Modes
- Local (this Mac): everything runs on the laptop; no SSH involved.
- Remote over SSH (default): OpenClaw commands run on the remote host. The app opens an SSH connection with
-o BatchMode, your chosen identity/key, and a local port-forward. - Remote direct (ws/wss): no SSH tunnel; the app connects to the gateway URL directly (LAN, Tailscale, Tailscale Serve, or a public HTTPS reverse proxy).
Remote transports
- SSH tunnel (default): uses
ssh -N -L ...to forward the gateway port to localhost. The gateway sees the node’s IP as127.0.0.1because the tunnel is loopback. - Direct (ws/wss): connects straight to the gateway URL. The gateway sees the real client IP.
ControlMaster or ForkAfterAuthentication.
SSH host-key verification is strict by default because gateway credentials travel through this tunnel. To opt into a managed SSH alias’s own trust behavior, set --ssh-host-key-policy openssh via openclaw-mac configure-remote, or set gateway.remote.sshHostKeyPolicy to "openssh" directly. Review the alias and any matching Host * or system configuration before opting in. Changing the SSH target (in the app or via configure-remote) resets the policy back to strict unless you explicitly opt in again for the new target.
In SSH tunnel mode, discovered LAN/tailnet hostnames save as gateway.remote.sshTarget. The app keeps gateway.remote.url on the local tunnel endpoint (for example ws://127.0.0.1:18789) so CLI, Web Chat, and the local node-host service all use the same loopback transport. When discovery returns both raw Tailnet IPs and stable hostnames, the app prefers Tailscale MagicDNS or LAN names so connections survive address changes better. If the local tunnel port differs from the remote gateway port, set gateway.remote.remotePort to the port on the remote host.
Browser automation in remote mode is owned by the CLI node host, not the native macOS app node. The app starts the installed node host service when possible; to enable browser control from that Mac, install/start it with openclaw node install ... and openclaw node start (or run openclaw node run ... in the foreground), then target that browser-capable node.
Prereqs on the remote host
- Install Node + pnpm and build/install the OpenClaw CLI (
pnpm install && pnpm build && pnpm link --global). - Ensure
openclawis on PATH for non-interactive shells (symlink into/usr/local/binor/opt/homebrew/binif needed). - For SSH transport: set up key-based SSH auth. Tailscale IPs are recommended for stable reachability off-LAN.
macOS app setup
To preconfigure the app without the welcome flow, over SSH:~/.openclaw/openclaw.json, mark onboarding complete, and let the app own the selected transport on next start. --local-port/--remote-port default to 18789. Other flags: --password, --identity <path>, --ssh-host-key-policy <strict|openssh>, --project-root <path>, --cli-path <path>, --json. Run openclaw-mac configure-remote --help for the full reference.
To configure from the UI instead:
- Open Settings -> General.
- Under OpenClaw runs, pick Remote and set:
- Transport: SSH tunnel or Direct (ws/wss).
- SSH target:
user@host(optional:port). If the gateway is on the same LAN and advertises Bonjour, pick it from the discovered list to auto-fill this field. - Gateway URL (Direct only):
wss://gateway.example.ts.net(orws://...for local/LAN). - Identity file (advanced): path to your key.
- Project root (advanced): remote checkout path used for commands.
- CLI path (advanced): optional path to a runnable
openclawentrypoint/binary (auto-filled when advertised).
- Hit Test remote. Success means the remote
openclaw status --jsonran correctly. Failures usually mean PATH/CLI issues; exit 127 means the CLI was not found remotely. - Health checks and Web Chat now run through the selected transport automatically.
Web Chat
- SSH tunnel: connects to the gateway over the forwarded WebSocket control port (default 18789).
- Direct (ws/wss): connects straight to the configured gateway URL.
- There is no separate Web Chat HTTP server.
Permissions
- The remote host needs the same TCC approvals as local (Automation, Accessibility, Screen Recording, Microphone, Speech Recognition, Notifications). Run onboarding on that machine once to grant them.
- Nodes advertise their permission state via
node.list/node.describeso agents know what is available.
Security notes
- Prefer loopback binds on the remote host and connect via SSH, Tailscale Serve, or a trusted Tailnet/LAN direct URL.
- SSH tunneling requires an already-trusted host key by default. Trust the host key first (add it to the configured known-hosts file), or explicitly set
gateway.remote.sshHostKeyPolicy: "openssh"for a managed alias whose OpenSSH trust policy you accept. - If you bind the Gateway to a non-loopback interface, require valid Gateway auth: token, password, or an identity-aware reverse proxy with
gateway.auth.mode: "trusted-proxy". - See Security and Tailscale.
WhatsApp login flow (remote)
- Run
openclaw channels login --channel whatsapp --verboseon the remote host. Scan the QR with WhatsApp on your phone. - Re-run login on that host if auth expires. The health check surfaces link problems.
Troubleshooting
Notification sounds
Pick sounds per notification from scripts withopenclaw nodes notify, for example: