Running OpenClaw on a headless VPS gives you 24/7 availability, better uptime, and the ability to access your AI assistant from anywhere. This guide walks through deploying OpenClaw on a remote server and—crucially—configuring it to use your Claude Pro subscription instead of pay-per-use API billing.
Why Use Claude Pro Instead of API Billing?
Anthropic offers two ways to access Claude:
- API Key → Pay-per-token billing (can get expensive with heavy usage)
- Claude Pro/Max Subscription → Fixed monthly fee (~$20-25/month) with higher rate limits
For personal use, the subscription is typically more cost-effective. OpenClaw supports both methods, and this guide focuses on the subscription approach.
Prerequisites
- A VPS or cloud server (AWS, DigitalOcean, Linode, Hetzner, etc.)
- Debian/Ubuntu-based system (this guide uses Debian 12)
- Node.js 24+ installed
- Your personal machine with Claude CLI installed (
npm install -g @anthropic-ai/claude-cli)
Step 1: Install OpenClaw on Your VPS
SSH into your server and install OpenClaw:
# Install Node.js 24 if not present
curl -fsSL https://deb.nodesource.com/setup_24.x | sudo -E bash -
sudo apt-get install -y nodejs
# Install OpenClaw globally
npm install -g openclaw
# Verify installation
openclaw --versionStep 2: Initial Configuration
Run the onboarding wizard to set up the basic configuration:
openclaw onboardThis creates the initial config at ~/.openclaw/openclaw.json. For a headless server, you’ll want minimal configuration to start:
{
agents: {
defaults: {
workspace: "~/.openclaw/workspace"
}
}
}Step 3: Generate the Setup Token (On Your Local Machine)
Important: The claude setup-token command must be run on a machine where you’re already authenticated with Claude—not on the headless VPS.
On your local machine (laptop/desktop with Claude CLI installed):
# Make sure you're logged into Claude
claude auth login
# Generate a setup token for your VPS
claude setup-tokenThis outputs something like:
Your setup token (expires in 30 minutes):
sk-ant-setup-token-xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
Copy this token and paste it into your OpenClaw configuration.Note: This token is temporary (expires in 30 minutes) and can only be used once.
Step 4: Configure OpenClaw with the Setup Token
Back on your VPS, paste the token into OpenClaw:
openclaw models auth paste-token --provider anthropicYou’ll be prompted to paste the token. After pasting, verify the authentication:
openclaw models statusYou should see Anthropic listed with a green checkmark and your account email.
Alternative: Manual Token Entry
If the interactive paste doesn’t work on your headless server, you can add it directly to the auth profiles file:
# Create the auth profiles file
mkdir -p ~/.openclaw/agents/main/agent
cat > ~/.openclaw/agents/main/agent/auth-profiles.json << 'EOF'
{
"anthropic:your-email@example.com": {
"provider": "anthropic",
"mode": "token",
"token": "sk-ant-setup-token-xxxxxxxx...",
"email": "your-email@example.com"
}
}
EOFReplace your-email@example.com with your Anthropic account email and the token with your actual setup token.
Step 5: Set Claude as Your Default Model
Configure OpenClaw to use Claude by default:
# Set the default model
openclaw models set anthropic/claude-opus-4-6
# Or for Sonnet (faster, cheaper)
openclaw models set anthropic/claude-sonnet-4-5
# Verify
openclaw models listYour config should now look like:
{
agents: {
defaults: {
workspace: "~/.openclaw/workspace",
model: {
primary: "anthropic/claude-opus-4-6"
}
}
}
}Step 6: Set Up a Channel (WhatsApp Example)
To actually use OpenClaw, you need to configure a messaging channel. Here’s a WhatsApp setup:
# Install the WhatsApp channel dependencies
openclaw plugins enable whatsapp
# Configure WhatsApp
openclaw config set channels.whatsapp.enabled true
openclaw config set channels.whatsapp.dmPolicy "allowlist"
openclaw config set channels.whatsapp.allowFrom '["+1234567890"]' # Your phone numberFor the first WhatsApp connection, you’ll need to scan a QR code. On a headless server, OpenClaw will display the QR code in the terminal—screenshot it and scan with WhatsApp on your phone.
