Running OpenClaw on a headless VPS gives you 24/7 availability, better uptime, and the ability to access your AI assistant from anywhere. This guide walks through deploying OpenClaw on a remote server and—crucially—configuring it to use your Claude Pro subscription instead of pay-per-use API billing.
Why Use Claude Pro Instead of API Billing?
Anthropic offers two ways to access Claude:
- API Key → Pay-per-token billing (can get expensive with heavy usage)
- Claude Pro/Max Subscription → Fixed monthly fee (~$20-25/month) with higher rate limits
For personal use, the subscription is typically more cost-effective. OpenClaw supports both methods, and this guide focuses on the subscription approach.
Prerequisites
- A VPS or cloud server (AWS, DigitalOcean, Linode, Hetzner, etc.)
- Debian/Ubuntu-based system (this guide uses Debian 12)
- Node.js 24+ installed
- Your personal machine with Claude CLI installed (
npm install -g @anthropic-ai/claude-cli)
Step 1: Install OpenClaw on Your VPS
SSH into your server and install OpenClaw:
# Install Node.js 24 if not presentcurl -fsSL https://deb.nodesource.com/setup_24.x | sudo -E bash -sudo apt-get install -y nodejs
# Install OpenClaw globallynpm install -g openclaw
# Verify installationopenclaw --versionStep 2: Initial Configuration
Run the onboarding wizard to set up the basic configuration:
openclaw onboardThis creates the initial config at ~/.openclaw/openclaw.json. For a headless server, you’ll want minimal configuration to start:
{ agents: { defaults: { workspace: "~/.openclaw/workspace" } }}Step 3: Generate the Setup Token (On Your Local Machine)
Important: The claude setup-token command must be run on a machine where you’re already authenticated with Claude—not on the headless VPS.
On your local machine (laptop/desktop with Claude CLI installed):
# Make sure you're logged into Claudeclaude auth login
# Generate a setup token for your VPSclaude setup-tokenThis outputs something like:
Your setup token (expires in 30 minutes):
sk-ant-setup-token-xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
Copy this token and paste it into your OpenClaw configuration.Note: This token is temporary (expires in 30 minutes) and can only be used once.
Step 4: Configure OpenClaw with the Setup Token
Back on your VPS, paste the token into OpenClaw:
openclaw models auth paste-token --provider anthropicYou’ll be prompted to paste the token. After pasting, verify the authentication:
openclaw models statusYou should see Anthropic listed with a green checkmark and your account email.
Alternative: Manual Token Entry
If the interactive paste doesn’t work on your headless server, you can add it directly to the auth profiles file:
# Create the auth profiles filemkdir -p ~/.openclaw/agents/main/agentcat > ~/.openclaw/agents/main/agent/auth-profiles.json << 'EOF'{ "anthropic:your-email@example.com": { "provider": "anthropic", "mode": "token", "token": "sk-ant-setup-token-xxxxxxxx...", "email": "your-email@example.com" }}EOFReplace your-email@example.com with your Anthropic account email and the token with your actual setup token.
Step 5: Set Claude as Your Default Model
Configure OpenClaw to use Claude by default:
# Set the default modelopenclaw models set anthropic/claude-opus-4-6
# Or for Sonnet (faster, cheaper)openclaw models set anthropic/claude-sonnet-4-5
# Verifyopenclaw models listYour config should now look like:
{ agents: { defaults: { workspace: "~/.openclaw/workspace", model: { primary: "anthropic/claude-opus-4-6" } } }}Step 6: Set Up a Channel (WhatsApp Example)
To actually use OpenClaw, you need to configure a messaging channel. Here’s a WhatsApp setup:
# Install the WhatsApp channel dependenciesopenclaw plugins enable whatsapp
# Configure WhatsAppopenclaw config set channels.whatsapp.enabled trueopenclaw config set channels.whatsapp.dmPolicy "allowlist"openclaw config set channels.whatsapp.allowFrom '["+1234567890"]' # Your phone numberFor the first WhatsApp connection, you’ll need to scan a QR code. On a headless server, OpenClaw will display the QR code in the terminal—screenshot it and scan with WhatsApp on your phone.
