How To Install OpenClaw on Debian 13
If you have been looking for a self-hosted AI assistant that runs 24/7, automates tasks through WhatsApp or Telegram, and stays under your full control, OpenClaw is worth your serious attention. Installing and configuring OpenClaw on Debian 13 can feel intimidating the first time, but with the right steps laid out clearly, you will have it running in under 20 minutes. This guide walks you through every command, every configuration prompt, and every gotcha so your Debian 13 server becomes a fully operational AI automation gateway.
What Is OpenClaw and Why Run It on Debian 13?
OpenClaw (formerly known as Clawdbot/Moltbot) is a free, open-source, self-hosted AI assistant that runs locally on your machine or VPS. It connects to messaging platforms like WhatsApp, Telegram, and Slack through AI model APIs from providers like Anthropic (Claude), OpenAI (GPT), and Google Gemini.
Think of it as a persistent automation daemon. It runs silently in the background, handles task scheduling, executes shell commands, fetches information, manages reminders, and even creates GitHub issues without you lifting a finger.
Why Debian 13 Is the Right Choice
Debian 13 “Trixie” ships with glibc 2.31+, a modern systemd stack, and a battle-hardened apt package manager. These are exactly what OpenClaw’s gateway daemon relies on for stability and service persistence.
Debian’s minimal attack surface, predictable release cycle, and rock-solid package pinning make it a top-tier OS for running daemons that hold API keys and session credentials. OpenClaw officially supports Debian 11 and above on both x86_64 and arm64 architectures.
Prerequisites
Before you type a single command, confirm that your environment meets the following requirements.
Hardware:
- CPU: 4-core minimum (Intel i5, AMD Ryzen 5, or equivalent)
- RAM: 8 GB recommended; 16 GB comfortable for multi-skill concurrent tasks
- Disk: SSD with at least 20 GB of free space
Software:
- Debian 13 “Trixie” installed and fully booted
- A non-root user with
sudoprivileges (running as root is strongly discouraged) curlinstalled or installable viaapt- An active internet connection
API Access:
- At least one AI provider API key: Anthropic, OpenAI, or Google Gemini
- Alternatively, a local Ollama instance if you prefer a fully free, offline model
Security Note: OpenClaw’s own onboarding screen displays a security disclaimer: the agent can access local files and emails on the machine it runs on. For any production or sensitive workload, deploy on a dedicated VPS, not your primary workstation.
Step 1: Update Your Debian 13 System
Always start with a clean, fully updated system. This prevents dependency conflicts and ensures you are pulling packages against a fresh index.
sudo apt update && sudo apt upgrade -yThe apt update command refreshes the local package index from all configured repositories. The apt upgrade -y command then applies all pending security patches and package updates without requiring manual confirmation.
If a kernel update was included in the upgrade, reboot before continuing:
sudo rebootAfter the reboot, reconnect via SSH and confirm your Debian version:
cat /etc/os-releaseYou should see VERSION="13 (trixie)" in the output. If you see Debian 12 or earlier, stop here and upgrade your OS first.
Step 2: Install curl
The official OpenClaw install script is fetched using curl. On most Debian 13 minimal installs, curl is not included by default.
First, check if it is already present:
curl --versionIf the command returns a version string, skip ahead to Step 3. If the terminal returns a “command not found” error, install it now:
sudo apt install -y curlThis is the only dependency you need to install manually. The OpenClaw install script handles everything else automatically.
Step 3: Run the Official OpenClaw Install Script for OpenClaw on Debian 13 Setup
This is where the OpenClaw on Debian 13 setup begins in earnest. The official one-liner script is the recommended installation path and handles all heavy lifting automatically.
The One-Liner Command
Run the following command as your sudo user (not as root):
curl -fsSL https://openclaw.ai/install.sh | bashBreaking down the flags so you know exactly what is happening:
-f: Fail silently on HTTP errors (prevents partial script execution)-s: Silent mode, suppresses progress meter-S: Show errors even in silent mode-L: Follow HTTP redirects automatically
What the Script Does Automatically
Once executed, the script performs the following actions in sequence:
- Detects your OS and package manager
- Updates the local package index
- Installs Node.js 22.x from the NodeSource repository
- Installs
git,curl,gnupg, andca-certificates - Installs the
openclawnpm package globally - Launches the onboarding Text User Interface (TUI)
You do not need to install Node.js separately. The script handles NodeSource repository configuration and Node installation automatically.
