Is this a replacement for a bastion host or jump box?

For interactive shell work driven by an AI client, yes — there is no inbound path to protect, so you don't need a bastion. For protocol-level access (databases, RDP, arbitrary TCP) a VPN or bastion is still the right tool.

Developers & cloud

Operate cloud VMs without exposing SSH

Q: How can I run commands on a cloud VM without opening SSH?

Install the AI Commander agent on the VM. It opens one outbound WebSocket to the relay, so you can close port 22 entirely. Your AI client runs commands by quoting the VM's session code and receives streamed output — no inbound access required.

Production should have no public port 22. But you still need to tail a log, restart a worker, or run a migration on a live VM. AI Commander lets an AI client do exactly that over a real shell — while the box stays sealed behind its firewall, because the agent only ever connects outbound.

The job

The classic ways to reach a cloud box for ad-hoc shell work all add attack surface or setup: a public SSH port, a bastion/jump host, a VPN, or a cloud-specific agent. AI Commander gives you the shell without the inbound path. It's the same workflow whether the VM is on AWS, GCP, Azure, Hetzner, or bare metal.

Tail and grep logs during an incident: journalctl -u api -n 200 --no-pager.
Restart or reload a service after a config change.
Run a one-off migration or maintenance script and watch it stream.
Check resource pressure: free -m, df -h, top -bn1.

What it looks like

Claude Code — MCP

You: api-prod is throwing 502s — check the service and the last 50 log lines Claude: > systemctl is-active api failed > journalctl -u api -n 50 --no-pager ... Error: connect ECONNREFUSED 127.0.0.1:5432 (postgres) > systemctl restart postgresql api ✓ api active (running) Claude: The API couldn't reach Postgres. Restarted both — API is healthy again.

Why AI Commander instead of SSH / bastion / VPN

	AI Commander	Public SSH	Bastion host	Tailscale SSH
Inbound port required	None	22 open	on bastion	None
Extra infra to run	None	None	Jump host	Tailnet
An AI client can drive it	✓ MCP	✗	✗	✗
Streams output to the client	✓ SSE	manual	manual	manual
Setup	one install command	keys + firewall	host + keys	tailnet + policy

Security model. The session code is the credential, and the agent runs as root by default — so treat the code like a secret and save the machine under an account alias for alias-based access. See the security model.

Set it up

On the VM, install the agent and then close inbound SSH if you no longer need it:

curl -fsSL https://aicommander.dev/install | sudo bash

Connect your AI client, quote the session code (or an alias like api-prod), and run commands.

FAQ

How can I run commands on a cloud VM without opening SSH?

Install the agent on the VM. It opens one outbound WebSocket to the relay, so you can close port 22 entirely. Your AI client runs commands by quoting the session code and receives streamed output — no inbound access required.

Is this a replacement for a bastion host?

For interactive shell work driven by an AI client, yes — there's no inbound path to protect. For protocol-level access (databases, RDP, arbitrary TCP) a VPN or bastion is still the right tool.

Does it work on AWS, GCP, Azure, and bare metal?

Yes. The agent only needs outbound HTTPS, so it runs on any Linux VM in any cloud or on bare metal, even behind strict security groups or NAT.

Close port 22, keep the shell

Install the agent on a VM and reach it through your AI client with nothing inbound exposed.

Install the agent Read the security model