This guide explains how to use Alibaba Cloud Bastionhost to manage the full lifecycle of OpenClaw, an AI agent O&M tool. It covers four scenarios: batch installation, remote O&M, security hardening, and batch uninstallation.
Background
Open-source AI agents like OpenClaw automate tasks through natural language, making them vital for improving operational efficiency. However, running these high-privilege agents directly in production environments without effective controls can lead to the following security risks:
Uncontrolled installation and deployment: O&M personnel might install OpenClaw on multiple servers without approval. This can lead to incomplete asset inventories, inconsistent versions, and an inability to enforce unified security policies.
Unauditable operations: OpenClaw parses natural language into Shell or Python commands and executes them directly. Without an audit layer, you cannot trace which natural language instruction triggered a specific dangerous command in the event of an operational error or malicious invocation.
Risk of credential exposure: Agents often require high system permissions or need to interact with databases and cloud APIs. If an agent holds a long-lived credential without centralized access control, an attacker can use a compromised agent to move laterally within the network, leading to a data breach.
Solution overview
This solution uses Bastionhost to manage the full lifecycle of OpenClaw, from deployment to uninstallation. It ensures audit compliance while maintaining high operational efficiency. The solution covers the following scenarios:
Batch installation: Use Bastionhost to centrally distribute deployment scripts to install OpenClaw and configure its Gateway service across multiple servers.
Remote O&M: Establish a zero-trust O&M channel through Bastionhost, where all operations are performed in controlled, fully auditable sessions.
Batch hardening: Distribute security hardening scripts through O&M tasks to perform unified configuration checks and vulnerability remediation.
Batch uninstallation: Trigger a one-click cleanup process to automatically remove agent components and residual configurations.
Prerequisites
You have purchased and enabled an Enterprise Edition (Dual-Engine) Bastionhost instance. For more information, see Quickly purchase and log on to a Bastionhost instance and Enable a Bastionhost instance.
You have an ECS instance that can access the public network and the official OpenClaw website.
This guide uses an Alibaba Cloud ECS instance that runs Ubuntu 22.04 as an example.
Node 24 is recommended for your server. Node 22 LTS (22.16 or later) is also supported. Run the
node --versioncommand to check the Node.js version.
Step 1: Add assets and grant permissions
Log on to the Bastionhost console and select the region where your Bastionhost instance is deployed.
On the Instances page, find the target instance and click Manage.
Add your Alibaba Cloud ECS instances. For more information, see Step 1: Import Alibaba Cloud ECS instances and host their accounts.
Add O&M personnel. For more information, see Step 2: Create a Bastionhost user.
Grant permissions on the assets and asset accounts to the Bastionhost user. For more information, see Step 3: Grant permissions on assets and asset accounts to a Bastionhost user.
Enable access over the public network. On the Instances page, find the target instance and turn on the Public switch.
Step 2: Batch O&M for OpenClaw
Scenario 1: Batch install OpenClaw
Running installation scripts in batches with Bastionhost simplifies the manual, server-by-server process into a single automated task. An administrator's pre-execution review and approval improves both deployment efficiency and security compliance. The following procedure describes how to perform a batch installation of OpenClaw on Ubuntu 22.04 by using Bastionhost.
Bastionhost provides two types of scripts for different scenarios:
Dimension | Public script | Private script |
Creator | Administrator | O&M personnel |
Visibility | Visible to all O&M personnel | Visible only to the creator |
How to create | Bastionhost console > Assets > O&M Task Management > Public Script Management | O&M portal > O&M Tasks > Script Management |
Approval mechanism | Requires administrator approval | Does not require approval and can be run immediately |
Create an O&M script
Based on your requirements, choose one of the following methods to create an O&M script. The script content is the same for both methods, but the creation entry point and approval workflow are different.
Public script
Once created, a public script can be used by any O&M personnel for an O&M task, which then requires administrator approval. For more information, see Create a public O&M script.
Log on to the Bastionhost console and select the region where your Bastionhost instance is deployed.
Find the target instance and click Manage.
In the left-side navigation pane, choose .
Click the Public Script Management tab, and then click Create O&M Script.
Enter a name for the script, paste the installation script content provided below, and then click OK.
