How to Install Hermes Agent on a Server via SSH

Important Security Rule (Read before you start): Hermes Agent is an advanced AI that continuously writes custom code, builds its own skills, and interacts with your server's backend database. Because it is highly autonomous and powerful, installing it on an unhardened server is extremely dangerous. Automated internet scanners can find your open ports and take complete control of your server in minutes. For your own safety, you must secure your server first before downloading or setting up Hermes Agent. Complete this hardening guide before running any installation commands.

Deploying Hermes Agent (built by Nous Research) shifts traditional server architecture into a persistent, autonomous compute lifecycle. Hermes distinguishes itself from generic prompt wrappers via its unique "closed learning loop"—meaning the agent continuously evaluates task execution data, modifies user profile parameters, and actively writes code or builds complex new functional skills directly into its local backend system. Because an active Hermes instance dynamically translates language instructions into host terminal instructions, protecting the underlying instance environment is mandatory.

Using the Hermes Agent on your Self-Managed VPS guarantees full ownership of your contextual memory vector space, safe execution pipeline, and limited restriction of proprietary data patterns within your network topology.

System Requirements

Hermes Agent includes the use of memory cache engines and sandboxed tools for the local environment; as such, your basic hardware configuration should comply with the requirements below:

Resource	Minimum Specification	Recommended Specification
Processor (CPU)	1 vCPU (64-bit architecture)	2 vCPUs or higher
Memory (RAM)	1 GB available space	2 GB to 4 GB RAM
Disk Space	10 GB available SSD Storage	30 GB or higher SSD Storage
Operating System	Ubuntu 22.04 LTS (amd64)	Ubuntu 24.04 LTS (amd64)

Prerequisites

Verify that the following infrastructure parameters are available before initializing the workflow:

A Self-Managed VPS matched against the resource baseline matrix outlined above.
Administrative SSH Access: Root or sudo-privileged credentials coupled with your target server IP address.
An Operational LLM Endpoint: Valid API access credentials for your required model provider.

Step 1: Connect to Your VPS Infrastructure via SSH

Open your local terminal (macOS/Linux) or Command Prompt/PowerShell (Windows).
Run the following SSH command (replace your_server_ip with your actual VPS IP address):
Enter your root password when prompted to access the server console.

ssh root@your_server_ip

Example Output:

$ ssh [email protected]
The authenticity of host '192.0.2.44 (192.0.2.44)' can't be established.
ECDSA key fingerprint is SHA256:DdkoWy/LnXyD4wq86zKE8Yh4cPyGz/Q5y4rwl2DElV0.
Are you sure you want to continue connecting (yes/no/[fingerprint])? yes
Warning: Permanently added '192.0.2.44' (ECDSA) to the list of known hosts.
[email protected]'s password: 
Welcome to Ubuntu 24.04 LTS (GNU/Linux 6.5.0-27-generic x86_64)

Last login: Fri Mar 15 10:25:00 2024 from 198.51.100.23
root@vps-123456:~#

Step 2: Baseline Linux Host Hardening & System Update

Security starts with the OS itself. It is crucial to make your Linux host system secure to avoid automated scanning and password-guessing attempts by an attacker. First, ensure your repository tracking lists are updated, and that nano is installed for editing security configuration files.

sudo apt update && sudo apt upgrade -y
sudo apt install nano -y

Example Output:

Reading package lists... Done
Building dependency tree... Done
The following NEW packages will be installed:
  nano
0 upgraded, 1 newly installed, 0 to remove and 0 not upgraded.
Setting up nano (7.2-2) ...

Enforce Cryptographic SSH Authentication

Open the primary secure shell configuration file using your text editor:

sudo nano /etc/ssh/sshd_config

Locate and modify the lines within the file to deactivate plain-text passwords and administrative log-in paths completely, forcing public keys:

PermitRootLogin no
PasswordAuthentication no
PubkeyAuthentication yes

Commit the rules, save the file, and restart your active host SSH service daemon to apply changes:

sudo systemctl restart ssh

Configure the Network Firewall Gateway

Block unknown inbound traffic across all baseline machine layers using the Uncomplicated Firewall (UFW) tool:

sudo ufw default deny incoming

Keep your outbound communication pathways completely clear so the model loop can consult model registries and provider endpoints:

sudo ufw default allow outgoing

Whitelist your designated management SSH communication channel alongside web/webhook validation configurations:

sudo ufw allow ssh
sudo ufw allow http
sudo ufw allow https

Apply these access variables and activate your firewall engine:

sudo ufw enable

Example Output:

Command may disrupt existing ssh connections.
Proceed with operation (y|n)? y
Firewall is active and enabled on system startup

Deploy Fail2Ban Intrusion Prevention

Install the tracking suite to detect brute-force activity and immediately block offending connection vectors:

sudo apt install fail2ban -y

Bring the tracking system online and register its startup lifecycle hooks:

sudo systemctl enable --now fail2ban

Step 3: Initialize Container Runtimes & Daemons

Hermes Agent utilizes Docker isolated subsystems to protect the host OS during arbitrary code processing runs. Set up the foundational utilities and register the official Docker repository indexes on your system:

sudo apt install git curl ca-certificates -y

Install keys to handle container layer handshakes and map the package index tracking route to your sources list:

sudo install -m 0755 -d /etc/apt/keyrings
sudo curl -fsSL https://download.docker.com/linux/ubuntu/gpg -o /etc/apt/keyrings/docker.asc
sudo chmod a+r /etc/apt/keyrings/docker.asc

echo "deb [arch=$(dpkg --print-architecture) signed-by=/etc/apt/keyrings/docker.asc] https://download.docker.com/linux/ubuntu $(. /etc/os-release && echo "$VERSION_CODENAME") stable" | sudo tee /etc/apt/sources.list.d/docker.list > /dev/null
sudo apt update

