1. Recommended Evoxt VPS Plan

• Consistent VPS performance
• Sufficient memory for AI workloads
• Stable environment for long‑running services

2. System Preparation

Update your system

# AlmaLinux / Rocky Linux
sudo dnf update -y

# Ubuntu
sudo apt update && sudo apt upgrade -y

Install required system packages

sudo dnf install -y libatomic tar python3 cmake # RHEL-based (AlmaLinux / Rocky / RHEL)
sudo dnf groupinstall -y "Development Tools" # RHEL-based (AlmaLinux / Rocky / RHEL)
sudo apt install -y libatomic1 build-essential tar python3 cmake #Debian/Ubuntu

3. Install OpenClaw on Evoxt VPS

curl -fsSL https://openclaw.ai/install.sh | bash

4. OpenClaw Onboarding Process

a) Onboarding Mode

• Quick Start (Recommended for beginners)
• Manual Configuration (Advanced users)

b) Select the AI Model

1. Visit Google AI Studio
2. Generate a Gemini API key
3. Paste the key into the terminal when prompted

c) Select the Chat Interface Channel

• Telegram
• WhatsApp
• Discord

d) Setting Up Skills

• Select Yes to enable skills
• Choose npm as the preferred Node manager

• Press the spacebar to select Skip for now
• Press Enter to continue

e) Configure Additional API Keys

f) Enable Hooks

• boot-md (Run Boot.md at startup)
• command-logger (Centralized command logging)
• session-memory (Session context saving)

5. How to Run OpenClaw

Hatch Mode (Recommended)

• Use the AI bot directly in a GUI‑style interface, or
• Launch the OpenClaw Web UI for browser‑based interaction

6. Access OpenClaw Web GUI via SSH Tunnel

ssh -N -L 18789:127.0.0.1:18789 root@YOUR_SERVER_IP

7. OpenClaw Commands & Documentation

openclaw help

• Complete CLI references
• Web UI guides
• API integration examples
• Advanced configuration options

Security Best Practices for OpenClaw on Evoxt VPS

• Create a dedicated non‑root user to run OpenClaw
• Avoid mixing sensitive system files with OpenClaw‑managed directories
• Grant minimal permissions to the AI agent
• Avoid connecting OpenClaw to public or unmoderated shared chat groups
• Keep your VPS updated regularly
• Secure SSH access (disable password login if possible)

Quick Commands

sudo dnf install -y libatomic tar python3 cmake # RHEL-based (AlmaLinux / Rocky / RHEL) 
sudo dnf groupinstall -y "Development Tools"# RHEL-based (AlmaLinux / Rocky / RHEL) 
sudo apt install -y libatomic1 build-essential tar python3 cmake #Debian/Ubuntu
curl -fsSL https://openclaw.ai/install.sh | bash

Conclusion

The post How to Install OpenClaw on Evoxt VPS appeared first on Evoxt.

Step 1: Create the Startup Script

sudo nano /usr/local/bin/startup.sh

#!/bin/bash
echo "Startup script executed at $(date)"
# Add your startup commands below

sudo chmod +x /usr/local/bin/startup.sh

• Always use the full path to your script (e.g. /usr/local/bin/startup.sh).
• Store your script in /usr/local/bin for easy access.
• Make sure the script is executable using chmod +x.

Step 2: Create a systemd Service

sudo nano /etc/systemd/system/startup.service

[Unit]
Description=Run startup script at boot
After=network.target

[Service]
Type=oneshot
ExecStart=/usr/local/bin/startup.sh
RemainAfterExit=yes

[Install]
WantedBy=multi-user.target

sudo systemctl daemon-reload
sudo systemctl enable --now startup.service

Step 3: Add a Shutdown Script (Optional)

[Service]
ExecStop=/usr/local/bin/stop.sh

Step 4: Monitor and Troubleshoot

# Check status
sudo systemctl status startup.service

# View logs
sudo journalctl -u startup.service -n 10

Use sudo systemd-analyze verify /etc/systemd/system/startup.service to check for syntax issues in your service file.