Private script
After a private script is created, it is visible only to you. An O&M task that uses a private script does not require administrator approval. For more information, see Automated O&M.
Log on to the O&M portal by using its public URL.
NoteTo obtain the public URL of the O&M portal: Log on to the Bastionhost instance list page as an administrator, select the target region, find your instance, and click Manage. On the Overview page, you can find the URL in the instance information panel on the right.
For more information about how to log on, see Log on to the O&M portal.
Choose O&M Tasks, switch to the Script Management tab, and then click Create O&M Script.
Enter a name for the script, paste the installation script content provided below, and then click OK.
Installation script content
The following script can be used for both public and private scripts. The script performs these actions: installs Node.js 24.x, installs OpenClaw, configures the Gateway service, and enables the service to start on boot.
#!/bin/bash
set -euo pipefail
echo "Starting Node.js (v24.x) installation..."
# 1. Install Node.js 24.x
curl -fsSL https://deb.nodesource.com/setup_24.x | sudo bash - && \
sudo apt install -y nodejs
echo "Node.js installation completed."
echo "Running OpenClaw installation script..."
# 2. Run the OpenClaw installation script (skips interactive prompts and post-install)
(
set +e
export CI=1
export OPENCLAW_SKIP_POST_INSTALL=1
curl -fsSL https://openclaw.ai/install.sh | bash
exit 0
)
echo "OpenClaw installation script finished."
# 3. Configure OpenClaw and install the systemd service (as the root user)
echo "Configuring OpenClaw and installing systemd service..."
# Set the configuration
openclaw config set gateway.mode local
if ! openclaw config get gateway.auth.token >/dev/null 2>&1; then
openclaw config set gateway.auth.token "$(openssl rand -hex 20)"
fi
# Create the systemd user service file (for the root user)
mkdir -p /root/.config/systemd/user
cat > /root/.config/systemd/user/openclaw-gateway.service <<'EOF'
[Unit]
Description=OpenClaw Gateway
After=network.target
[Service]
Environment=HOME=/root
ExecStart=/usr/bin/openclaw gateway --port 18789
Restart=always
RestartSec=5
StandardOutput=journal
StandardError=journal
[Install]
WantedBy=default.target
EOF
# Enable linger to allow the root user's service to run without an active login session
sudo loginctl enable-linger root 2>/dev/null || true
# Reload the user-level systemd configuration and start the service
systemctl --user daemon-reload
systemctl --user restart openclaw-gateway
# Explicitly restart and check if the port is listening
echo "Restarting OpenClaw service to apply configuration..."
systemctl --user restart openclaw-gateway
echo "Checking if port 18789 is being listened on..."
# Wait for up to 10 seconds for the service to start
for i in {1..10}; do
if ss -tuln | grep -q ':18789\s'; then
echo "Successfully listening on port 18789!"
break
fi
sleep 1
done
# Final verification
if ! ss -tuln | grep -q ':18789\s'; then
echo "Error: OpenClaw is not listening on port 18789!"
echo "Please check the logs:"
journalctl --user -u openclaw-gateway -n 50 --no-pager
exit 1
fi
# Post-installation status check
echo "Checking OpenClaw installation status..."
# 1. Check if the command exists and get the version
if command -v openclaw &> /dev/null; then
echo "openclaw command found."
echo "Version info:"
openclaw --version
else
echo "openclaw command not found, please verify the installation."
exit 1
fi
echo ""
# 2. Display the executable file path
echo "Installation path:"
which openclaw
echo ""
# 3. Get and display the token
TOKEN=$(openclaw config get gateway.auth.token 2>/dev/null || echo "<unable to read>")
echo "Access Token: $TOKEN"
echo ""
# 4. Check the service status
if systemctl --user is-active --quiet openclaw-gateway; then
echo "openclaw-gateway service is running."
elif systemctl --user is-enabled --quiet openclaw-gateway 2>/dev/null; then
echo "openclaw-gateway service is enabled but not running."
else
echo "openclaw-gateway service is not enabled or does not exist."
fi
echo ""
echo "Detailed service status:"
systemctl --user status openclaw-gateway --no-pager
echo ""
echo "Listening page (SSH tunnel required): http://localhost:18789/__openclaw__/canvas/"
echo ""
echo "OpenClaw installation, configuration, and verification completed!"Create an O&M task
Log on to the O&M portal. For more information, see Log on to the O&M portal.
