Bill Erickson

Blog / AI

Use Hermes Desktop with your remote Hermes agent

Written by Bill EricksonPublished on June 23, 2026

I run Hermes on a separate computer instead of my daily machine.

The remote machine can stay online all the time, keep scheduled jobs running, receive messages from Telegram or Mattermost, and handle long-running tasks without depending on whether my laptop is awake.

There’s also a security and separation benefit. Hermes can use tools, run terminal commands, read files, manage credentials, and connect to other services. I’d rather keep that on a dedicated machine with a narrower purpose than mix it into the computer I use all day.

I happened to have an unused mini PC, so I set it up there. If you don’t have spare hardware, you can also run Hermes on a small cloud server like DeepInfra, which is about $13/month, or a DigitalOcean droplet, which is closer to $24/month.

I use Tailscale to put my Hermes computer, desktop, NAS, laptop, and phone on the same private network. That lets me reach each device from anywhere without opening it up to the public internet. My Hermes box still sits at home, but I can connect to it from my laptop whenever I’m away.

I use Telegram and Mattermost with Hermes occasionally, but most of my interaction has been through the terminal. That works well, but it also means SSHing into the machine, opening a shell, and using Hermes from there.

I recently found out the Hermes Desktop app can connect to a remote Hermes agent. You still install the desktop app locally, but instead of using the local Hermes instance it installs, you point it at the dashboard running on your remote Hermes machine.

That gives you the nicer desktop UI while keeping the actual Hermes runtime on your always-on machine.

Enable the Hermes dashboard on the remote machine

The desktop app connects to the Hermes dashboard backend, not the messaging gateway used by Telegram, Mattermost, and Slack.

On the remote Hermes machine, first configure dashboard authentication. If you’re connecting over Tailscale and not exposing it to the public internet, the simplest option is username/password basic auth.

Stop any dashboard currently running in insecure mode:

pkill -f 'hermes dashboard.*9119'

Then create a dashboard username, password hash, and stable signing secret:

cd ~/.hermes/hermes-agent

HASH=$(venv/bin/python3 -c 'from getpass import getpass; from plugins.dashboard_auth.basic import hash_password; print(hash_password(getpass("Dashboard password: ")))')
SECRET=$(openssl rand -base64 32)

cat >> ~/.hermes/.env <<EOF
HERMES_DASHBOARD_BASIC_AUTH_USERNAME=admin
HERMES_DASHBOARD_BASIC_AUTH_PASSWORD_HASH=$HASH
HERMES_DASHBOARD_BASIC_AUTH_SECRET=$SECRET
EOF

chmod 600 ~/.hermes/.env

The stable HERMES_DASHBOARD_BASIC_AUTH_SECRET matters because it keeps your desktop session valid across dashboard restarts. Without it, you’ll get logged out every time the dashboard restarts.

Now start the dashboard on an address your desktop can reach.

In both of the following snippets, change <tailscale-ip> to your actual tailscale IP.

hermes dashboard --no-open --host <tailscale-ip> --port 9119

Verify that authentication is enabled:

curl -s http://<tailscale-ip>:9119/api/status | jq '.auth_required, .auth_providers'

You want to see:

true
[
  "basic"
]

If auth_required is false, the auth gate isn’t active. If basic is missing, the dashboard did not load your username/password settings.

For long-term use, keep the dashboard running under systemd, tmux, or whatever process manager you use on that machine. The desktop app can only connect while the dashboard process is running.

Install Hermes Desktop locally

Next, install Hermes Desktop on your laptop or desktop computer.

The app will install Hermes locally. That’s fine, but it’s not the Hermes instance we’re going to use. The local install is mainly there so the desktop shell can run.

Once the app opens and gets to the local setup flow, go to: Settings → Gateway and select “Remote Gateway”.

Then paste your remote dashboard URL. If you’re on the same local network, that might be something like http://192.168.1.50:9119, but I prefer using the Tailscale IP: http://100.x.y.z:9119

After entering the URL, sign in with the basic auth credentials you created earlier. User = admin, password = whatever you typed in.

Save and reconnect. Hermes Desktop should now be talking to your remote Hermes agent instead of the local one.

Why this setup is better

The remote machine is responsible for the actual Hermes runtime: tools, memory, sessions, cron jobs, gateway connections, project files, and long-running work.

Your laptop or desktop computer gets the interface: a native app, easier session browsing, model controls, file previews, and a nicer way to chat with the same agent.

You can still use the terminal when you want, and you can still use Telegram or Mattermost when that’s more convenient. But for longer working sessions, Hermes Desktop gives you a better front end.

Bill Erickson

Bill Erickson is the co-founder and lead developer at CultivateWP, a WordPress agency focusing on high performance sites for web publishers.

About Me
Ready to upgrade your website?

I build custom WordPress websites that look great and are easy to manage.

Let's Talk

Other articles in this series

Migrating from WordPress to Astro

June 19, 2026

A practical look at when Astro can replace WordPress, using a client migration to explain content inventory, SEO, forms, performance, and tradeoffs.

Reader Interactions

Comments are closed. Continue the conversation with me on Twitter: @billerickson

Leave A Reply