Setup Clawdbot on a Hetzner VPS for 24/7 access

Clawdbot seems to be the biggest hype in January 2026. Many people talk about it, the amount of development poured into it and the speed it’s developing is crazy.

The documentation is thorough, but even with Claude Code I didn’t come to a working solution without manually intervening.

So what follows is a quick walkthrough on how to get Clawdbot working on a fresh Ubuntu 24.04 VPS from Hetzner.

#1. Create VPS

Log into your cloud provider and create a simple VPS. 2 vCPUs and 4GB of RAM is more than enough to start. I used the cheapest Hetzner option:

#2. Basic VPS setup

We’ll start with logging into the server, updating, and creating a dedicated user to use with Clawdbot.

1ssh root@your-server-ip # enter the password you received via email
2 
3apt update && apt upgrade -y # update packages
4# if prompted to reboot, do it.
5 
6adduser clawdbot # create the new user. You can leave all details empty, but don't forget to set a strong password
7usermod -aG sudo clawdbot # add the user to the sudoers group so we can use `sudo`
8 
9su - clawdbot # change to the new user

#3. Securing your VPS

Before installing Clawdbot, we should secure the server with some basic security measures. These steps will protect your VPS from common attacks.

#Setup SSH key authentication

First, let’s set up SSH key authentication so you can log in without a password. Run this on your local machine:

1# Generate SSH key if you don't have one already
2ssh-keygen -t ed25519 -C "your_email@example.com"
3 
4# Copy your public key to the server
5ssh-copy-id clawdbot@your-server-ip

Test the SSH key login by opening a new terminal and connecting:

1ssh clawdbot@your-server-ip

If you can log in without entering a password, the key authentication is working.

#Disable password authentication

Now that key-based authentication is working, let’s disable password login. This prevents brute force attacks.

1# Edit SSH configuration
2sudo vim /etc/ssh/sshd_config

Find and update these lines (uncomment if needed):

1PasswordAuthentication no
2PubkeyAuthentication yes
3PermitRootLogin no

Save the file (:wq) and restart SSH:

1sudo systemctl restart ssh

#Install fail2ban

Fail2ban monitors login attempts and automatically blocks IP addresses that show malicious behavior.

1sudo apt install fail2ban -y
2 
3# Create a local configuration file
4sudo cp /etc/fail2ban/jail.conf /etc/fail2ban/jail.local
5 
6# Edit the configuration
7sudo vim /etc/fail2ban/jail.local

Find the [sshd] section and ensure it looks like this:

1[sshd]
2enabled = true
3port = ssh
4logpath = /var/log/auth.log
5maxretry = 5
6bantime = 3600

Start and enable fail2ban:

1sudo systemctl start fail2ban
2sudo systemctl enable fail2ban
3 
4# Check status
5sudo fail2ban-client status sshd

#Setup UFW firewall

Configure a basic firewall to only allow necessary connections:

 1# Install UFW
 2sudo apt install ufw -y
 3 
 4# Allow SSH (important - do this first!)
 5sudo ufw allow ssh
 6 
 7# Enable the firewall
 8sudo ufw enable
 9 
10# Check status
11sudo ufw status

If you plan to expose Clawdbot through a web interface later, you can allow HTTP/HTTPS:

1sudo ufw allow http
2sudo ufw allow https

#4. Installing prerequisites

We need some packages for Clawdbot to work properly. Verify that you are logged in as the clawdbot user or you might run into permission problems.

#Node

In my testing I found npm to be the most reliable package manager, but you can also try pnpm. You can find the up-to-date install instructions at nodejs.org/en/download.

 1# Install Node
 2# Download and install nvm:
 3curl -o- https://raw.githubusercontent.com/nvm-sh/nvm/v0.40.3/install.sh | bash
 4 
 5# in lieu of restarting the shell
 6\. "$HOME/.nvm/nvm.sh"
 7 
 8# Download and install Node.js:
 9nvm install 24
10 
11# Verify the Node.js version:
12node -v # Should print "v24.13.0".
13 
14# Verify npm version:
15npm -v # Should print "11.6.2".

#Homebrew

Homebrew is a package manager. It is needed by some skills (instructions used by Clawdbot to enhance its abilities).

1/bin/bash -c "$(curl -fsSL https://raw.githubusercontent.com/Homebrew/install/HEAD/install.sh)"

#Tailscale (optional)

Tailscale is a Zero Trust identity-based connectivity platform. It can be used to securely connect your local computer with your Clawdbot gateway making it possible for the gateway to do things on your local computer.
I currently don’t have a use case for this, so you might also skip it.

1curl -fsSL https://tailscale.com/install.sh | sh
2sudo tailscale up

#5. Clawdbot

Now the fun begins 🦞. Let’s install Clawdbot and onboard you.

#Installation

1npm i -g clawdbot

This might take a while, but that’s it. You’ve installed Clawdbot and are ready to onboard.