Choose O&M Tasks and click Create O&M Task.
Configure the following parameters:
Task Information: Enter a name for the task. Set Execution Mode to Manual. Set Script Content to Specific O&M Script, and then select the public script or private script that you created.
Associate Host Account: Select the host accounts on which you want to run the task.
Click Create O&M Task. After the task is created, its status is displayed as Pending Approval in the O&M task list.
Approve the O&M task
O&M tasks that use public scripts must be approved by an administrator before they can run. Tasks that use private scripts do not require approval and can be run immediately. For more information about how to approve tasks, see Review O&M tasks.
Log on to the Bastionhost console as an administrator and select the region where your Bastionhost instance is deployed.
Find the target instance and click Manage.
In the left-side navigation pane, choose .
Click the Task Review tab, find the task that you want to approve, and click Allow.
Run the O&M task
In the O&M portal, click O&M Tasks.
Find the target task and click Start. The task status changes to Running.
After the status changes to Completed, click Actions > View Execution Results. Find the target execution record and click View in the Output column to check the execution log for each host.
NoteInstallation time varies based on network conditions. For example, it may take about 30 minutes in the Chinese mainland.
Get OpenClaw UI access
In the O&M portal, click Hosts.
Find the target host and click the username under Remote Connection to open the host terminal.
Run the following command to obtain the token and other information required to log on to the OpenClaw UI:
openclaw dashboardThe command returns the following output:
Dashboard URL: http://127.0.0.1:18789/#token=3703e******e8a75To access the OpenClaw UI:
Go to the ECS Instances page, select the region where the target ECS instance is located, and click the instance name to go to the details page.
On the Security Groups tab, find the target security group in the Security Groups and click its Security Group ID. On the Security Group Details page, click the Inbound tab and add a rule with the following settings:
Action: Allow
Protocol: Custom TCP
Source: 0.0.0.0/0
Destination: 18789
Open a terminal on your local computer and run the following command to create an SSH tunnel:
ssh -N -L 18789:127.0.0.1:18789 root@<ECS_public_IP_address>.To find the public IP address, go to the ECS Instances page, find the target ECS instance, and view the IP Address column.
In your browser, navigate to the
Dashboard URLthat you obtained earlier. Replace127.0.0.1with the public IP address of the ECS instance to access the OpenClaw UI.WarningYou must temporarily open port 18789 for inbound traffic in the security group of the ECS instance. After completing the OpenClaw setup, immediately remove this rule to reduce security risks.
Scenario 2: Remote O&M for OpenClaw
Bastionhost provides a secure O&M channel that routes all SSH connection requests through a centralized proxy for identity authentication. This mechanism enables centralized permission management and fine-grained authorization. It also records all commands, session replays, and file transfer activities to provide a complete audit trail. This ensures a secure, closed-loop process from access to execution.
In the O&M portal, click Hosts.
Find the target host and click the username under Remote Connection to open the host terminal.
Run O&M commands as needed. The following are some common examples:
Check the OpenClaw running status:
systemctl --user status openclaw-gatewayList installed skills:
openclaw skills listEnter the natural language interaction interface:
openclaw tui
All operations performed in the session are recorded by Bastionhost for full traceability.
Scenario 3: Batch security hardening
Manually hardening OpenClaw security on each server is inefficient and error-prone, as it involves multiple steps. By using Bastionhost to run a hardening script in batches, you can quickly apply security configurations and run risk scans across all target nodes.
Create a private script
Log on to the O&M portal. For more information, see Log on to the O&M portal.
NoteTo obtain the public URL of the O&M portal: Log on to the Bastionhost instance list page as an administrator, select the target region, find your instance, and click Manage. On the Overview page, you can find the URL in the instance information panel on the right.
Choose O&M Tasks, switch to the Script Management tab, and then click Create O&M Script.
Enter a name for the script, paste the following hardening script content, and then click OK.