Alternative: Manual npm Install
If you manage Node.js yourself using nvm and prefer not to use the install script, use this method instead:
nvm install 22 && nvm use 22
npm install -g openclaw@latestMake sure node -v returns v22.x or higher before proceeding. OpenClaw requires Node 22.16 as a minimum; Node 24 is the recommended version.
Step 4: Complete the Onboarding Wizard and Install the Gateway Daemon
After the install script finishes, the onboarding TUI launches automatically. If it does not, trigger it manually:
openclaw onboard --install-daemonThe --install-daemon flag is important. It installs the OpenClaw gateway as a systemd user service, so it survives reboots without any extra configuration.
Navigating the Onboarding TUI Step by Step
Work through each screen in order. Read each prompt carefully before pressing ENTER.
Screen 1: Security Disclaimer
OpenClaw displays a warning about local file and email access. Select Yes and press ENTER to acknowledge and continue.
Screen 2: Onboarding Mode
Choose Manual. This gives you explicit control over every setting rather than accepting potentially unsuitable defaults.
Screen 3: Gateway Type
Select Local Gateway on loopback address 127.0.0.1. This keeps the gateway off the public network by default.
Screen 4: Workspace Directory
The default path is ~/openclaw or ~/.openclaw. Press ENTER to accept it.
Screen 5: AI Provider
Select your provider from the list: Anthropic, OpenAI, Google Gemini, or Ollama for a local free model.
Screen 6: Authentication Method
Select API Key and paste your key when prompted. Double-check the key before pressing ENTER to avoid a failed gateway start later.
Screen 7: Gateway Port
The default is 18789. Press ENTER to accept. Only change this if you have a port conflict on your server.
Screen 8: Gateway Bind Address
Keep the default Loopback (127.0.0.1). This prevents external access to the gateway UI.
Screen 9: Gateway Auth Token
Press ENTER to auto-generate a cryptographically secure token. Copy this token immediately and store it somewhere safe. You will need it to access the Web UI.
Screen 10: Tailscale
Leave this set to Off unless you have Tailscale configured and want remote access without SSH tunneling.
Screens 11-13: Channels, Skills, Hooks
You can safely skip all three during initial setup. These are configurable post-install at any time.
Final Screen: Install Gateway Service
Confirm the installation. The wizard drops the systemd unit file at:
~/.config/systemd/user/openclaw-gateway.serviceVerify the file was created:
ls ~/.config/systemd/user/openclaw-gateway.serviceA clean output with the file path confirms success.
Step 5: Start and Enable the Gateway Service
With the unit file in place, start the gateway and configure it to launch automatically on every boot.
Start the service:
systemctl --user start openclaw-gatewayEnable it to start on boot:
systemctl --user enable openclaw-gatewayCheck its current status:
systemctl --user status openclaw-gatewayYou should see output resembling this:
openclaw-gateway.service - OpenClaw Gateway
Loaded: loaded (~/.config/systemd/user/openclaw-gateway.service; enabled)
Active: active (running) since Sun 2026-03-22 07:00:00 WIB; 2min agoFor a quicker check using OpenClaw’s built-in CLI shortcut:
openclaw gateway statusThis command shows the service state, dashboard URL, PID, port (18789), and bind address (127.0.0.1).
To stream live logs and monitor for errors in real time:
journalctl --user -u openclaw-gateway -fPress Ctrl+C to stop the log stream.
Step 6: Access the OpenClaw Web UI
The gateway binds to 127.0.0.1:18789 by default, which means it is not directly reachable from your local browser when running on a VPS. You need an SSH tunnel.
Create an SSH Tunnel (VPS or Remote Server)
Run this command from your local machine (not the server):
ssh -N -L 18789:127.0.0.1:18789 your-user@your-server-ipThe -N flag tells SSH not to execute a remote command. The -L flag sets up local port forwarding: your local port 18789 maps to the server’s 127.0.0.1:18789.
After running the command, you will see only a blinking cursor. That is correct behavior. The tunnel is active.
