Install Hermes Agent on a VPS: your 24/7 personal AI assistant
Mike Codeur
For months, I used OpenClaw as my personal assistant connected to Telegram, WhatsApp and Discord. Great to get started, but updates became painful with every release. I needed something more stable.
I switched to Hermes Agent (Nous Research, open source). And I don't regret it for a second.
In this article, I'm sharing everything I learned installing Hermes on a VPS to run 24/7, accessible from any phone — without depending on a third-party SaaS. Including the gotchas, the security trade-offs, and the setup I recommend.
You can have a personal AI agent running 24/7 on a VPS, accessible from your phone, with memory, skills, crons and GitHub backup.
Hermes is not Claude Code
Before diving into the install, let's clarify the positioning. That's probably your first question.
| Tool | Main use | When to use it |
|---|---|---|
| Claude Code | Terminal agent for coding | When you're at your computer in dev mode |
| OpenClaw | Multi-channel assistant (Telegram, WhatsApp, Discord) | Personal workflow + messaging |
| Hermes Agent | Always-on agent + self-improvement loop | Background tasks, crons, mobile access, automations |
The one-liner that sums it up:
Claude Code is your copilot when you're driving. Hermes is the assistant who stays at the office while you're away.
Hermes is not a direct replacement for Claude Code. It's a personal always-on agent, plugged into channels like Telegram or WhatsApp, able to launch scheduled tasks and create its own skills on the fly.
Why a VPS?
A VPS is just a computer in the cloud. The point is simple: your agent no longer depends on your Mac or PC. When you close your laptop, the agent keeps running.
Concretely, this lets you:
- Talk to your agent from your phone, anywhere
- Run crons even when you sleep (monitoring, briefing, audits)
- Have an assistant answering in 2 seconds, not 10 minutes after your computer boots
- Isolate, monitor, back up cleanly
A VPS turns your agent into a service. Not just a chat window.
The 5 fundamentals of Hermes
Hermes is built on 5 building blocks that differentiate it from a plain LLM chat:
- Memory — persistent memory across sessions
- Skills — reusable capabilities (
.mdfiles the agent can create itself) - Soul — personality and tone
- Sessions — search through past conversations
- Crons — native scheduled tasks
The real "aha": your agent creates its own skills and runs tasks while you sleep. No longer a chat — an async collaborator.
3 installation modes
Before copy-pasting commands, pick your mode:
| Mode | Pro | Con |
|---|---|---|
| Managed (Hostinger) | Zero setup, 5-min start | Less control, recurring cost |
| Docker | Clean isolation, duplicable | Extra layer to maintain |
| Direct root | Max performance, easy debug | No isolation between agents |
My pick: direct install with a dedicated non-sudo user. Consistent if you already have other services on the VPS (OpenClaw, n8n, personal APIs).
Step-by-step install (the setup I recommend)
1. Prepare the VPS
# as root, on Ubuntu 24.04 LTS
sudo apt update
sudo apt install -y curl git ripgrep ffmpeg build-essential
# create a dedicated non-sudo user
sudo adduser hermes
# NO usermod -aG sudo (strict segmentation)
# NO usermod -aG docker (root equivalent)Why no sudo? An AI agent running under a user with sudo equals root through its terminal backend. If you share your VPS with other services, segment strictly.
2. Install Hermes
# as hermes
sudo su - hermes
curl -fsSL https://hermes-agent.nousresearch.com/install.sh | bashThe installer will check and install:
uv(which installs Python 3.11)- Git, Node.js, ripgrep, ffmpeg
Hermes installs into /home/hermes/.hermes/hermes-agent. Remember this path for backups.
3. Configure the LLM provider
hermes setupYou can pick from: Anthropic, OpenAI, OpenRouter, MiniMax, Qwen, DeepSeek, Hugging Face, Bedrock, GitHub Copilot, custom endpoint, etc.
⚠️ Headless VPS gotcha: if you use Codex OAuth (ChatGPT), you must first enable in ChatGPT:
Settings → Secure Connection → "Enable device code authorization for Codex"
Without this toggle, you'll spin for 10 minutes.
4. Connect Telegram (or WhatsApp)
hermes gateway setupFor Telegram:
- Create a bot via BotFather
- Grab the bot token
- Get your Telegram user ID (via @userinfobot)
- Allowlist your user ID
- Start the gateway
- Test with a simple "hello"
⚠️ Allowlist is mandatory: a public bot without controls is a bad idea. The goal isn't for the whole internet to talk to your agent.
5. Working directory
This is the trap many miss. By default, the wizard suggests . (cwd at setup time). Don't leave .:
Gateway working directory [.]: /home/hermes/workspace
Otherwise, if systemd starts Hermes from /, your working dir becomes /. Catastrophic for crons writing in the wrong place.
6. Check it's running
hermes # CLI chat
hermes --tui # TUI interface
hermes doctor # full diagnosticsIf the basic chat doesn't work, don't add complexity. Debug first, extend later.
Security: the real trade-offs
This is the part most tutorials skip. An autonomous agent with terminal + API keys + Internet is not trivial.
Rules I follow systematically
- Dedicated API keys per agent (never the same key for all)
- Budget limits when the provider allows
- Minimum necessary access (zero blanket sudo)
- No full personal mailbox at start
- No prod without human validation
- Separate containers for agents with different roles
The "sudo enabled during the wizard" trap
The wizard asks "Enable sudo support? [y/N]". If you answer y, Hermes stores a password to run sudo apt install for you. Convenient, but breaks segmentation.
My call: start without sudo. If a need emerges (e.g. Hermes wants to install a system package), add a whitelisted sudoers rule — not blanket sudo.
# granular rule, not blanket
hermes ALL=(root) NOPASSWD: /usr/bin/apt, /bin/systemctl restart hermes-*GitHub backup
Hermes will accumulate value: memory, skills, preferences, automations.
If your VPS dies and you have no backup, you lose your assistant.
The right pattern:
- Private GitHub repo for the agent state
- Strict
.gitignore(never.env, tokens, sensitive logs) - Regular commits (memory, soul, user, skills, docs)
- Daily backup cron
An agent's memory is an asset. Don't let it die on a VPS without a backup.
First useful cron
This is where Hermes really differs from an AI chat. A few concrete ideas:
- "Every morning, give me a 10-line AI/dev briefing"
- "For 12h after a YouTube video drops, watch comments and draft replies"
- "Every night, back up your skills and memory to GitHub"
- "Every Monday, run a basic VPS security audit"
- "Every hour, check if my SaaS has errors and send a summary on WhatsApp"
You're no longer just asking it to answer. You're asking it to come back on its own at the right time.
The 4 classic gotchas
Summary of everything I broke during the install:
| Gotcha | Symptom | Fix |
|---|---|---|
| Device code OAuth | Stuck on Codex auth | Enable the toggle in ChatGPT settings |
| Invisible paste | Telegram token seems to not type | It's getpass(), blind paste works |
Working dir . | Crons writing to / | Set /home/hermes/workspace |
| Wrong user | Empty TUI or "gateway exited" | Always operate from the hermes user |
These four mistakes are 80% of the time lost. Now you know.
Going further
I made a full video that shows the entire setup live, with 1h of free training: step-by-step install, root access, sudoers, exposed ports, Tailscale, OpenWebUI behind VPN, custom skills demo.
👉 Watch the full Hermes VPS video
And if you want to follow this kind of AI workflows for developers every week, subscribe to The Agentic Dev — my newsletter on AI agents and AI-assisted dev.