Conclusion

By following these steps, you can confidently manage startup, background, and shutdown behavior on your Evoxt Linux VPS with full control and stability.

The post How to Set Up Startup Scripts with systemd appeared first on Evoxt.

Windows Remote Desktop Connection — share local drives

1. Open Remote Desktop Connection: Win → type mstsc → Enter.
2. Click Show Options → Local Resources.
3. Under Local devices and resources, click More….

   

4. Expand Drives and check the drive letters you want to share (e.g., C: or USB drives).

   

5. Connect. In the VPS File Explorer, the drives appear as, for example, C on YOUR-PC-NAME.

   

Optional devices you can redirect

• USB drives / external disks: appear under Drives if selected (Windows client). For full USB device redirection, you may need third-party USB redirection if the device isn't handled as a storage volume.
• Printers: appear as local printers in the VPS when enabled.
• Clipboard: enables copy/paste text and files (if allowed by policy).
• Smart cards & serial ports: available from the same Local devices dialog if supported by the client and server.

Save these settings for repeat connections

1. In Remote Desktop Connection → General → Save As… to store an .rdp file with redirection enabled.
2. Double-click the saved .rdp to reconnect with the same device/page redirection automatically.

Server-side policy (if drives don’t show)

1. Open the Local Group Policy editor on the VPS. (press Win + R → type gpedit.msc → press Enter).
2. Navigate to Computer Configuration → Administrative Templates → Windows Components → Remote Desktop Services → Remote Desktop Session Host → Device and Resource Redirection.
3. Ensure "Do not allow drive redirection" is Disabled (or Not Configured).

   

Quick troubleshooting

• Drives don’t appear: reconnect after enabling drives; check gpedit.msc (above) or verify if you selected the correct drive letters.
• USB device not visible: Windows treats some USBs as devices, not volumes — consider copying files to a local folder first, or use a USB redirection tool.
• File copy fails/slow: check network speed and ensure large transfers are tolerated by your network/bandwidth plan.

Security and best practices

• Only enable the drives or devices you need — avoid exposing entire local disks on shared or untrusted servers.
• Prefer copying specific files into a temporary folder and then transferring, rather than exposing the entire C: drive.
• Keep your client machine secure — redirected drives are only as safe as the local PC.

The post Share local drives in RDP appeared first on Evoxt.

Adjust ClearType Settings Inside the VPS

1. After connecting to your Windows VPS, press Win + S and search for ClearType.
2. Click on Adjust ClearType text.

   

3. Ensure Turn on ClearType is checked, then click Next.

   

4. Follow the on-screen steps to select the text that looks best to you.

   

5. Click Finish to apply your chosen ClearType settings.

   

Optional: Enable Font Smoothing in RDP Client

1. Open Remote Desktop Connection (press Win + R → type mstsc → press Enter).
2. Click on Show Options.
3. Go to the Experience tab.
4. Ensure the following options are checked:
   • Font smoothing (this enables ClearType)
   • Desktop composition (optional, improves visuals)

   

5. Under “Connection speed”, choose LAN (10 Mbps or higher) for best quality.
6. Click Connect to log in.

Conclusion

By adjusting ClearType settings inside your VPS, you can make fonts appear crisp and readable in Remote Desktop sessions. For additional improvement, enable font smoothing in your RDP client before connecting. These small changes can greatly enhance your experience when working on your Evoxt Windows VPS.

For more Evoxt VPS guides, visit Evoxt Tutorials. If you need help, open a support ticket.

The post How to Adjust ClearType in Remote Desktop (RDP) appeared first on Evoxt.

What is vnStat and Why Monitor Traffic on Your Linux VPS?

• Track monthly bandwidth usage per interface.
• Monitor data consumption over time for accurate billing and performance monitoring.
• Detect abnormal traffic or possible misuse.

