- systemctl enable fail2ban
- ufw allow OpenSSH
- ufw --force enable
- su - openclaw -c 'curl -fsSL https://openclaw.ai/install.sh | bash -s -- --no-onboard'
- su - openclaw -c '/home/openclaw/.npm-global/bin/openclaw setup'
- su - openclaw -c '/home/openclaw/.npm-global/bin/openclaw config set gateway.mode local'
- su - openclaw -c '/home/openclaw/.npm-global/bin/openclaw config set gateway.bind loopback'
- su - openclaw -c '/home/openclaw/.npm-global/bin/openclaw config set gateway.auth.token $(openssl rand -hex 32)'
- su - openclaw -c '/home/openclaw/.npm-global/bin/openclaw config set discovery.mdns.mode off'
- systemctl daemon-reload
- systemctl enable openclaw
- reboot
Important: Replace YOUR_SSH_KEY_HERE with your actual SSH public key.
That is about 72 lines of YAML. After boot, your server has:
- OpenClaw running and locked to localhost
- Firewall blocking everything except SSH
- SSH tunnel ready to use
Deploying on Hetzner
- Log into Hetzner Cloud Console
- Create a new project (or use an existing one)
- Click “Add Server”
- Choose:
- Location: Whatever is closest to you
- Image: Ubuntu 24.04
- Type: CX22 (2 vCPU, 4GB RAM) is plenty
- Scroll down to “Cloud config”
- Paste the YAML config above (with your SSH key)
- Click “Create & Buy Now”
In a few minutes, your server will be ready.
Connecting via SSH Tunnel
No VPN software needed. SSH tunnels use the same connection you use to log in.
On your laptop, open a terminal and run:
ssh -N -L 18789:localhost:18789 openclaw@YOUR_SERVER_IP
This forwards your local port 18789 to the server’s localhost:18789. The -N flag means “do not execute a remote command” - the connection just sits there forwarding traffic.
Leave this terminal open. In another terminal, run this command to get your gateway token:
ssh openclaw@YOUR_SERVER_IP grep token .openclaw/openclaw.json | cut -d"\"" -f4
Open http://127.0.0.1:18789/ in your browser and paste the token into the “Gateway Token” field.
Even Easier Access with SSH Config
Add this to your ~/.ssh/config:
Host openclaw
HostName YOUR_SERVER_IP
User openclaw
LocalForward 18789 localhost:18789
ServerAliveInterval 30
ServerAliveCountMax 3
Then just run:
ssh -fN openclaw
You can even close the terminal and the tunnel will keep running in the background.
Verifying Your Security
After setup, run the security audit:
nmap -p- -Pn -T4 YOUR_SERVER_IP
You should see no ports open except SSH (22). Perfect.
That’s All Folks!
72 lines of YAML. One cloud-init config. A server that boots up locked down and ready to go.
The 1,700 people on Shodan did not fail because they lacked fancy tools. They failed because they skipped the basics:
Bad Practice | This Config |
|---|---|
|
|
No gateway auth | Random 64-char token |
mDNS broadcasting |
|
Port 18789 open | UFW blocks it, SSH tunnel only |
Extra VPN software | Just SSH (already there) |
You now have a foundation that is not leaking your conversations to random people on the internet. Go build something cool with it.