SECURITY

Securing a VPS for AI agents (UFW + Tailscale + SSH)

read · 6 min

An AI agent often holds API keys and touches your code and data, so the server it runs on must be locked down. These five steps turn a fresh VPS into a hardened host with no public attack surface beyond what you choose.

Steps

01

Harden SSH

Disable password login and root login — use SSH keys only. This alone removes the vast majority of automated attacks.

$ sudo sed -i 's/^#\?PasswordAuthentication.*/PasswordAuthentication no/' /etc/ssh/sshd_config
$ sudo sed -i 's/^#\?PermitRootLogin.*/PermitRootLogin no/' /etc/ssh/sshd_config
$ sudo sshd -t && sudo systemctl reload ssh
02

Install Tailscale for private access

Put the server on your private Tailscale network so you reach it without exposing SSH to the public internet.

$ curl -fsSL https://tailscale.com/install.sh | sh
$ sudo tailscale up
03

Default-deny firewall with UFW

Block all incoming traffic by default and only allow SSH over the Tailscale interface.

$ sudo ufw default deny incoming
$ sudo ufw default allow outgoing
$ sudo ufw allow in on tailscale0 to any port 22 proto tcp
$ sudo ufw enable
04

Add fail2ban

fail2ban watches logs and bans IPs that probe your server, adding a second layer behind the firewall.

$ sudo apt-get install -y fail2ban
$ sudo systemctl enable --now fail2ban
05

Automatic security updates

Keep the system patched without manual work by enabling unattended upgrades.

$ sudo apt-get install -y unattended-upgrades
$ sudo dpkg-reconfigure --priority=low unattended-upgrades

Frequently asked

Why route SSH through Tailscale instead of opening port 22? +

A closed port cannot be brute-forced. With UFW denying public SSH and Tailscale providing private access, your management plane is invisible to the internet.

Should AI agents run as root? +

No. Create a dedicated non-root user for agents and give it only the permissions it needs, so a compromised agent cannot take over the whole server.

Is fail2ban still needed behind a firewall? +

It is defence in depth. If you ever expose a service publicly (a web app, an API), fail2ban limits abuse against it.

Related guides

Start on solid ground

A VPS with full root access so you can harden it exactly how you want.

See VPS plans →