Step 1: Install & enable vnStat

# Debian / Ubuntu
sudo apt install vnstat -y

# RHEL-based (AlmaLinux / Rocky / RHEL)
sudo dnf install vnstat -y

# Enable and check the service (daemon creates DB automatically)
sudo systemctl enable --now vnstat
sudo systemctl status vnstat

Step 2: View monthly usage

# Monthly summary
vnstat -m

#To select interface
vnstat -m -i eth0

# Daily / hourly if needed
vnstat -d
vnstat -h

Step 3: Set custom monthly rotation date (match billing cycle)

sudo nano /etc/vnstat.conf

MonthRotate 18

sudo systemctl restart vnstat

Optional: Reset or delete statistics

# remove DB for an interface (example: eth0)
sudo vnstat --remove --force -i eth0
sudo vnstat --add -i eth0

# OR delete DB file directly
sudo rm -f /var/lib/vnstat/vnstat.db

sudo systemctl restart vnstat

Quick Commands

# Install & enable

sudo apt install vnstat -y    #Debian / Ubuntu 
sudo dnf install vnstat -y    # RHEL-based (AlmaLinux / Rocky / RHEL) 
sudo systemctl enable --now vnstat

# Result
vnstat

# Change monthly rotate date
sudo nano /etc/vnstat.conf

MonthRotate 10

sudo systemctl restart vnstat

Conclusion

Using vnStat to monitor monthly internet traffic on your Linux VPS helps you understand bandwidth usage, avoid unexpected overages, and identify abnormal traffic.

If you see unexpected usage after enabling vnStat, check for open services, review firewall rules, or open a support ticket with Evoxt for assistance.

For more Evoxt VPS guides, visit Evoxt Tutorials.

The post How to Monitor Internet Traffic on Linux VPS appeared first on Evoxt.

Why this matters

• Allowing only required ports reduces exposure to attacks.
• Knowing how to remove or deny a port prevents unauthorized access.
• Understanding runtime vs permanent rules avoids unexpected behavior after reboot.

Quick safety checklist (always do this first)

• Allow your SSH port before enabling the firewall (or you may lock yourself out).
• Keep a separate console/VNC session or another working SSH session open while testing.
• Prefer testing with a non-root user if possible.

UFW (Ubuntu / Debian)

Install & enable

sudo apt update
sudo apt install ufw -y

# ensure SSH allowed first:
sudo ufw allow ssh

# enable firewall
sudo ufw enable

Allow a custom port (example: 12345)

sudo ufw allow 12345/tcp

sudo ufw allow 12345/udp

sudo ufw allow from 203.0.113.5 to any port 12345 proto tcp

Check rules and status

sudo ufw status numbered
sudo ufw status verbose

Remove or deny a rule

# see rule numbers
sudo ufw status numbered

# delete rule by number (example deletes rule #3)
sudo ufw delete 3

sudo ufw delete allow 12345/tcp

sudo ufw deny 12345/tcp

Notes about UFW

• UFW applies rules immediately. ufw enable persists across reboots.
• Use sudo ufw logging on to view blocked attempts in /var/log/ufw.log.

firewalld (AlmaLinux / Rocky / CentOS / RHEL)

Install & enable

sudo dnf install firewalld -y
sudo systemctl enable --now firewalld

Zone basics

# show default zone
sudo firewall-cmd --get-default-zone

# list active zones & settings
sudo firewall-cmd --list-all

Allow a custom port (example: 12345)

sudo firewall-cmd --permanent --add-port=12345/tcp
sudo firewall-cmd --reload

sudo firewall-cmd --add-port=12345/tcp

Allow HTTPS (example)

sudo firewall-cmd --permanent --add-service=https
sudo firewall-cmd --reload

Check ports and services

sudo firewall-cmd --list-ports
sudo firewall-cmd --list-services
sudo firewall-cmd --list-all

Remove or deny a port

sudo firewall-cmd --permanent --remove-port=12345/tcp
sudo firewall-cmd --reload

sudo firewall-cmd --remove-port=12345/tcp

sudo firewall-cmd --permanent --remove-service=https
sudo firewall-cmd --reload

Notes about firewalld

• Use --permanent to persist across reboots; otherwise rules are runtime-only.
• Use zones to apply different policies to interfaces or networks.

