A VPS is enough to run OpenClaw constantly, without a Mac mini or local machine running continuously. Here’s how to install, configure and secure your server in just a few steps.
It is one of the most reliable solutions to have an OpenClaw agent available 24/7. A VPS offers OpenClaw perfect flexibility. The AI agent is much more responsive on a Unix environment, thanks to natively usable commands and tools. On Windows, OpenClaw works via WSL (a Linux kernel emulation), which limits it quite significantly both in its autonomy and in navigation on your system. Using a VPS also allows you to do without a Mac mini, which is expensive to purchase and which you have to leave on all the time. In short, the virtual machine in the cloud is the solution, on paper, perfect for hosting such an agent. You still need to know how to install, configure and secure the machine to limit the risks: the server is exposed directly on the web.
Choosing the right VPS
The VPS is, as its name suggests, a virtual machine launched on a physical server, with a host. OVH, LWS, Ikoula, Scaleway… In France, VPS hosts are legion. However, we advise you to stay with a historical player (OVH or Scaleway for example), even if they are sometimes more expensive: the interfaces are clearer and the configurations simpler. For this tutorial, we will choose an OVH VPS. The northern publisher offers, as of March 19, packages ranging from 6.62 euros to 74.45 euros per month. To host just one instance of OpenClaw, the cheapest plan is more than sufficient: 4 cores, 8 GB of RAM, 75 GB of SSD and 400 Mbit/s of bandwidth.
After clicking on “Configure”, OVH offers you different data center locations: Strasbourg, Gravelines, Roubaix or Marseille. Choose the city you want. Latency between the data center and your home is not a real issue in an AI agent use case.
On the same page, OVH offers you the choice of several Linux systems. Here we will choose Ubuntu, the easiest to manage on a daily basis, in its version 25.04.
Several paid options are then available to you to automatically backup your server: automatic backup with restoration (1.84 euros) or snapshot backup (50 cents), i.e. a backup via a compressed file. If you fear losing your data due to accidental manipulation by you or OpenClaw, choose one of these two options. On the other hand, if you simply fear technical failure, there is no need to take out a paid backup. OVH VPS are supposed to be hosted on servers with redundant disks. It is therefore very unlikely to lose data due to a hardware bug.
VPS installation and configuration
Once the order is placed, you will receive your VPS within approximately 10 minutes (sometimes 24 hours in rare cases). You will then receive the connection information for your machine by email. The email prompts you to click on a link to view your user password, do so.
To connect, open a terminal on your computer (“CMD” on Windows, “Terminal” on Mac). We will open an SSH connection (a remote connection protocol) to the remote machine to control it. Enter the following command: ssh ubuntu@IPServer -p 22, where IPServeur is the IPv4 address (xx.xx.xx.xx format) of your machine, communicated by email. Once the command is entered, the terminal asks you for the password: enter the one generated previously. Please note: if you close your terminal before the installation is complete, you will have to start from the beginning to connect to your VPS.
Configure secure access to the machine
You are now logged in to your machine. At the first connection, you will be asked by your server to give your password one last time and configure a new one, do so. In an ideal world, password authentication should be replaced by an SSH key: a much more robust cryptographic mechanism. However, the manipulation is quite cumbersome to detail here, we will opt for a simpler approach but which remains solid if it is well executed. Start by replacing the temporary password provided by OVH with a very long (30 characters minimum), random password, generated by a password manager. Don’t try to remember it, just store it in your manager.
1. Secure the SSH server
Next, we will change the default SSH port. Port 22 is the first that malicious bots scan. By modifying it, you eliminate the vast majority of noise. Edit the SSH configuration file with the following command, in your terminal:
sudo nano /etc/ssh/sshd_config
- Find the line #Port 22, uncomment it (removing the ‘#’) and replace 22 with a number of your choice between 1024 and 65535, for example 4822.