Step 7: Running OpenClaw as a Service
To keep OpenClaw running after you disconnect SSH, use systemd:
# Create systemd service file
sudo tee /etc/systemd/system/openclaw.service << 'EOF'
[Unit]
Description=OpenClaw Gateway
After=network.target
[Service]
Type=simple
User=your-username
WorkingDirectory=/home/your-username
Environment="PATH=/usr/local/bin:/usr/bin:/bin"
Environment="HOME=/home/your-username"
ExecStart=/usr/local/bin/openclaw gateway start
Restart=always
RestartSec=10
[Install]
WantedBy=multi-user.target
EOF
# Enable and start the service
sudo systemctl daemon-reload
sudo systemctl enable openclaw
sudo systemctl start openclaw
# Check status
sudo systemctl status openclawReplace your-username with your actual Linux username.
Step 8: Connecting Remotely
To interact with your headless OpenClaw instance, you have several options:
Option A: Control UI via SSH Tunnel
# On your local machine, tunnel the Control UI
ssh -L 18789:localhost:18789 your-vps-ip
# Then open http://localhost:18789 in your browserOption B: Use the CLI Remotely
# Set the gateway URL
openclaw config set gateway.url "http://your-vps-ip:18789"
# Or use environment variable
export OPENCLAW_GATEWAY_URL="http://your-vps-ip:18789"Option C: Telegram Bot (Recommended for Mobile)
Configure Telegram for easy mobile access:
openclaw config set channels.telegram.enabled true
openclaw config set channels.telegram.botToken "your-bot-token"
openclaw config set channels.telegram.dmPolicy "allowlist"
openclaw config set channels.telegram.allowFrom '["tg:your-user-id"]'Troubleshooting
”Model is not allowed” Error
If you see:
Model "anthropic/claude-opus-4-6" is not allowedAdd the model to your allowlist:
{
agents: {
defaults: {
model: {
primary: "anthropic/claude-opus-4-6",
models: {
"anthropic/claude-opus-4-6": { alias: "Opus" },
"anthropic/claude-sonnet-4-5": { alias: "Sonnet" }
}
}
}
}
}Token Expired
Setup tokens expire after 30 minutes. If yours expires, generate a new one on your local machine and paste it again.
Rate Limits
Claude Pro has rate limits (typically ~45 messages per 3 hours on Opus). If you hit limits:
- Switch to Sonnet (higher limits)
- Add fallbacks in your config:
{
agents: {
defaults: {
model: {
primary: "anthropic/claude-opus-4-6",
fallbacks: [
"anthropic/claude-sonnet-4-5",
"kimi-coding/k2p5"
]
}
}
}
}Auth Profile Not Found
If OpenClaw can’t find your auth:
# Check the auth profiles file exists
cat ~/.openclaw/agents/main/agent/auth-profiles.json
# Verify models status
openclaw models status --verboseSecurity Considerations
- Protect your setup tokens — they provide full access to your Claude subscription
- Use allowlists — never leave channels in “open” mode on a public server
- Firewall rules — restrict port 18789 to your IP only:
sudo ufw allow from your-home-ip to any port 18789 - Regular updates — keep OpenClaw updated:
npm update -g openclaw
Comparison: API Key vs Subscription
| Feature | API Key | Claude Pro Subscription |
|---|---|---|
| Cost | Pay per token | Fixed monthly fee |
| Rate Limits | Higher | Lower (~45 msg/3hr Opus) |
| Setup | Simple key | Requires setup-token flow |
| Best For | Heavy usage, apps | Personal use, experimentation |
Conclusion
Setting up OpenClaw on a headless VPS with Claude Pro subscription gives you a powerful, always-on AI assistant without the variable costs of API billing. The setup-token flow bridges the gap between Anthropic’s consumer subscription and headless server deployment.
Next steps:
- Configure additional channels (Telegram, Discord, Slack)
- Set up cron jobs for automated tasks
- Explore multi-agent setups for different workspaces
- Add skills from ClawHub
Last updated: February 11, 2026. OpenClaw version 2026.2.9.