SSH Remote Configuration Guide

Overview

This guide sets up a streamlined workflow for accessing your OpenClaw Mac server ("MacTruc") from your daily driver Mac. By the end you'll have a short ssh TrucBot1 alias replacing the full SSH command, an automatic port tunnel for the OpenClaw dashboard, passwordless key authentication, and a one-click Dock icon that opens Terminal and connects instantly. The configuration is designed to be multi-bot ready — future instances (TrucBot2, TrucBot3, etc.) follow the same pattern with their own host aliases and forwarded ports.

Connection Architecture

💻

Daily Driver Mac

BigMac · curtcornum · ~/.ssh/config

Your working machine. The SSH config alias and Terminal shortcut app live here. Connects over LAN using Ed25519 key-based auth — no password required after setup.

ORIGIN

ssh TrucBot1 · Ed25519 key auth · port 22

🦞

Mac Server (MacTruc)

192.168.1.51 · trucbot1 · OpenClaw 2026.5.7 · profile: trucbot1

The dedicated OpenClaw server running 24/7. Runs OpenClaw under an isolated profile (--profile trucbot1) with state under ~/.openclaw-trucbot1/. SSH session provides full terminal access and automatically tunnels the dashboard port.

OPENCLAW HOST

LocalForward 18789 → localhost:18789

🌐

OpenClaw Dashboard

localhost:18789 · tunneled via SSH · browser access

While the SSH session is active, the OpenClaw web dashboard is available at localhost:18789 in any browser on your daily driver — no VPN or separate port forward needed.

TUNNEL ENDPOINT

Setup Steps

0

Pre-Flight: MacTruc Static IP & Remote Login

One-time setup on the server side

On MacTruc, configure the network and enable SSH:

Setting	Where	Value
Static IP	System Settings → Network → Details → TCP/IP	`192.168.1.51` (Manual)
Remote Login	System Settings → General → Sharing	ON, allow `trucbot1`

Router-side alternative: If your router supports DHCP reservations, that's cleaner than a Mac-side static IP — the binding lives in one place and won't conflict with the DHCP pool.

1

Create the SSH Config Alias

Replace the long command with a short alias

On BigMac, open your SSH config file (create it if it doesn't exist):

mkdir -p ~/.ssh
chmod 700 ~/.ssh
touch ~/.ssh/config
chmod 600 ~/.ssh/config
nano ~/.ssh/config

Add this host block:

Host TrucBot1
    HostName           192.168.1.51
    User               trucbot1
    LocalForward       18789 localhost:18789
    ServerAliveInterval 60
    ServerAliveCountMax 3
    TCPKeepAlive       yes

Setting	Purpose
`LocalForward`	Tunnels OpenClaw dashboard to localhost:18789
`ServerAliveInterval`	Sends keepalive ping every 60s to prevent session drops
`ServerAliveCountMax`	Disconnects cleanly after 3 consecutive missed keepalives
`TCPKeepAlive`	OS-level keepalive for the underlying TCP connection

2

Set Up Passwordless SSH Keys

Authenticate with a key pair instead of a password

Generate an Ed25519 key pair on BigMac (skip if you already have one at ~/.ssh/id_ed25519):

ssh-keygen -t ed25519 -C "bigmac-to-trucbot1"

Press Enter three times to accept defaults — no passphrase needed. Then copy your public key to MacTruc:

ssh-copy-id TrucBot1

Enter trucbot1's macOS password one final time. After this, ssh TrucBot1 connects instantly with no password prompt — ever.

Key locations: Private key stays at ~/.ssh/id_ed25519 on BigMac and never leaves. Public key is appended to /Users/trucbot1/.ssh/authorized_keys on MacTruc.

3

Create the Terminal Shortcut

One-click Dock access to TrucBot1

Open Script Editor (Spotlight → "Script Editor") and paste:

tell application "Terminal"
    activate
    do script "ssh TrucBot1"
end tell

Export as an application: File → Export, set File Format to Application, name it SSH TrucBot1, save to Applications. Drag it to your Dock — one click opens Terminal and connects to TrucBot1, no typing required.

Usage Reference

Command	What You Get
`ssh TrucBot1`	Full terminal session + port tunnel active
`ssh -N TrucBot1`	Port tunnel only — no shell, dashboard access only
`ssh TrucBot1 'openclaw --profile trucbot1 status'`	Run a one-shot command remotely and return

The -N flag tells SSH to establish the tunnel without opening a shell. Use this when you only need the OpenClaw dashboard at localhost:18789 in your browser and don't need a terminal session.

Tips & Gotchas

Remote Login must be ON

The #1 cause of "connection refused" errors. On MacTruc: System Settings → General → Sharing → Remote Login. If it's off, SSH won't even answer. If it's set to "Only these users," make sure trucbot1 is in the list.

Permissions on ~/.ssh matter

SSH silently ignores config and key files with loose permissions. ~/.ssh must be 700, ~/.ssh/config and private keys must be 600. If ssh-copy-id or ssh fails inexplicably, run ls -la ~/.ssh and check.

Host fingerprint changes after a rebuild

If MacTruc gets reinstalled or the SSH host keys change, you'll see a scary "REMOTE HOST IDENTIFICATION HAS CHANGED" warning. Clear the stale entry with ssh-keygen -R 192.168.1.51 and reconnect to accept the new fingerprint.

Stale entries from a previous IP

When MacTruc moved from 192.168.1.29 to 192.168.1.51, the old entry stayed in known_hosts. Harmless, but worth cleaning up: ssh-keygen -R 192.168.1.29.

Dashboard says "address already in use"

If port 18789 is already bound on BigMac (e.g., from a stuck SSH session), the LocalForward will fail silently and the dashboard won't load. Kill the old session: lsof -i :18789 to find the PID, kill -9 <pid> to clear it. Then reconnect.

Multi-bot port collisions

When adding TrucBot2, both bots' gateways default to port 18789. Two options: configure each bot's gateway port differently on MacTruc, or map a different BigMac-side port in the LocalForward. Example for TrucBot2: LocalForward 18790 localhost:18790.

Verbose mode for debugging

When SSH misbehaves and you don't know why, add -v (or -vv, -vvv for more). ssh -v TrucBot1 shows every step of the connection — key selection, host verification, channel setup. The "Offering public key" line tells you whether your key is actually being tried.

Tunnel survives the session, not BigMac sleep

The LocalForward stays up as long as the SSH session is alive. If BigMac sleeps or the network blips, the keepalive settings (ServerAliveInterval 60 / CountMax 3) will clean up the dead session within ~3 minutes. Just re-run ssh TrucBot1 when you're back.

Profile flag is required on MacTruc

Once SSH'd in, every openclaw command needs --profile trucbot1 or it'll talk to the default profile (empty/unused). Example: openclaw --profile trucbot1 status. Consider setting an alias in ~/.zshrc on MacTruc: alias oc='openclaw --profile trucbot1'.

Changelog

v1.1 · May 2026

Migrated from truc/ccornum mismatched user to clean isolated trucbot1 user. New static IP 192.168.1.51. OpenClaw upgraded to 2026.5.7 and now runs under --profile trucbot1. SSH host alias renamed from Truc to TrucBot1 to support future multi-bot setups. Added Tips & Gotchas section covering Remote Login, permissions, fingerprint changes, port collisions, and verbose debugging.

v1.0 · February 2026

Initial guide. Host Truc alias, user ccornum, IP 192.168.1.29, OpenClaw 2026.2.15.