Testing your port rules (from another machine)

# test port 12345
nc -zv YOUR-SERVER-IP 12345

Result meanings:

• Connection succeeded — port open & allowed
• Connection refused — service not listening on that port
• Connection timed out — port likely filtered/blocked by firewall or network-level filter

sudo ufw logging on
sudo tail -f /var/log/ufw.log

sudo firewall-cmd --set-log-denied=all
sudo journalctl -f -u firewalld

Quick commands

UFW

sudo apt install ufw -y
sudo ufw allow ssh
sudo ufw enable

# allow custom TCP/UDP port
sudo ufw allow 12345/tcp
sudo ufw allow 12345/udp

# allow from specific IP
sudo ufw allow from 203.0.113.5 to any port 12345 proto tcp

# remove by rule number
sudo ufw status numbered
sudo ufw delete [number]

# delete by rule
sudo ufw delete allow 12345/tcp

# explicitly deny
sudo ufw deny 12345/tcp

# status
sudo ufw status verbose

firewalld

sudo dnf install firewalld -y
sudo systemctl enable --now firewalld

# allow custom TCP port permanently
sudo firewall-cmd --permanent --add-port=12345/tcp
sudo firewall-cmd --reload

# allow runtime-only
sudo firewall-cmd --add-port=12345/tcp

# remove permanent port
sudo firewall-cmd --permanent --remove-port=12345/tcp
sudo firewall-cmd --reload

# allow a service (HTTPS)
sudo firewall-cmd --permanent --add-service=https
sudo firewall-cmd --reload

# list rules
sudo firewall-cmd --list-ports
sudo firewall-cmd --list-services

Further reading & support

• More Evoxt VPS guides
• Open a support ticket if you need help

The post Linux VPS Firewall Setup Guide (UFW & firewalld) appeared first on Evoxt.

Why Enable SSH 2FA on Linux?

Step 1: Install Google Authenticator Module

# Debian/Ubuntu
sudo apt update
sudo apt install libpam-google-authenticator -y

# RHEL
sudo dnf install epel-release -y
sudo dnf install google-authenticator -y

Step 2: Set Up 2FA for Your User

google-authenticator

QR code not showing? Install qrencode (sudo apt install libqrencode3 or sudo dnf install qrencode).

Step 3: Configure PAM for SSH

sudo nano /etc/pam.d/sshd

auth required pam_google_authenticator.so

Step 4: Update SSH Configuration

#Ubuntu/Debian/RHEL
sudo nano /etc/ssh/sshd_config

#RHEL 9+ (AlmaLinux 9+, Rocky 9+)
sudo nano /etc/ssh/sshd_config.d/50-redhat.conf

ChallengeResponseAuthentication yes
UsePAM yes
KbdInteractiveAuthentication yes

Step 5: Restart SSH Service

# Debian/Ubuntu
sudo systemctl restart ssh

# RHEL
sudo systemctl restart sshd

Step 6: Test SSH 2FA Login

ssh USERNAME@IP

(Optional) Remove SSH 2FA on Linux

If you want to disable SSH Two-Factor Authentication (2FA) on your Linux VPS, follow these steps carefully. Keep a console or secondary SSH session open to avoid locking yourself out during the process.

Remove PAM Google Authenticator Line

sudo sed -i '/pam_google_authenticator.so/d' /etc/pam.d/sshd

Revert SSH Configuration

#Ubuntu/Debian/RHEL
sudo sed -i 's/^#*ChallengeResponseAuthentication.*/ChallengeResponseAuthentication no/' /etc/ssh/sshd_config
sudo sed -i 's/^#*KbdInteractiveAuthentication.*/KbdInteractiveAuthentication no/' /etc/ssh/sshd_config

#RHEL 9+ (AlmaLinux 9+, Rocky 9+)
sudo sed -i 's/^#*ChallengeResponseAuthentication.*/ChallengeResponseAuthentication no/' /etc/ssh/sshd_config.d/50-redhat.conf
sudo sed -i 's/^#*KbdInteractiveAuthentication.*/KbdInteractiveAuthentication no/' /etc/ssh/sshd_config.d/50-redhat.conf

Test SSH Configuration and Restart

sudo sshd -t

sudo systemctl restart sshd

• Keep UsePAM enabled unless you are sure it’s not needed by other services.
• Always test logins in a separate SSH session before closing your active one.

