AI-powered server administration over SSH β an OpenClaw plugin.
Clawdfather lets you connect to any server via SSH and get an AI assistant that can execute commands, analyze logs, manage services, and provision infrastructure β all through a clean web chat interface.
ββββββββββββ ssh -A βββββββββββββββββ ControlMaster ββββββββββββββββ
β You ββββββββββββββββΆβ Clawdfather βββββββββββββββββββββββΆβ Target Serverβ
β (local) β β SSH Server β β (remote) β
ββββββββββββ βββββββββ¬ββββββββ ββββββββββββββββ
β β²
β session URL β
βΌ β
βββββββββββββββββ channel system β
β Web Chat UI ββββΆ Plugin WS :3000 βββββββββββ
β (browser) β (inbound β OpenClaw agent)
βββββββββββββββββ
Note: The web UI connects directly to the plugin's own HTTP/WebSocket server on port 3000 (configurable). The OpenClaw Gateway is fully internal and never exposed to the public internet.
- SSH in β
ssh -A clawdfather.ai(with agent forwarding) - Pick your target β Enter
user@hostat the prompt - Agent auth β Your SSH agent signs the handshake to the target (no passwords stored)
- Get a URL β A web chat URL is returned with your session ID
- AI Admin β Chat with the AI to manage your server. It executes commands through the established SSH tunnel.
- OpenClaw (installed and running)
- Node.js β₯ 18
- SSH client on the host machine
- An SSH key loaded in your local agent (
ssh-add)
Before installing Clawdfather, free up port 22 on the host (Clawdfather owns port 22; host sshd moves to 2222).
- Full guide:
docs/host-preparation.md - Includes distro notes and gotchas (including Ubuntu
ssh.socketbehavior)
β οΈ Safety first: Always testssh -p 2222 user@clawdfather.aifrom a new terminal before closing your current SSH session.
# Clone or copy to your workspace
cd ~/.openclaw/workspace
git clone <repo-url> clawdfather
cd clawdfather
npm install
# Install the plugin
openclaw plugins install -l ./openclaw plugins install @openclaw/clawdfatherAdd to your OpenClaw config (openclaw.json):
{
plugins: {
entries: {
clawdfather: {
enabled: true,
config: {
sshPort: 22, // Port for the SSH server (default 22)
webDomain: "clawdfather.ai", // Domain for the web UI URL
sessionTimeoutMs: 1800000, // 30 min default
// hostKeyPath: "..." // Optional custom host key
// allowedOrigins: ["https://clawdfather.ai"] // CORS allowlist (same-origin default)
}
}
}
},
// No custom tools needed β Clawdfather uses native OpenClaw exec tool
// Just ensure the exec tool is available to the agent (it is by default)
}Restart the gateway:
openclaw gateway restartssh -A clawdfather.aiNote:
-Aenables agent forwarding. Your local SSH keys are used to authenticate to the target server β nothing is stored by Clawdfather.
βββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ
β π¦ C L A W F A T H E R β
β AI-Powered Server Administration β
βββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ
Enter destination (user@host[:port]): root@10.0.0.5
β
Connected!
βββββββββββββββββββββββββββββββββββββββββββββββββββββββ
β π Open your admin console: β
β β
β https://clawdfather.ai/#session=a1b2c3d4-... β
β β
β Session: a1b2c3d4... β
β Target: root@10.0.0.5 β
βββββββββββββββββββββββββββββββββββββββββββββββββββββββ
The AI will automatically run initial recon on your server and be ready to help with:
- Package management β Install, update, remove packages
- Service management β Start, stop, restart, check logs
- Security auditing β Open ports, failed logins, firewall rules
- Log analysis β Search and analyze system/application logs
- Performance β CPU, memory, disk, network diagnostics
- Docker β Container management, logs, stats
- Configuration β Edit configs, test syntax, reload services
- Provisioning β Set up new services, users, firewall rules
The web UI is served by the plugin's own HTTP server on port 3000 (configurable via webPort). It features:
- Dark terminal-aesthetic theme
- Real-time streaming responses
- Code block syntax highlighting with copy buttons
- Markdown rendering
- Auto-reconnect on disconnect
- Mobile responsive
| Component | File | Purpose |
|---|---|---|
| Plugin entry | src/index.ts |
Registers channel + SSH service with OpenClaw |
| Channel | src/channel.ts |
OpenClaw channel plugin definition |
| Inbound | src/inbound.ts |
Routes web UI messages through OpenClaw agent |
| Web server | src/web-server.ts |
HTTP + WebSocket server on port 3000 |
| SSH server | src/ssh-server.ts |
Custom SSH2 server with agent forwarding |
| Session store | src/sessions.ts |
In-memory session management |
| Web UI | ui/ |
Static HTML/CSS/JS chat interface |
| Admin skill | skills/clawdfather/ |
AI instructions for server admin |
Clawdfather does not register custom agent tools. Instead, the web UI injects an SSH ControlMaster prefix into the session context, and the agent uses OpenClaw's native exec tool to run ssh and scp commands through the established tunnel. This gives the agent full access to PTY mode, background processes, streaming output, and timeouts β all native OpenClaw capabilities.
| Method | Description |
|---|---|
clawdfather.sessions |
List all active sessions |
clawdfather.session |
Get info about a specific session |
Clawdfather is a portal app, not a server login. It uses SSH public key authentication to identify users β the same approach as terminal.shop.
How it works:
- You run
ssh -A clawdfather.aiβ your SSH client offers your public key - Clawdfather accepts any valid public key (no account creation needed)
- Your key's SHA256 fingerprint becomes your identity (for audit trails, future billing, allowlists)
- You pick a target server β Clawdfather uses your forwarded SSH agent (
-A) to authenticate there - The agent protocol never exposes your private key β it only asks your local agent to sign challenges
This is NOT the same as logging into the host. Clawdfather runs on port 22 as an app. Host admin SSH (standard sshd) runs on port 2222 with its own authentication. These are completely separate.
Security features:
- Public key only β Password and other auth methods are rejected. No credentials to phish or leak.
- Fingerprint-based identity β Each user is identified by their key's SHA256 fingerprint for audit trails and future allowlists/billing.
- Session isolation β Each session has a unique UUID and its own ControlMaster socket.
- ControlMaster lifecycle management β When sessions expire or are removed, the ControlMaster is cleanly terminated (
ssh -O exit) and the socket file is removed. - Tool safety β AI follows strict rules about destructive commands (see SKILL.md).
β οΈ Session Token SecurityThe session token (UUID) in the URL hash is a high-security bearer secret. Anyone who possesses it has full access to the connected SSH session for the lifetime of the session. Treat it like a password:
- The web UI scrubs the token from the URL and browser history immediately after extracting it on first load.
- The token is never written to client-side logs.
- Do not share session URLs over insecure channels.
- The SSH connection is the authoritative lease β keep your SSH terminal open while using the web UI. Disconnecting SSH (or pressing Ctrl+C) immediately revokes the web session.
Session liveness: Every inbound WebSocket message re-validates the session against the server-side store. If the session has expired or been invalidated, the server sends an error and closes the connection immediately. The SSH connection is the authoritative session lease β when the SSH client disconnects (or the user presses Ctrl+C), the session is removed and all connected WebSocket clients are closed instantly.
Web server singleton: The HTTP/WebSocket server is a singleton per plugin instance. When multiple accounts are configured, they share a single server to avoid port conflicts (EADDRINUSE). The server shuts down only when the last account releases its reference.
CORS: By default, only same-origin requests are allowed (the configured webDomain and localhost). You can configure an explicit allowlist via allowedOrigins in the plugin config. Set ["*"] to restore permissive CORS (not recommended for production).
Sensitive metadata: The SSH ControlMaster socket path (controlPath) is never exposed to the browser. The server injects SSH context into agent messages server-side.
Create an A record pointing clawdfather.ai (or your domain) to your server's public IP.
Clawdfather listens on port 22 by default (configured in Host Preparation above). Ensure sshd has been moved to port 2222 before starting the gateway.
Step 7. Update firewall for the full setup:
ufw allow 22/tcp # Clawdfather SSH (public-facing)
ufw allow 2222/tcp # Host admin SSH
ufw allow 443/tcp # Web UI (HTTPS)
ufw allow 80/tcp # ACME challenges / redirect
ufw reloadOpen these ports:
| Port | Protocol | Purpose |
|---|---|---|
| 22/tcp | SSH | Clawdfather SSH server (public-facing) |
| 2222/tcp | SSH | Host sshd (your admin access) |
| 3000/tcp | HTTP/WS | Plugin web server (only if not behind Caddy) |
| 443/tcp | HTTPS | Web UI (via Caddy) |
| 80/tcp | HTTP | ACME challenges / redirect |
If using Caddy as a reverse proxy, port 3000 does not need to be opened publicly β Caddy connects to it locally.
Caddy handles TLS automatically via Let's Encrypt β see the Caddy example below.
The OpenClaw Gateway is fully internal β it is not exposed to the public internet. The web UI connects to the plugin's own HTTP/WebSocket server on port 3000, which routes messages through the OpenClaw channel system internally.
For clawdfather.ai to work, you need:
- DNS A record pointing
clawdfather.aito your OpenClaw host - Port forwarding for SSH port (default 22) and web port (default 3000)
- TLS for the web UI (Caddy recommended β auto-provisions Let's Encrypt certs)
The OpenClaw Gateway is internal only β it should not be exposed to the public internet. Caddy proxies to the plugin's web server on port 3000, not the Gateway.
Note: SSH traffic (port 22) goes directly to the Clawdfather SSH server, not through Caddy. Only HTTP/HTTPS/WebSocket traffic is reverse-proxied.
Caddy handles TLS automatically via Let's Encrypt β no cert configuration needed.
clawdfather.ai {
# Proxy to the plugin's own web/WebSocket server
# Caddy automatically handles WebSocket upgrade headers
reverse_proxy * localhost:3000
}Install and run:
# Install Caddy (https://caddyserver.com/docs/install)
sudo apt install -y caddy # Debian/Ubuntu
# or: brew install caddy # macOS
# Start with your Caddyfile
sudo caddy start --config /etc/caddy/CaddyfileThat's it. Caddy will:
- Obtain and renew TLS certificates automatically
- Proxy HTTP and WebSocket traffic to the plugin's web server (port 3000)
- The OpenClaw Gateway stays internal β never exposed publicly
# Expose via Tailscale Serve
openclaw gateway --tailscale serve
# SSH is available on your Tailscale IP
ssh -A your-machine.tail1234.ts.netcd clawdfather
npm install
npm run keygen # Generate SSH host key (first time)
# Link as local plugin
openclaw plugins install -l ./
# Restart gateway to load
openclaw gateway restart"Failed to connect to target"
- Verify your SSH agent has keys loaded:
ssh-add -l - Test direct SSH first:
ssh user@host - Check the target accepts your key
Web UI shows "disconnected"
- Ensure the OpenClaw gateway is running
- Check the gateway URL and auth token
- Look at browser console for WebSocket errors
Session expired
- Sessions timeout after 30 min of inactivity (configurable)
- Re-run
ssh -A clawdfather.aito create a new session
MIT