Introduction & Environment Setup
Understand Agent Zero's architecture and prepare a secure VPS foundation with SSH hardening, firewall configuration, and intrusion prevention.
Agent Zero is an open-source framework for deploying autonomous AI agents that can write code, execute commands, search the web, and collaborate with other agents to accomplish complex tasks. Unlike cloud-based AI assistants, self-hosting Agent Zero gives you complete control over your data, unlimited usage without per-token fees, and the ability to run fully private AI workflows.
What is Agent Zero?
Agent Zero is a Python-based AI agent framework created by Jan Tomášek in March 2024. It differs from traditional chatbots in several important ways:
Autonomous Execution
Agent Zero doesn't just suggest code or commands; it executes them directly within an isolated Docker environment. Give it a task like "create a Python script that monitors disk usage and sends alerts," and it will write, test, and refine the code until it works.
Multi-Agent Cooperation
Complex tasks can be delegated to subordinate agents. The primary agent (Agent 0) breaks down problems and spawns specialized sub-agents, each maintaining clean context for their specific subtask.
Persistent Memory
Unlike stateless chat interfaces, Agent Zero remembers previous solutions, facts, and instructions. This memory system categorizes information and retrieves relevant context automatically.
Fully Customizable
The entire framework behavior is controlled by editable prompt files. There are no hard-coded limitations—you can modify how agents reason, communicate, and use tools by editing markdown files in the prompts/ directory.
Why Self-Host Agent Zero?
Running Agent Zero on your own VPS provides advantages that cloud AI services cannot match:
- Privacy — Your prompts, data, and agent memory never leave your server. This matters for sensitive business automation, proprietary code generation, or any workflow involving confidential information.
- Cost Control — Cloud LLM APIs charge per token. Heavy automation workflows can accumulate significant costs. With a self-hosted setup, your VPS cost is fixed, and you can optionally run local LLMs for zero API fees.
- No Rate Limits — Your agents can work continuously without hitting usage caps or waiting for quota resets.
- Customization — Modify any aspect of agent behavior. Add custom tools, integrate with internal systems, or create specialized agents for your specific use cases.
- Reliability — Your AI infrastructure runs independently of third-party service availability.
Architecture Overview
Agent Zero uses Docker to create an isolated execution environment:
┌─────────────────────────────────────────────────────────┐
│ Your VPS │
│ ┌───────────────────────────────────────────────────┐ │
│ │ Docker Container │ │
│ │ ┌─────────────┐ ┌─────────────┐ ┌───────────┐ │ │
│ │ │ Agent Zero │ │ Python │ │ Bash │ │ │
│ │ │ Framework │◄─┤ Execution │ │ Terminal │ │ │
│ │ └──────┬──────┘ └─────────────┘ └───────────┘ │ │
│ │ │ │ │
│ │ ▼ │ │
│ │ ┌─────────────┐ ┌─────────────┐ ┌───────────┐ │ │
│ │ │ Memory │ │ Knowledge │ │ SearXNG │ │ │
│ │ │ Storage │ │ Base │ │ Search │ │ │
│ │ └─────────────┘ └─────────────┘ └───────────┘ │ │
│ └───────────────────────────────────────────────────┘ │
│ │ │
│ ▼ │
│ ┌─────────────────┐ │
│ │ LLM Provider │ │
│ │ (Cloud/Local) │ │
│ └─────────────────┘ │
└─────────────────────────────────────────────────────────┘The Docker isolation is critical—Agent Zero executes arbitrary code, so containing it prevents accidental damage to your host system. The framework communicates with LLM providers (OpenAI, Anthropic, Ollama, etc.) to power the AI reasoning, while all execution happens inside the container.
Hardware Requirements
Agent Zero's resource needs depend primarily on whether you run LLMs locally or use cloud APIs.
Cloud LLM Configuration (API-based)
If you plan to use OpenAI, Anthropic, Groq, or other cloud providers for inference, Agent Zero itself is lightweight:
| Resource | Minimum | Recommended |
|---|---|---|
| RAM | 2 GB | 4 GB |
| vCPUs | 1 | 2 |
| Storage | 20 GB | 40 GB |
| Network | 100 Mbps | 1 Gbps |
A RamNode 4GB Premium VPS ($24/mo) handles this configuration comfortably, with headroom for memory storage growth and concurrent agent sessions.
