SSH Air-gap

Run agentty on a box that can't reach the internet directly. Your laptop relays the bytes; TLS pins on the real upstreams, so the network in between can't MITM you.

One command

From the laptop that does have internet:

agentty airgap --setup user@airgapped-host    # first time: also copies your credentials
agentty airgap user@airgapped-host            # every time after

How it works

ssh -R 1080 exposes a SOCKS5 proxy on the remote at localhost:1080; connections to it tunnel back over SSH and are dialed by your laptop. The remote agentty gets AGENTTY_SOCKS_PROXY=localhost:1080 and routes every TCP destination through it — chat, OAuth refresh, web_fetch, web_search. One env var, no per-host enumeration.

Bare-metal version

If you'd rather not use the wrapper:

ssh -t -R 1080 user@airgapped-host \
    'AGENTTY_SOCKS_PROXY=localhost:1080 agentty'

Requires OpenSSH ≥ 7.6 on both ends (October 2017 — every distro has it). AGENTTY_AIRGAP_SSH injects extra ssh flags; --remote-agentty PATH if it isn't on the remote PATH.

⚠Trust modelAirgap doesn't trust the network between laptop and remote, but it does trust the remote with your tokens — --setup copies credentials.json over at mode 600. A compromised remote can exfiltrate your Anthropic credentials independent of the tunnel. Use it only on hosts you'd already trust with the same secret.

← PreviousWorkspace Boundary Next →Corporate Proxies

✎ Edit this page on GitHub