{"slug": "show-hn-opentunnel-run-remote-commands-as-local-agent-tool-calls", "title": "Show HN: OpenTunnel – Run Remote Commands as Local Agent Tool Calls", "summary": "OpenTunnel, a new open-source tool, enables AI agents to run commands on remote machines via ephemeral, end-to-end encrypted tunnels without SSH, accounts, or persistent access. The tool downloads a temporary CLI, requires no installation, and sessions are revoked with Ctrl+C, leaving no trace. This addresses the challenge of agents hitting security barriers when tasks require remote execution.", "body_md": "**Your agent's tool calls, on any machine.**\n\nOpenTunnel gives AI agents an ephemeral, end-to-end encrypted command tunnel to remote machines. No SSH, no accounts, no standing access. Ctrl+C and it's gone.\n\n[opentunnel.sh](https://opentunnel.sh) · [Getting Started](https://opentunnel.sh/getting-started/) · [How It Works](https://opentunnel.sh/concepts/how-it-works/) · [Security Model](https://opentunnel.sh/concepts/security-model/) · [Self-Hosting](https://opentunnel.sh/guides/self-hosting/)\n\nAgents are brilliant on the machine they run on. The moment the task lives on another machine, they hit a wall of SSH keys, firewall rules, and standing credentials. Permanent infrastructure for a temporary need.\n\nOpenTunnel removes the wall without creating permanent access. You start one foreground process on the remote machine and paste the printed prompt into your agent. From then on, the agent runs commands there like any other tool call: stdout, stderr, and the real exit code come back as if the machine were local. When the task is done, you press Ctrl+C. The session ends, the invite expires, and no trace of the access remains.\n\n## demo.mp4\n\n**1 · On the remote machine**\n\n``` bash\n$ curl -fsSL https://opentunnel.sh | sh\n\nI opened an OpenTunnel session for you.\nSession active. Press Ctrl+C to revoke access.\n```\n\nA temporary CLI is downloaded, checksum-verified, and opens one foreground session. Nothing is installed.\n\n**2 · In your agent**\n\nPaste the printed prompt. That's all: the prompt tells your agent everything it needs, and from that moment it runs commands on the remote machine as regular tool calls, with stdout, stderr, and the real exit code coming back as if the machine were local.\n\n**3 · Press Ctrl+C when you're done**\n\nThe session ends, the invite expires, and the relay forgets the connection ever existed. Nothing persists, not on your machine and not on the relay.\n\nThe relay routes opaque, encrypted frames between your agent and the remote machine. It cannot read your traffic, so it doesn't matter who operates it.\n\n**End-to-end encrypted.** Commands, output, and exit codes are encrypted between host and client. The relay forwards ciphertext and sees only routing metadata, timing, and frame sizes.**Nothing persisted.** Only in-memory state for active connections. No sessions, invites, payloads, logs, or client metadata are ever stored.**Revocation is Ctrl+C.** Access lives exactly as long as the foreground host process. Stop it, and the tunnel ceases to exist.**No accounts, no keys.** No signup, no tokens to rotate, no SSH keys to distribute and forget. A session invite is the only secret, and it expires with the session.\n\nThe boundaries, including what OpenTunnel does *not* protect against, are documented precisely in the [security model](https://opentunnel.sh/concepts/security-model/).\n\nBecause the relay needs no database, no accounts, and no persistent state, self-hosting is one command:\n\n```\ndocker run -p 8080:8080 ghcr.io/akoenig/opentunnel:latest \\\n  relay --public-url https://relay.example.com\n```\n\nSessions started from your origin print agent prompts that point there automatically:\n\n```\ncurl -fsSL https://relay.example.com/cli | sh -s -- create\n```\n\nPrefer immutable version tags in production; `latest`\n\nmoves with each release. Public relay origins must use HTTPS; HTTP is accepted only for localhost and loopback development origins. The [self-hosting guide](https://opentunnel.sh/guides/self-hosting/) and [relay operations](https://opentunnel.sh/guides/relay-operations/) cover TLS termination, systemd, upgrades, and deployment verification.\n\nOpenTunnel keeps the access model temporary and narrow on purpose. That is the security model, not a missing feature list: no accounts, no daemons, no audit logs (because there is nothing to log), no PTY, no file transfer, one agent, one command at a time. The full list lives in [scope and non-goals](https://opentunnel.sh/reference/scope-and-non-goals/).\n\nOpenTunnel is a single Go module. The `opentunnel`\n\nbinary contains all three roles: the relay, the host (`create`\n\n), and the client (`exec`\n\n).\n\n```\ngo test ./... -count=1\ngo vet ./...\ngo mod tidy -diff\ngo test -race ./... -count=1\ngo build ./cmd/opentunnel\n```\n\nCI builds binaries for `linux`\n\nand `darwin`\n\non `amd64`\n\nand `arm64`\n\n, and releases publish `ghcr.io/akoenig/opentunnel`\n\n. The [opentunnel.sh](https://opentunnel.sh) website lives in [ website/](/akoenig/opentunnel/blob/main/website), and the operational source docs in\n\n[.](/akoenig/opentunnel/blob/main/docs/public-v1)\n\n`docs/public-v1/`\n\nBuilt by [André König](https://andrekoenig.com) · Released under the [MIT License](/akoenig/opentunnel/blob/main/LICENSE)", "url": "https://wpnews.pro/news/show-hn-opentunnel-run-remote-commands-as-local-agent-tool-calls", "canonical_source": "https://github.com/akoenig/opentunnel", "published_at": "2026-06-19 16:20:03+00:00", "updated_at": "2026-06-19 16:37:54.914372+00:00", "lang": "en", "topics": ["ai-tools", "ai-agents", "ai-safety", "developer-tools"], "entities": ["OpenTunnel", "GitHub"], "alternates": {"html": "https://wpnews.pro/news/show-hn-opentunnel-run-remote-commands-as-local-agent-tool-calls", "markdown": "https://wpnews.pro/news/show-hn-opentunnel-run-remote-commands-as-local-agent-tool-calls.md", "text": "https://wpnews.pro/news/show-hn-opentunnel-run-remote-commands-as-local-agent-tool-calls.txt", "jsonld": "https://wpnews.pro/news/show-hn-opentunnel-run-remote-commands-as-local-agent-tool-calls.jsonld"}}