Local LLM Configuration (Ollama)
Running models locally requires significantly more resources. The requirements scale with model size:
| Model Size | RAM Required | Example Models |
|---|---|---|
| 7B parameters | 8 GB | Mistral 7B, Llama 3 8B, Qwen2.5 7B |
| 13B parameters | 16 GB | Llama 2 13B, Qwen2.5 14B |
| 30B+ parameters | 32 GB+ | Qwen2.5 32B, Mixtral 8x7B |
For local LLM hosting, a RamNode 8GB or 16GB Premium VPS provides the memory needed for responsive inference. CPU-based inference is slower than GPU but entirely viable for async workflows.
Initial Server Setup
This guide uses Ubuntu 24.04 LTS, though Ubuntu 22.04 works equally well. The instructions assume you've provisioned a fresh RamNode VPS and have root SSH access.
Connect to Your Server
ssh root@your-server-ipUpdate System Packages
apt update && apt upgrade -yCreate a Non-Root User
Running services as root is a security risk. Create a dedicated user:
adduser agentzero
usermod -aG sudo agentzeroSet a strong password when prompted. Then switch to the new user:
su - agentzeroSSH Key Authentication & Hardening
On your local machine, generate an SSH key if you don't have one:
ssh-keygen -t ed25519 -C "your-email@example.com"Copy your public key to the server:
ssh-copy-id agentzero@your-server-ipHarden SSH Configuration
Edit the SSH daemon configuration:
sudo nano /etc/ssh/sshd_configApply these security settings:
Port 2222 # Change from default 22
PermitRootLogin no # Disable root login
PasswordAuthentication no # Require key authentication
PubkeyAuthentication yes
MaxAuthTries 3
ClientAliveInterval 300
ClientAliveCountMax 2Restart SSH to apply changes:
sudo systemctl restart sshdImportant: Before closing your current session, open a new terminal and verify you can connect on the new port:
ssh -p 2222 agentzero@your-server-ipFirewall Configuration
Ubuntu includes ufw (Uncomplicated Firewall). Enable it with rules for SSH and the Agent Zero web interface:
sudo ufw default deny incoming
sudo ufw default allow outgoing
sudo ufw allow 2222/tcp comment 'SSH'
sudo ufw allow 80/tcp comment 'HTTP'
sudo ufw allow 443/tcp comment 'HTTPS'
sudo ufw enableVerify the rules:
sudo ufw status verboseYou should see:
Status: active
To Action From
-- ------ ----
2222/tcp (SSH) ALLOW IN Anywhere
80/tcp (HTTP) ALLOW IN Anywhere
443/tcp (HTTPS) ALLOW IN AnywhereInstall Fail2ban
Fail2ban monitors logs and temporarily bans IPs that show malicious behavior:
sudo apt install fail2ban -yCreate a local configuration:
sudo nano /etc/fail2ban/jail.localAdd these settings:
[DEFAULT]
bantime = 1h
findtime = 10m
maxretry = 5
banaction = ufw
[sshd]
enabled = true
port = 2222
filter = sshd
logpath = /var/log/auth.log
maxretry = 3
bantime = 24hStart and enable fail2ban:
sudo systemctl enable fail2ban
sudo systemctl start fail2banCheck status:
sudo fail2ban-client status sshdFinal Configuration
Set the Timezone
sudo timedatectl set-timezone America/New_YorkReplace America/New_York with your preferred timezone. List available options with timedatectl list-timezones.
Enable Automatic Security Updates
sudo apt install unattended-upgrades -y
sudo dpkg-reconfigure -plow unattended-upgradesSelect "Yes" when prompted to enable automatic updates.
Verify Your Setup
Before proceeding to Part 2, confirm your environment is ready:
# Check Ubuntu version
lsb_release -a
# Verify firewall is active
sudo ufw status
# Confirm fail2ban is running
sudo systemctl status fail2ban
# Check available disk space
df -h
# Check available memory
free -hYour output should show:
- Ubuntu 22.04 or 24.04 LTS
- UFW active with your configured rules
- Fail2ban active and monitoring SSH
- Sufficient disk space (20+ GB free)
- Your provisioned RAM available
What's Next?
Your VPS is now secured and ready for Agent Zero installation. In Part 2: Docker Installation & Core Deployment, we'll:
- Install Docker and Docker Compose
- Clone the Agent Zero repository
- Launch the framework for the first time
- Access the web interface
The isolated Docker environment ensures Agent Zero's autonomous code execution can't affect your host system, while your firewall and fail2ban configuration protect against external threats.