NoteThe script performs the following actions: runs a security audit and remediation, sets permissions for configuration files and state directories, and performs a deep security audit.
#!/bin/bash # OpenClaw host security hardening script # Description: # 1. Runs 'openclaw security audit --fix' to remediate security issues. # 2. Sets permissions for configuration files and state directories. # 3. Performs a deep security audit. set -e # Exit immediately if a command exits with a non-zero status. # Color definitions for formatted output RED='\033[0;31m' GREEN='\033[0;32m' YELLOW='\033[1;33m' BLUE='\033[0;34m' NC='\033[0m' # No Color # Logging functions log_info() { echo -e "${BLUE}[INFO]${NC} $1" } log_success() { echo -e "${GREEN}[SUCCESS]${NC} $1" } log_warning() { echo -e "${YELLOW}[WARNING]${NC} $1" } log_error() { echo -e "${RED}[ERROR]${NC} $1" >&2 } # Check if OpenClaw is installed check_openclaw_installed() { if ! command -v openclaw &> /dev/null; then log_error "openclaw command not found, please install OpenClaw first" exit 1 fi log_info "OpenClaw is installed" } # Get the path to the OpenClaw configuration directory get_openclaw_config_dir() { if [ -n "$OPENCLAW_CONFIG_DIR" ]; then echo "$OPENCLAW_CONFIG_DIR" else echo "$HOME/.openclaw" fi } # Main function main() { log_info "Starting OpenClaw host security hardening..." # Check if OpenClaw is installed check_openclaw_installed # Get configuration directory path CONFIG_DIR=$(get_openclaw_config_dir) CONFIG_FILE="$CONFIG_DIR/openclaw.json" log_info "Config directory: $CONFIG_DIR" log_info "Config file: $CONFIG_FILE" # Step 1: Run security audit and remediation log_info "Step 1: Running 'openclaw security audit --fix' for security remediation..." if openclaw security audit --fix; then log_success "Security remediation completed" else log_warning "Warnings encountered during security remediation, continuing with next steps" fi # Step 2: Set permissions for configuration file and state directory log_info "Step 2: Setting config file and state directory permissions..." if [ ! -d "$CONFIG_DIR" ]; then log_warning "Config directory $CONFIG_DIR does not exist, creating..." mkdir -p "$CONFIG_DIR" fi chmod 700 "$CONFIG_DIR" log_success "Directory permissions set: chmod 700 $CONFIG_DIR" if [ -f "$CONFIG_FILE" ]; then chmod 600 "$CONFIG_FILE" log_success "Config file permissions set: chmod 600 $CONFIG_FILE" else log_warning "Config file $CONFIG_FILE does not exist, skipping permission setup" fi # Step 3: Run a deep security audit (critical step) log_info "Step 3: Running 'openclaw security audit --deep' for deep security audit..." # Capture deep audit output, retaining it even if the command fails DEEP_AUDIT_OUTPUT="" if ! DEEP_AUDIT_OUTPUT=$(openclaw security audit --deep 2>&1); then DEEP_AUDIT_EXIT_CODE=$? log_warning "Deep security audit command failed (exit code: $DEEP_AUDIT_EXIT_CODE), but output has been captured" else log_success "Deep security audit completed successfully" fi # === End of script: Highlight deep audit results === echo "" echo -e "${YELLOW}========================================${NC}" echo -e "${YELLOW} OpenClaw Deep Security Audit Results ${NC}" echo -e "${YELLOW}========================================${NC}" if [ -n "$DEEP_AUDIT_OUTPUT" ]; then echo "$DEEP_AUDIT_OUTPUT" else echo -e "${RED}(No output)${NC}" fi echo -e "${YELLOW}========================================${NC}" echo "" log_success "OpenClaw host security hardening completed! Please review the deep audit results above." } # Script entry point if [[ "${BASH_SOURCE[0]}" == "${0}" ]]; then main "$@" fi
Create an O&M task
Log on to the O&M portal. For more information, see Log on to the O&M portal.
NoteTo obtain the public URL of the O&M portal: Log on to the Bastionhost instance list page as an administrator, select the target region, find your instance, and click Manage. On the Overview page, you can find the URL in the instance information panel on the right.