Install the standardized core Docker environment and Compose engine plugins:

sudo apt-get install docker-ce docker-ce-cli containerd.io docker-buildx-plugin docker-compose-plugin -y

Start the daemon engine and append it to the system boot routines:

sudo systemctl start docker
sudo systemctl enable docker

Isolate the Network Interface

Create an isolated internal bridge link layer so the agent can safely interact with its dependent storage services without broadcasting open socket lines to the tracking internet:

docker network create hermes-net

Step 4: Clone the Source Tree and Configure Environment Credentials

Pull down the deployment files directly from the distribution code repository onto your local path structures:

git clone https://github.com/hermesagent/hermes-agent.git
cd hermes-agent

Prepare your system configurations by copying the development baseline template into an active local parameters file:

cp .env.example .env

Open your newly constructed configuration file using your system text editor tool:

sudo nano .env

Define your primary integration access strings, unique API keys, security elements, and secure credentials within the file layout:

# Operational Endpoint Access
OPENAI_API_KEY=sk-proj-4Wv9Xb7yZ2M1N5K4J3H2G1F0D9S8A7P6O5I4U3Y2T1R0E
ANTHROPIC_API_KEY=sk-ant-api03-L9k8J7h6G5f4D3s2A1q0WeRtYuIoPlKjHgFfDsSaA-1a2b3c4

# Administrative UI Security Elements
HERMES_SECRET=7f8a9b2c3d4e5f6g7h8i9j0k1l2m3n4o5p6q7r8s9t0u1v2w3x4y5z6a7b8c9d0e
PORT_BINDING=8080
SYSTEM_USER=hermes_admin
SYSTEM_PASS=Mypassword_2026_Secure!

Step 5: Verify & Harden Execution Contexts

There are several options for terminal execution engines in Hermes, such as local, Docker, SSH, Daytona, and Modal. For server use, using the local engine without any limitations poses serious risks. Hermes must always be executed via its containerized target profile paths.

Implement Granular Directory Mount Bounds

Review your application files and configuration paths to confirm layout structure:

ls -la

When engineering your storage architectures or verifying your docker-compose.yml mapping block, never map the host's primary root paths directly into the workspace directory. Limit the scope to specific, separate user directories containing your persistent configurations:

volumes:
  - ./hermes_workspace:/root/.hermes:rw   # Confine memory files and skill definitions securely

Profile Isolation & Messenger Safety

Separate Intent Blocks Cleanly: Do not combine unrelated jobs into one profile environment. For instance, if using two profiles for performing infrastructural upgrades and automated code reviews, run them in separate directories to prevent horizontal privilege escalation if one is compromised.
Lock Down the Local Web Dashboard: If configuring parameter dashboards or external MCP servers, ensure the interface binds to the local machine loopback address (127.0.0.1) and not the public WAN (0.0.0.0). Access it remotely only via an encrypted SSH tunnel.
```
hermes dashboard --port 9119
```
Hardcode Explicit Sender Credentials: Within your active profile variables, map explicit channel identity codes (such as your literal Telegram Chat ID or Discord account hash). Configure Hermes to immediately drop, block, and alert you to any communication requests arriving from untrusted endpoints.

Step 6: Build the Images and Execute the Deployment Cluster

Because Hermes Agent reads configuration files to assemble custom internal module profiles locally on run hooks, build your container configuration locally rather than executing unvalidated public repository pulls.

Compile and build the localized application image arrays:

docker compose build

Launch your orchestration layers inside background detached operational spaces:

docker compose up -d

Example Output:

[-] Running 3/3
✔ Network hermes-net Created
✔ Container hermes-db-store Started
✔ Container hermes-agent-core Started

Step 7: Confirm Service Access and Run Diagnostics

After setting up the runtime containers securely, use curl to initiate a connection test to ensure that the operational gateway performs as intended:

curl http://localhost:8080/api/health

Example Output:

{"status":"healthy","version":"2.1.0","services":{"database":"connected","agent_loop":"idle"}}

Step 8: Interface Access

For setting up interactive pipeline processes for your workspace, establish path variables to the server through your port layout:

http://your_server_ip:8080

Use your registered SYSTEM_USER credentials and secure SYSTEM_PASS established earlier in your .env file environment to access your playground, system prompt commands, local code API integration, and target workflow automation.

Production Deployment Security Note

Multi-container system sandboxes launched through authentication using a native server root account may lead to ownership conflicts with respect to files. To solve this problem, when running systems in production environments, set up a non-root Linux user (e.g., hermesadmin), tie the credentials to hardware groups within Docker, and launch your Docker Compose activities using that user only.

Summary

Setting up the Nous Research Hermes Agent server must be done with the utmost security considerations because of the potential dangers that can arise from the development of autonomous AI technologies. By adhering to recommended practices—from the initial cryptographic setup of the server and the network firewall to local container sandboxing—you guarantee the stability and security of your AI workflow orchestration environment. Your Hermes Agent is now securely set up to automate tasks via reliable workflows.

Did you find this article helpful?