Hardening Guide

Set Up h-cli
Securely in Minutes

Dedicated user, read-only credentials, scoped access. Deploy h-cli the way you'd deploy any monitoring tool.

"Trust is earned, not granted."

1

Create a Dedicated User on Your Managed Devices

On every server, router, or switch that h-cli will connect to, create a dedicated unprivileged user. This is not for the h-cli container — it's for the remote devices h-cli manages.

On your managed Ubuntu / Debian servers
# Create a restricted user for h-cli to SSH into
sudo useradd -m -s /bin/bash hcli
sudo passwd hcli
# No sudo access
sudo deluser hcli sudo 2>/dev/null
# Optional: restrict to specific commands only
sudo usermod -s /bin/rbash hcli
sudo mkdir -p /home/hcli/bin
# Symlink only the commands h-cli needs
for cmd in nmap tcpdump traceroute mtr ping ss ip iptables; do
sudo ln -sf "$(which $cmd)" /home/hcli/bin/ 2>/dev/null
done
# This matches h-cli's default sudo whitelist
# An empty list disables sudo entirely (fail-closed)
# NOTE: h-cli's own containers are already hardened with
# 45 security items, non-root, read-only filesystems, etc.
# This step hardens the REMOTE servers h-cli connects to.
# Lock PATH to only the bin directory
echo 'export PATH=/home/hcli/bin' | sudo tee /home/hcli/.bash_profile
sudo chown root:root /home/hcli/.bash_profile
sudo chmod 644 /home/hcli/.bash_profile
2

Read-Only Device Credentials

Create read-only users on your network devices. h-cli doesn't need write access to provide massive value.

Juniper Junos
# Create read-only login class
set system login class h-cli-readonly permissions [ view view-configuration ]
set system login class h-cli-readonly deny-commands "(clear|request|start|restart|edit|delete|set)"
# Create user with that class
set system login user hcli class h-cli-readonly
set system login user hcli authentication ssh-ed25519 "AAAA...your-public-key..."
Cisco IOS / IOS-XE
! Create read-only user (privilege 1 = show commands only)
username hcli privilege 1 secret 0 YourSecurePassword
! Or with SSH key authentication
ip ssh pubkey-chain
username hcli
key-string
AAAA...your-public-key...
exit
exit
Arista EOS
! Create read-only role
role h-cli-readonly
10 permit command show *
20 deny command .*
! Create user with that role
username hcli role h-cli-readonly nopassword
username hcli ssh-key ssh-ed25519 AAAA...your-public-key...
3

Read-Only API Tokens

Create scoped, read-only tokens for your tools. h-cli can query without modifying anything.

NetBox
# In NetBox UI: Admin > API Tokens > Add Token
# User: hcli
# Write enabled: No
# Permissions: Read-only on all objects
# Store token securely
export NETBOX_TOKEN="your-read-only-token"
export NETBOX_URL="https://netbox.internal.example.com"
Grafana
# In Grafana: Administration > Service Accounts
# Create service account: hcli
# Role: Viewer (not Editor, not Admin)
# Generate token for the service account
export GRAFANA_TOKEN="your-viewer-token"
export GRAFANA_URL="https://grafana.internal.example.com"
EVE-NG
# Create a dedicated EVE-NG user via the web UI
# Role: User (not Admin)
# Assign only the labs h-cli needs access to
export EVENG_USER="hcli"
export EVENG_PASS="your-secure-password"
export EVENG_URL="https://eve-ng.internal.example.com"
4

Network Isolation

On the server where h-cli's containers run, restrict outbound access. Only allow connections to the systems it needs.

UFW (Ubuntu Firewall) — on the server running h-cli containers
# Default deny outgoing from hcli user
sudo ufw default deny outgoing
# Allow only what h-cli needs
sudo ufw allow out to 10.0.0.0/8 port 22 # SSH to network devices
sudo ufw allow out to 10.0.0.0/8 port 830 # NETCONF
sudo ufw allow out to 10.0.0.0/8 port 443 # eAPI / HTTPS APIs
sudo ufw allow out to 10.0.10.5 port 8080 # NetBox
sudo ufw allow out to 10.0.10.6 port 3000 # Grafana
# DNS (required)
sudo ufw allow out to any port 53 # DNS resolution
# Online mode only — allow access to AI provider
sudo ufw allow out to any port 443 # Claude API / LLM provider
# Remove the line above if running fully offline with Ollama/vLLM
sudo ufw enable

h-cli is the AI interface, not the security boundary.

Deploy it like any monitoring tool: read-only credentials, scoped access, restricted source IPs. The Asimov Firewall adds safety — your network controls enforce it.

5

Put It All Together

Store your credentials in an environment file with restricted permissions. Never commit this to git.

Built-in credential scrambler

h-cli includes a credential scrambler that replaces all sensitive values with variable names before they reach the LLM. The AI never sees your actual passwords, tokens, or keys — it only works with references like $NETBOX_TOKEN and $HSSH_KEY. The real values are injected at execution time, outside the LLM context.

/opt/h-cli/.env
# Network device credentials
HSSH_USER=hcli
HSSH_KEY=/home/hcli/.ssh/id_hcli
# NetBox (read-only)
NETBOX_URL=https://netbox.internal.example.com
NETBOX_TOKEN=your-read-only-token
# Grafana (viewer)
GRAFANA_URL=https://grafana.internal.example.com
GRAFANA_TOKEN=your-viewer-token
# EVE-NG (user, not admin)
EVENG_URL=https://eve-ng.internal.example.com
EVENG_USER=hcli
EVENG_PASS=your-secure-password
Lock it down
chmod 600 /opt/h-cli/.env
chown hcli:hcli /opt/h-cli/.env

Security Checklist

Dedicated unprivileged user
Dedicated SSH key pair
Read-only device credentials
Scoped API tokens (no write)
Network firewall rules (no internet)
Env file with 600 permissions
Asimov Firewall (4 x 4 rules)
45 container hardening items

Pro tip: disable the Asimov Gate in read-only mode

If your device credentials are read-only, the remote user is locked down with rbash, and your API tokens have no write permissions — the Asimov Firewall's AI gate is an extra safety layer that adds latency on every command.

In this scenario, you can safely disable the gate for faster operations. The deterministic pattern denylist still runs (zero latency), and the remote devices physically cannot be modified regardless of what commands are sent.

Only do this if you are 100% sure all credentials and remote users are read-only. If any write access exists, keep the gate enabled.

Ready to Try?

h-cli is free and open source. Set up in minutes, start querying your infrastructure immediately.

Get Started on GitHub Request a Demo