Choose O&M Tasks and click Create O&M Task.
Configure the following parameters:
Task Information: Enter a name for the task. Set Execution Mode to Manual. Set Script Content to Specific O&M Script, and then select the private script that you created.
Associate Host Account: Select the host accounts on which you want to run the task.
Click Create O&M Task.
NoteO&M tasks created with private scripts do not require administrator approval and can be run immediately.
Run the O&M task
In the O&M portal, click O&M Tasks.
Find the target task and click Start. The task status changes to Running.
After the status changes to Completed, click Actions > View Execution Results. Find the target execution record and click View in the Output column to check the hardening log for each host.
Scenario 4: Batch uninstallation
During resource de-provisioning or version upgrades, you can use Bastionhost to run uninstallation scripts in batches. This ensures consistent removal of agent components and leftover configurations, while keeping all uninstallation activities auditable.
Create a private script
Log on to the O&M portal. For more information, see Log on to the O&M portal.
NoteTo obtain the public URL of the O&M portal: Log on to the Bastionhost instance list page as an administrator, select the target region, find your instance, and click Manage. On the Overview page, you can find the URL in the instance information panel on the right.
Choose O&M Tasks, switch to the Script Management tab, and then click Create O&M Script.
Enter a name for the script, paste the following uninstallation script content, and then click OK.
NoteThe script performs the following actions: stops and removes the systemd service, cleans up global npm packages and CLI files, deletes configuration and cache directories, cleans up shell configurations, and automatically verifies the uninstallation.
#!/bin/bash # This script completely uninstalls OpenClaw and immediately verifies the cleanup. set -e echo "Starting to uninstall OpenClaw..." # 1. Stop and clean up the systemd user service (order is critical) echo "Stopping and removing Gateway service..." systemctl --user stop openclaw-gateway 2>/dev/null || true systemctl --user disable openclaw-gateway 2>/dev/null || true rm -f ~/.config/systemd/user/openclaw-gateway.service # Reload the systemd user instance (must be done after deleting the file) systemctl --user daemon-reload 2>/dev/null || true # Force-reset the systemd user state to resolve cached remnants if command -v systemctl >/dev/null 2>&1; then sleep 1 systemctl --user reset-failed 2>/dev/null || true fi # 2. Get the npm global node_modules path NPM_GLOBAL_DIR="" if command -v npm >/dev/null 2>&1; then NPM_GLOBAL_DIR=$(npm root -g 2>/dev/null || echo "") fi [ -z "$NPM_GLOBAL_DIR" ] && NPM_GLOBAL_DIR="/usr/lib/node_modules" # 3. Force-remove the npm global package echo "Force cleaning npm global packages..." if [ -d "$NPM_GLOBAL_DIR/openclaw-cli" ]; then rm -rf "$NPM_GLOBAL_DIR/openclaw-cli" echo " Removed $NPM_GLOBAL_DIR/openclaw-cli" fi if [ -d "$NPM_GLOBAL_DIR/openclaw" ]; then rm -rf "$NPM_GLOBAL_DIR/openclaw" echo " Removed $NPM_GLOBAL_DIR/openclaw (legacy name)" fi # 4. Delete the CLI executable echo "Cleaning CLI executables..." rm -f /usr/local/bin/openclaw /usr/bin/openclaw /bin/openclaw # 5. Delete configuration, cache, and compilation cache directories echo "Cleaning config and cache..." rm -rf ~/.openclaw ~/.cache/openclaw /var/tmp/openclaw-compile-cache # 6. Clean up linger settings if command -v loginctl >/dev/null 2>&1; then if loginctl show-user "$USER" 2>/dev/null | grep -q "Linger=yes"; then echo "Disabling lingering..." loginctl disable-linger "$USER" 2>/dev/null || true fi fi # 7. Clean up shell configuration files echo "Cleaning shell configuration..." for rc in ~/.bashrc ~/.zshrc ~/.profile /etc/profile; do if [ -f "$rc" ]; then cp "$rc" "$rc.bak-openclaw" 2>/dev/null || true sed -i.bak -E '/(openclaw|NODE_COMPILE_CACHE|OPENCLAW_NO_RESPAWN)/d' "$rc" 2>/dev/null || true fi done echo "" echo "OpenClaw uninstall complete, verifying cleanup..." # Automatic verification of the cleanup CLEAN=true # 1. Check if the CLI command still exists if command -v openclaw &> /dev/null; then echo "[LEFTOVER] 