Quick Commands

# Install required packages
# Ubuntu / Debian
sudo apt update
sudo apt install libpam-google-authenticator libqrencode3 -y

# RHEL-based (AlmaLinux, Rocky, CentOS)
sudo dnf install epel-release -y
sudo dnf install google-authenticator qrencode -y

# Run setup for your user (scan QR code)
google-authenticator

# Add PAM module
sudo sed -i '$a auth required pam_google_authenticator.so' /etc/pam.d/sshd

# Update SSH config (Ubuntu/Debian & CentOS 7)
sudo sed -i '/^#\?ChallengeResponseAuthentication.* /d' /etc/ssh/sshd_config
sudo sed -i '$a ChallengeResponseAuthentication yes' /etc/ssh/sshd_config
sudo sed -i 's/^#*UsePAM.*/UsePAM yes/' /etc/ssh/sshd_config
sudo sed -i 's/^#*KbdInteractiveAuthentication.*/KbdInteractiveAuthentication yes/' /etc/ssh/sshd_config
# AlmaLinux / Rocky / RHEL 9+ SSH config
sudo sed -i 's/^#*ChallengeResponseAuthentication.*/ChallengeResponseAuthentication yes/' /etc/ssh/sshd_config.d/50-redhat.conf
sudo sed -i 's/^#*UsePAM.*/UsePAM yes/' /etc/ssh/sshd_config.d/50-redhat.conf
sudo sed -i 's/^#*KbdInteractiveAuthentication.*/KbdInteractiveAuthentication yes/' /etc/ssh/sshd_config.d/50-redhat.conf
sudo grep -q '^KbdInteractiveAuthentication' /etc/ssh/sshd_config.d/50-redhat.conf || sudo sed -i '$a KbdInteractiveAuthentication yes' /etc/ssh/sshd_config.d/50-redhat.conf

# Restart SSH
# Ubuntu / Debian
sudo systemctl restart ssh
# RHEL-based
sudo systemctl restart sshd

Conclusion

By enabling SSH 2FA on Linux, you add a powerful security layer to your Evoxt VPS. Whether you're managing websites, Nextcloud, or critical infrastructure, this step greatly reduces the risk of unauthorized access.

For added security, you can also set up SSH keys in conjunction with 2FA.

Need help? Open a support ticket and Evoxt's support team will assist you.

The post How to Enable SSH 2FA on Linux appeared first on Evoxt.

What is Linux User Management?

• Create and control access for multiple users
• Improve server security by assigning limited permissions
• Enable team collaboration
• Isolate application environments

1. Create a New User

sudo adduser USERNAME

sudo useradd -m -s /bin/bash USERNAME
sudo passwd USERNAME

2. Grant or Remove Sudo (Admin) Privileges

#add to sudo group
sudo usermod -aG sudo USERNAME

# remove from sudo group
sudo deluser USERNAME sudo

# add to wheel group
sudo usermod -aG wheel USERNAME

# remove from wheel group
sudo gpasswd -d USERNAME wheel

3. Set or Change a User Password

sudo passwd USERNAME

4. Lock or Unlock a User

sudo passwd -l USERNAME

sudo passwd -u USERNAME

5. Delete a User

sudo userdel USERNAME

sudo userdel -r USERNAME

6. List Users & Groups

cut -d: -f1 /etc/passwd

groups USERNAME

Optional: Use SSH Key Authentication (Recommended)

Quick Commands Cheat Sheet

# Create (Debian/Ubuntu)
sudo adduser USERNAME

# Create (RHEL-family)
sudo useradd -m -s /bin/bash USERNAME
sudo passwd USERNAME

# Grant sudo (Debian/Ubuntu)
sudo usermod -aG sudo USERNAME

# Grant sudo (RHEL-family)
sudo usermod -aG wheel USERNAME

# Remove sudo (Debian/Ubuntu)
sudo deluser USERNAME sudo

# Remove sudo (RHEL-family)
sudo gpasswd -d USERNAME wheel

# Lock / Unlock
sudo passwd -l USERNAME
sudo passwd -u USERNAME

# Delete
sudo userdel USERNAME
sudo userdel -r USERNAME

# List users
cut -d: -f1 /etc/passwd

# List groups for a user
groups USERNAME

Best Practices & Notes

• Create a non-root admin account and disable direct root SSH login when possible.
• Prefer SSH keys over passwords for server access.
• Whitelist your admin IP to avoid accidental lockout when you apply restrictive controls.
• Regularly review group memberships and remove unused accounts.