Step 7: Running OpenClaw as a Service
To keep OpenClaw running after you disconnect SSH, use systemd:
# Create systemd service filesudo tee /etc/systemd/system/openclaw.service << 'EOF'[Unit]Description=OpenClaw GatewayAfter=network.target
[Service]Type=simpleUser=your-usernameWorkingDirectory=/home/your-usernameEnvironment="PATH=/usr/local/bin:/usr/bin:/bin"Environment="HOME=/home/your-username"ExecStart=/usr/local/bin/openclaw gateway startRestart=alwaysRestartSec=10
[Install]WantedBy=multi-user.targetEOF
# Enable and start the servicesudo systemctl daemon-reloadsudo systemctl enable openclawsudo systemctl start openclaw
# Check statussudo systemctl status openclawReplace your-username with your actual Linux username.
Step 8: Connecting Remotely
To interact with your headless OpenClaw instance, you have several options:
Option A: Control UI via SSH Tunnel
# On your local machine, tunnel the Control UIssh -L 18789:localhost:18789 your-vps-ip
# Then open http://localhost:18789 in your browserOption B: Use the CLI Remotely
# Set the gateway URLopenclaw config set gateway.url "http://your-vps-ip:18789"
# Or use environment variableexport OPENCLAW_GATEWAY_URL="http://your-vps-ip:18789"Option C: Telegram Bot (Recommended for Mobile)
Configure Telegram for easy mobile access:
openclaw config set channels.telegram.enabled trueopenclaw config set channels.telegram.botToken "your-bot-token"openclaw config set channels.telegram.dmPolicy "allowlist"openclaw config set channels.telegram.allowFrom '["tg:your-user-id"]'Troubleshooting
”Model is not allowed” Error
If you see:
Model "anthropic/claude-opus-4-6" is not allowedAdd the model to your allowlist:
{ agents: { defaults: { model: { primary: "anthropic/claude-opus-4-6", models: { "anthropic/claude-opus-4-6": { alias: "Opus" }, "anthropic/claude-sonnet-4-5": { alias: "Sonnet" } } } } }}Token Expired
Setup tokens expire after 30 minutes. If yours expires, generate a new one on your local machine and paste it again.
Rate Limits
Claude Pro has rate limits (typically ~45 messages per 3 hours on Opus). If you hit limits:
- Switch to Sonnet (higher limits)
- Add fallbacks in your config:
{ agents: { defaults: { model: { primary: "anthropic/claude-opus-4-6", fallbacks: [ "anthropic/claude-sonnet-4-5", "kimi-coding/k2p5" ] } } }}Auth Profile Not Found
If OpenClaw can’t find your auth:
# Check the auth profiles file existscat ~/.openclaw/agents/main/agent/auth-profiles.json
# Verify models statusopenclaw models status --verboseSecurity Considerations
- Protect your setup tokens — they provide full access to your Claude subscription
- Use allowlists — never leave channels in “open” mode on a public server
- Firewall rules — restrict port 18789 to your IP only:
Terminal window sudo ufw allow from your-home-ip to any port 18789 - Regular updates — keep OpenClaw updated:
Terminal window npm update -g openclaw
Comparison: API Key vs Subscription
| Feature | API Key | Claude Pro Subscription |
|---|---|---|
| Cost | Pay per token | Fixed monthly fee |
| Rate Limits | Higher | Lower (~45 msg/3hr Opus) |
| Setup | Simple key | Requires setup-token flow |
| Best For | Heavy usage, apps | Personal use, experimentation |
Conclusion
Setting up OpenClaw on a headless VPS with Claude Pro subscription gives you a powerful, always-on AI assistant without the variable costs of API billing. The setup-token flow bridges the gap between Anthropic’s consumer subscription and headless server deployment.
Next steps:
- Configure additional channels (Telegram, Discord, Slack)
- Set up cron jobs for automated tasks
- Explore multi-agent setups for different workspaces
- Add skills from ClawHub
Last updated: February 11, 2026. OpenClaw version 2026.2.9.