Product

Security

Security

Your agent runs on a VPS connected to the internet. Here’s how to keep it safe.

Support Access

The Remote easyClaw Support Access toggle on the Security page controls whether the deployment user (easyvps) can log in via SSH.

• Enabled — easyDNS support can access your VPS for troubleshooting
• Disabled — no remote SSH access (recommended for production)

You can always re-enable it from the Security page or the built-in Terminal.

Firewall (fail2ban)

fail2ban automatically blocks IP addresses that make too many failed login attempts. The Security page shows:

• Active jails — which services are being protected
• Banned IPs — currently blocked addresses
• Total banned — lifetime count of blocked attackers

Manual Actions

You can manually ban or unban IP addresses from the Security page. Use this to:

• Block a suspicious IP
• Unban yourself if you got locked out
• Unban a colleague who fat-fingered their password

Password Security

Your easyClaw admin password is separate from your VPS system password. Changing one does not affect the other.

If You Get Locked Out

1. SSH in with your easyvps password and run: sudo /opt/easyclaw/webui/bin/reset-password.sh
2. Can’t SSH? Contact easyDNS support to access your VPS console

Best Practices

• Disable support access when you don’t need it
• Use a strong password for your easyClaw admin login
• Keep easyClaw updated — updates include security fixes
• Check the Security page periodically to review banned IPs
• Don’t share your gateway token — it provides full access to your agent’s API