#Onboarding

Run clawdbot onboard. It will take you through its interactive onboarding guide. Below are the settings I used but be aware that Clawdbot is very actively developed, so settings might change quickly. I’ve left some comments.

 1◆  I understand this is powerful and inherently risky. Continue?
 2│  Yes
 3|
 4◆  Onboarding mode
 5│  ○ QuickStart
 6│  ● Manual (Configure port, network, Tailscale, and auth options.)
 7|  # Use manual mode for more control
 8|
 9◆  What do you want to set up?
10│  ● Local gateway (this machine) (Gateway reachable (ws://127.0.0.1:18789))
11│  ○ Remote gateway (info-only)
12|  # It might seem counterintuitive at first, but you want the Gateway to run locally on the VPS
13|
14◆  Workspace directory
15│  /home/clawdbot/clawd
16|
17◆  Model/auth provider
18│  ● OpenAI (Codex OAuth + API key)
19│  ○ Anthropic
20│  ○ MiniMax
21│  ○ Qwen
22│  ○ Synthetic
23│  ○ Google
24│  ○ Copilot
25|  ...
26|  # Choose what's right for you! I've used my Claude Code subscription to authenticate. Refer to the documentation if needed.
27|
28◆  Gateway port
29│  18789
30|
31◆  Gateway bind
32│  ● Loopback (127.0.0.1)
33│  ○ LAN (0.0.0.0)
34│  ○ Tailnet (Tailscale IP)
35│  ○ Auto (Loopback → LAN)
36│  ○ Custom IP
37|
38◆  Gateway auth
39│  ○ Off (loopback only)
40│  ● Token (Recommended default (local + remote))
41│  ○ Password
42|
43|  # this will give a token you may use to access the dashboard
44◆  Tailscale exposure
45│  ○ Off
46│  ● Serve (Private HTTPS for your tailnet (devices on Tailscale))
47│  ○ Funnel
48|  # choose "off" if you don't use Tailscale
49|
50◆  Reset Tailscale serve/funnel on exit?
51│  ○ Yes / ● No
52|  # choose "no" if you used "Serve" as Tailscale exposure
53|
54◆  Configure chat channels now?
55│  ● Yes / ○ No
56|  # You probably want to do this. Having access via chat makes the setup much more flexible.
57|  # Choose your favorite provider. When in doubt just use Telegram, they have the easiest setup for a chat bot.
58│
59◇  Skills status ────────────╮
60│                            │
61│  Eligible: 13              │
62│  Missing requirements: 38  │
63│  Blocked by allowlist: 0   │
64│                            │
65├────────────────────────────╯
66│
67◆  Configure skills now? (recommended)
68│  ● Yes / ○ No
69|  # Choose `Yes` and select all Skills you want to have installed with `Spacebar` and confirm with `Enter`
70|  # If unsure just skip it for now, you can always configure this later
71│
72◆  Preferred node manager for skill installs
73│  ● npm
74│  ○ pnpm
75│  ○ bun
76│
77◆  Set GOOGLE_PLACES_API_KEY for goplaces?
78│  ○ Yes / ● No
79|  # Unless you have API keys just answer no to all the API key questions
80│
81◆  Enable hooks?
82│  ◼ Skip for now
83│  ◻ 🚀 boot-md
84│  ◻ 📝 command-logger
85│  ◻ 💾 session-memory
86|  # Skip, unless you know what you are doing (or read the manual)
87│
88◆  Install Gateway service (recommended)
89│  ● Yes / ○ No
90│
91◆  Gateway service runtime
92│  ● Node (recommended) (Required for WhatsApp + Telegram. Bun can corrupt memory
93on reconnect.)
94│
95◆  How do you want to hatch your bot?
96│  ● Hatch in TUI (recommended)
97│  ○ Open the Web UI
98│  ○ Do this later
99|  # After confirming this you will be put into a TUI (Terminal User Interface) to "hatch" your new assistant. Have fun!

#Telegram

After the gateway has started (the onboarding setup should have shown you a success message) you can message your bot if you created one with /start to pair your Telegram chat sessions to your Clawdbot gateway. Everything is explained in the chat.

#6. Use cases and configuration

You might be tempted to configure workflows, automations, or other features via the Dashboard UI. While this works for some things, I highly recommend using the chat interface instead.

Simply describe what you want to achieve. Clawdbot is remarkably good at understanding intent and will guide you through the setup process. For example, I’ve long wanted a summary of my bookmarked tweets. I tend to hit the bookmark icon and then forget to review them later. I asked Clawdbot to send me a daily digest, and it walked me through the entire process: setting up bird (the CLI for interacting with X), configuring the skill, and even sending a test message to confirm everything worked.

If there’s something you want to accomplish, just ask. It genuinely feels like having a personal assistant. Rather than responding with “I’m sorry, I can’t do that,” it proposes a plan to achieve your desired outcome.