'openclaw' command still exists" CLEAN=false else echo "CLI command removed" fi # 2. Check for the npm global package if command -v npm >/dev/null 2>&1; then if npm list -g --depth=0 2>/dev/null | grep -q "openclaw"; then echo "[LEFTOVER] openclaw package still exists in npm" CLEAN=false else echo "npm package uninstalled" fi else echo "npm not available, skipping npm package check" fi # 3. Check for the configuration directory if [ -d "$HOME/.openclaw" ]; then echo "[LEFTOVER] Config directory ~/.openclaw still exists" CLEAN=false else echo "Config directory cleaned" fi # 4. Check for the cache directory if [ -d "$HOME/.cache/openclaw" ]; then echo "[LEFTOVER] Cache directory ~/.cache/openclaw still exists" CLEAN=false else echo "Cache directory cleaned" fi # 5. Check for the systemd user service if systemctl --user list-units --full 2>/dev/null | grep -q "openclaw"; then echo "[LEFTOVER] systemd user service still exists" CLEAN=false else echo "systemd user service cleaned" fi # 6. Check for running processes if pgrep -f "openclaw" > /dev/null 2>&1; then echo "[LEFTOVER] OpenClaw process still running" CLEAN=false else echo "No OpenClaw process running" fi # Final result echo "" if [ "$CLEAN" = true ]; then echo "Verification passed! OpenClaw has been completely removed." exit 0 else echo "Warning: leftovers detected, please clean up manually." exit 1 fi
Create an O&M task
Log on to the O&M portal. For more information, see Log on to the O&M portal.
NoteTo obtain the public URL of the O&M portal: Log on to the Bastionhost instance list page as an administrator, select the target region, find your instance, and click Manage. On the Overview page, you can find the URL in the instance information panel on the right.
Choose O&M Tasks and click Create O&M Task.
Configure the following parameters:
Task Information: Enter a name for the task. Set Execution Mode to Manual. Set Script Content to Specific O&M Script, and then select the private script that you created.
Associate Host Account: Select the host accounts on which you want to run the task.
Click Create O&M Task.
NoteO&M tasks created with private scripts do not require administrator approval and can be run immediately.
Run the O&M task
In the O&M portal, click O&M Tasks.
Find the target task and click Start. The task status changes to Running.
After the status changes to Completed, click Actions > View Execution Results. Find the target execution record and click View in the Output column to check the uninstallation log for each host.
Apply in production
When deploying this solution in a production environment, enhance security by implementing the following controls:
Network policies: Configure your network to allow access to managed servers only from the egress IP address of your Bastionhost instance. Block all other direct connections.
Access policies: Add all managed nodes as assets in Bastionhost and grant permissions only to authorized O&M personnel. This follows the principle of least privilege.
O&M policies: For sensitive assets, enable features such as two-factor approval for O&M operations, command approval, and command blocklists or allowlists to further mitigate operational risks.
Appendix: OpenClaw commands
For a complete list of commands, see the official OpenClaw documentation.
Command | Description | Notes | Risk level |
| Starts a browser automation instance. | Enables the automation environment. | High |
| Manages scheduled tasks. | Automates the execution of specific instructions. | High |
| Simulates a click on a webpage element. | Automatically fills in forms and clicks buttons. | High |
| Clears all state data. | Resets all configurations. | High |
| Navigates the browser to a specified URL. |
| Medium |
| Installs skills or plug-ins from the official marketplace. | From the official skill marketplace. | Medium |
| Enables a specified plug-in. | Requires a plug-in name. | Medium |
| Rebuilds the vector index. | Used to resolve issues with AI memory logic. | Medium |
| Lists installed skills. | View the agent's capabilities. | Low |
| Searches long-term memory content. | Based on vector retrieval. | Low |
| Enters the natural language interaction interface. | Terminal user interface (TUI). | Low |