- Also look in the file for the PermitRootLogin parameter and delete it # at the start of the line, and add no. The full line should be: PermitRootLogin no
- Save with Ctrl+O then Ctrl+X
To apply the changes, we then start the ssh server with the following command:
sudo systemctl restart ssh
Please note, from now on, to connect, you will need to specify the new port in your order:
ssh ubuntu@IPServer -p 4822 and no more ssh ubuntu@IPServer -p 22
2. Install an IPS (Intrusion Prevention System)
Finally, we recommend installing fail2ban, a tool that automatically bans IP addresses after several failed connection attempts on your server:
sudo apt install fail2ban -y
The service starts with an already efficient default configuration.
3. Configure the firewall
We will also enable Ubuntu’s built-in firewall, UFW, to only allow connections that are strictly necessary. By default, no rules are configured: you must therefore open the SSH port you have chosen before activating the firewall, otherwise you will be locked out.
sudo ufw allow 4822/tcp
sudo ufw enable
sudo ufw status
The first command allows incoming connections on port 4822 (adjust the number if you chose another). The second activates the firewall: all ports not explicitly authorized are now blocked. The third allows you to check that the rule is in place. The benefit is simple: if OpenClaw were to launch a service on an unexpected port, it would not be exposed on the web.
4. Enable automatic updates
Final step: enable automatic security updates. Your VPS will run continuously, and you will not connect to it every day to check for available patches. Ubuntu offers a dedicated tool, unattended-upgrades, which automatically applies security patches:
sudo apt install unattended-upgrades -y
sudo dpkg-reconfigure --priority=low unattended-upgrades
Select “Yes” when asked. The system will now take care of installing critical updates on its own, without intervention on your part.
With a strong password, a non-standard port, fail2ban and automatic installation of updates, your VPS is secure enough to accommodate an AI agent. Now let’s move on to installing OpenClaw.
Install and configure OpenClaw
The installation of OpenClaw is now quite similar to a classic installation on Windows. We will not go into details, a complete article is already online on the installation of OpenClaw.
To begin installing OpenClaw on your vps, enter the following command:
curl -fsSL https://openclaw.ai/install.sh | bash
The command downloads the installation script and begins the setup.
- Accept the terms of use of the service and choose QuickStart mode.
- Choose your template provider for your agent (via API or via oAuth, although this is not recommended)
The real strength of OpenClaw on a VPS is being able to talk to it from your phone, via Telegram, WhatsApp, Discord, Slack, Teams or even iMessage, without having a machine on at home 24/7. The easiest channel to set up is Telegram. Select it with the directional arrows then Enter. Then, on your phone:
- open Telegram,
- look for the bot “@BotFather”
- click on “Create a New Bot”
- give it a name
- copy the generated token
Back in the terminal, paste this token. Your agent can now be reached from Telegram.
OpenClaw then asks you for a default search engine. Choose Gemini and enter your API key (Google free-tier is more than enough). The agent then offers you around twenty skills (audio transcription, file summarization, PDF reading, RSS monitoring, etc.): select those that interest you, the others can be installed later.
Finally, activate the four proposed hooks (prompt injection at startup, command log, persistent memory between sessions, etc.). Their additional resource cost is negligible.
An agent accessible 24 hours a day
Your agent is now accessible from Telegram and works completely independently on your VPS. In principle, you no longer need to connect to the machine: OpenClaw manages its tasks, skill updates and sessions all by itself. However, if you want to go further in terms of security, we strongly recommend that you replace password authentication with an SSH key, the real standard in production. Ubuntu offers a very clear dedicated tutorial, including for Windows.
One point of caution, however: OpenClaw has full powers over your server. It can install packages, modify files, run scripts. So be careful with what you ask of it, and reserve this VPS only for this use. In the event of incorrect handling of the agent, the simplest solution is to reinstall the VPS from the OVH interface and start this tutorial from the beginning. It’s a matter of a few minutes.
