Securing a VPS for AI agents (UFW + Tailscale + SSH)
read · 6 min
An AI agent often holds API keys and touches your code and data, so the server it runs on must be locked down. These five steps turn a fresh VPS into a hardened host with no public attack surface beyond what you choose.
Steps
Harden SSH
Disable password login and root login — use SSH keys only. This alone removes the vast majority of automated attacks.
$ sudo sed -i 's/^#\?PasswordAuthentication.*/PasswordAuthentication no/' /etc/ssh/sshd_config
$ sudo sed -i 's/^#\?PermitRootLogin.*/PermitRootLogin no/' /etc/ssh/sshd_config
$ sudo sshd -t && sudo systemctl reload ssh Install Tailscale for private access
Put the server on your private Tailscale network so you reach it without exposing SSH to the public internet.
$ curl -fsSL https://tailscale.com/install.sh | sh
$ sudo tailscale up Default-deny firewall with UFW
Block all incoming traffic by default and only allow SSH over the Tailscale interface.
$ sudo ufw default deny incoming
$ sudo ufw default allow outgoing
$ sudo ufw allow in on tailscale0 to any port 22 proto tcp
$ sudo ufw enable Add fail2ban
fail2ban watches logs and bans IPs that probe your server, adding a second layer behind the firewall.
$ sudo apt-get install -y fail2ban
$ sudo systemctl enable --now fail2ban Automatic security updates
Keep the system patched without manual work by enabling unattended upgrades.
$ sudo apt-get install -y unattended-upgrades
$ sudo dpkg-reconfigure --priority=low unattended-upgrades Frequently asked
Why route SSH through Tailscale instead of opening port 22? +
A closed port cannot be brute-forced. With UFW denying public SSH and Tailscale providing private access, your management plane is invisible to the internet.
Should AI agents run as root? +
No. Create a dedicated non-root user for agents and give it only the permissions it needs, so a compromised agent cannot take over the whole server.
Is fail2ban still needed behind a firewall? +
It is defence in depth. If you ever expose a service publicly (a web app, an API), fail2ban limits abuse against it.
Related guides
Start on solid ground
A VPS with full root access so you can harden it exactly how you want.
See VPS plans →