Docs: add VPS admin hardening note (#54685)

2026-05-06 04:40:43 +00:00 · 2026-04-29 17:36:33 -04:00
parent 71ab341f46
commit f0f1635f9f
1 changed files with 15 additions and 0 deletions
--- a/docs/vps.md
+++ b/docs/vps.md
@@ -43,6 +43,21 @@ A community video walkthrough is available at

 Related pages: [Gateway remote access](/gateway/remote), [Platforms hub](/platforms).

+## Harden admin access first
+
+Before you install OpenClaw on a public VPS, decide how you want to administer
+the box itself.
+
+- If you want Tailnet-only admin access, install Tailscale first, join the VPS
+  to your tailnet, verify a second SSH session over the Tailscale IP or
+  MagicDNS name, then restrict public SSH.
+- If you are not using Tailscale, apply the equivalent hardening for your SSH
+  path before exposing more services.
+- This is separate from Gateway access. You can still keep OpenClaw bound to
+  loopback and use an SSH tunnel or Tailscale Serve for the dashboard.
+
+Tailscale-specific Gateway options live in [Tailscale](/gateway/tailscale).
+
 ## Shared company agent on a VPS

 Running a single agent for a team is a valid setup when every user is in the same trust boundary and the agent is business-only.