Open the Dashboard
Open a browser on your local machine and navigate to the tokenized dashboard URL displayed at the end of the onboarding wizard. It follows this format:
http://127.0.0.1:18789/?token=YOUR_AUTH_TOKENClick Overview in the Web UI. A green Connected status indicator with uptime statistics confirms a healthy, working installation.
Local Desktop Access
If you installed OpenClaw directly on a Debian 13 desktop machine, skip the SSH tunnel and open a browser directly:
http://127.0.0.1:18789Append ?token=YOUR_AUTH_TOKEN if the dashboard prompts for authentication.
Run a final health check using OpenClaw’s built-in diagnostics tool:
openclaw doctorThis command verifies file paths, environment variables, the Node.js version, and configuration file integrity. Any issue it finds will include a suggested fix.
Step 7: Connect a Messaging Channel
OpenClaw is built to be driven through conversation. Without a connected channel, you are limited to the CLI and Web UI. Adding WhatsApp takes under two minutes.
Start the interactive channel setup:
openclaw channels addSelect WhatsApp (QR Link) from the menu. You will be presented with a QR code in the terminal.
Open WhatsApp on your phone, go to Settings > Linked Devices > Link a Device, and scan the QR code. After a successful scan, provide your full phone number with country code and select Finished.
Confirm the channel is active:
openclaw channels listSend a test message from the CLI to verify end-to-end connectivity:
openclaw message send --channel whatsapp --target "your-phone-number" --message "Hello from OpenClaw"Check your phone. If the message arrives, your configure OpenClaw on Debian 13 setup is fully operational and ready for real workloads.
Understanding OpenClaw’s Configuration Files
All configuration lives under ~/.openclaw/. Knowing this structure helps with backups, debugging, and server migrations.
| File / Directory | Purpose |
|---|---|
~/.openclaw.json |
Master config: AI provider, channels, gateway settings, skills |
workspace/ |
Agent action footprint (AGENTS.md, SOUL.md, TOOLS.md, USER.md) |
devices/paired.json |
Approved paired device info and session tokens |
agents/ |
Individual agent configs, custom skills, and behavior definitions |
credentials/ |
API keys, OAuth tokens, linked service sessions |
cron/ |
Scheduled/cron job definitions |
To inspect the directory at any time:
ls -al ~/.openclawBack up this entire directory before any OpenClaw update. A single cp -r ~/.openclaw ~/.openclaw-backup before running npm install -g openclaw@latest can save you hours of reconfiguration.
Troubleshooting Common Issues on Your Linux Server Tutorial
Even on a clean Debian 13 install, things occasionally go sideways. Here are the five most common problems and exactly how to fix them.
Issue 1: Service Fails to Start
Check the journal for error details:
journalctl --user -u openclaw-gatewayThen run the built-in diagnostics:
openclaw doctorConfirm the unit file exists at ~/.config/systemd/user/openclaw-gateway.service. If it is missing, re-run openclaw onboard --install-daemon.
Issue 2: Permission Errors on Startup
Ensure the running user owns the ~/.openclaw/ directory:
chown -R $USER:$USER ~/.openclawIf AppArmor is active on your Debian 13 system, check whether it is blocking the OpenClaw binary:
sudo journalctl -k | grep apparmor | tail -20Issue 3: Node.js Version Mismatch
OpenClaw requires Node.js 22.16 at minimum. Check your current version:
node -vIf the version is below v22.16, update it using nvm:
nvm install 24 && nvm use 24If you used the install script, re-run it. It will detect and update Node.js automatically.
Issue 4: Browser Automation Skills Not Working
Some OpenClaw skills that automate browser tasks require Chromium and its system libraries. Install them on Debian 13 with:
sudo apt install -y chromium libnss3 libatk-bridge2.0-0 libdrm2 \
libxkbcommon0 libxcomposite1 libxdamage1 libxfixes3 \
libxrandr2 libgbm1 libasound2Issue 5: Gateway Not Accessible in Browser
First, confirm the gateway is running:
openclaw gateway statusThen confirm the process is actually bound to the expected port:
ss -pnltu | grep openclawThe output should show 127.0.0.1:18789 in the Local Address column. If the port is different, update your SSH tunnel command to match.
Congratulations! You have successfully installed OpenClaw. Thanks for using this tutorial for installing the OpenClaw Personal AI Assistant on your Debian 13 “Trixie” system. For additional help or useful information, we recommend you check the official OpenClaw website.
