OpenClaw Setup Guide 2026 — Install, Configure & Secure Your Agent

Skip the setup? NemoClam does all of this automatically in 60 seconds. Start your free 7-day trial — no card, no config required.

Prerequisites

A VPS running Ubuntu 22.04 LTS (Vultr, Hetzner, DigitalOcean)
Root or sudo access
A domain or subdomain (optional but recommended)
A Telegram account to create your bot
An LLM API key (Claude, GPT, Gemini) or Ollama locally

Step 1 — Secure your VPS

# Update packages
apt-get update && apt-get upgrade -y

# Install UFW + fail2ban
apt-get install -y ufw fail2ban

# Configure firewall
ufw default deny incoming
ufw default allow outgoing
ufw allow ssh
ufw --force enable

# Enable auto security updates
apt-get install -y unattended-upgrades
dpkg-reconfigure --priority=low unattended-upgrades

Step 2 — Install Node.js 22

curl -fsSL https://deb.nodesource.com/setup_22.x | bash -
apt-get install -y nodejs
node --version  # should be v22+

Step 3 — Install OpenClaw

# Install OpenClaw globally
npm install -g openclaw

# Verify installation
openclaw --version

# Install PM2 for process management
npm install -g pm2
pm2 startup systemd -u root --hp /root | tail -1 | bash

Step 4 — Configure OpenClaw

# Run the onboarding wizard
openclaw onboard --install-daemon

# Or configure manually
mkdir -p ~/.openclaw
nano ~/.openclaw/openclaw.json

Key fields to configure:

llm.provider — your AI provider (openai, anthropic, google)
llm.apiKey — your API key
channels.telegram.token — your Telegram bot token from @BotFather

Step 5 — Create your Telegram bot

Open Telegram and search @BotFather
Send /newbot
Follow the prompts — choose a name and username for your bot
Copy the token BotFather provides (format: 110201543:AAHdq...)
Paste it into your OpenClaw config as channels.telegram.token

Step 6 — Start OpenClaw with PM2

# Start your agent
pm2 start --name openclaw -- openclaw gateway
pm2 save

# Verify it's running
pm2 status

# Watch logs
pm2 logs openclaw --lines 50

Step 7 — Add the security hardening

# Add your SSH public key
echo "YOUR_PUBLIC_KEY" >> ~/.ssh/authorized_keys

# Disable password auth
sed -i 's/PasswordAuthentication yes/PasswordAuthentication no/' /etc/ssh/sshd_config
systemctl restart sshd

# Lock health port to localhost only (if applicable)
ufw allow from 127.0.0.1 to any port 9999

# Confirm fail2ban is watching SSH
fail2ban-client status sshd

All of this happens automatically when you sign up for NemoClam. Your agent is configured, secured, PM2-managed, and connected to Telegram in 60 seconds. Try it free →

OpenClaw setup guidestep by step.