Need Help?

The post How to Manage Users on Linux VPS appeared first on Evoxt.

What is Fail2Ban?

Why Use Fail2Ban on Evoxt VPS?

• Defend against brute-force SSH attacks
• Automatically block malicious IP addresses
• Reduce server load from constant login attempts
• Strengthen Evoxt’s performance with extra security

Step 1. Update Your System

# Debian/Ubuntu
sudo apt update -y

# AlmaLinux/Rocky Linux/RHEL
sudo yum update -y
sudo yum install epel-release -y

Step 2. Install Fail2Ban

# Debian/Ubuntu
sudo apt install fail2ban -y

# AlmaLinux/Rocky Linux/RHEL
sudo yum install fail2ban -y

Step 3. Enable and Start Fail2Ban

sudo systemctl enable fail2ban --now

Step 4. Configure SSH Protection

sudo cp /etc/fail2ban/jail.conf /etc/fail2ban/jail.local
sudo sed -i '/^\[sshd\]/a enabled = true' /etc/fail2ban/jail.local

Optional: Permanent Ban Logic

sudo nano /etc/fail2ban/jail.local

bantime = -1

sudo fail2ban-client set sshd unbanip YOUR_IP

Step 5. Restart Fail2Ban

sudo systemctl restart fail2ban

Step 6. Verify SSH Jail

sudo fail2ban-client status
sudo fail2ban-client status sshd

Step 7. Test Fail2Ban

Step 8. Manually Manage IPs

sudo fail2ban-client set sshd unbanip YOUR_IP

sudo fail2ban-client set sshd banip YOUR_IP

Optional: Monitor Logs

sudo tail -f /var/log/fail2ban.log

Quick Commands

sudo apt update -y
sudo apt install fail2ban -y
sudo cp /etc/fail2ban/jail.conf /etc/fail2ban/jail.local
sudo systemctl enable fail2ban --now
sudo sed -i '/^\[sshd\]/a enabled = true' /etc/fail2ban/jail.local
sudo systemctl restart fail2ban

sudo yum update -y
sudo yum install epel-release -y
sudo yum install fail2ban -y
sudo cp /etc/fail2ban/jail.conf /etc/fail2ban/jail.local
sudo systemctl enable fail2ban --now
sudo sed -i '/^\[sshd\]/a enabled = true' /etc/fail2ban/jail.local
sudo systemctl restart fail2ban

Conclusion

The post How to Use Fail2Ban SSH on Linux appeared first on Evoxt.

Step 1: Log In to Your Evoxt Account

Go to the Evoxt login page and sign in with your email and password.

Step 2: Access User Security Settings

1. Click “Account” in the left menu and select “User Security Settings.”
   
2. Find the “Two-Factor Authentication (2FA)” section and click “Click here to Enable.”
   

Step 3: Set Up Two-Factor Authentication

1. Click the “Get Started” button.
   
2. Scan the QR Code using an authenticator app like Google Authenticator, Authy, or Microsoft Authenticator.
   
3. Enter the 6-digit code generated by your authenticator app. Copy and store the backup code Evoxt provides. This code lets you recover your account if you lose access to your 2FA device.
   

Step 4: Test That 2FA Works

• Log out of your Evoxt account.
• Log back in with your email and password.
• When prompted, enter the 6-digit code from your authenticator app to complete login.

You’ll now successfully access your Evoxt dashboard with 2FA enabled.

Why Two-Factor Authentication Matters for Evoxt Users

• Prevent unauthorized logins.
• Secure your VPS instances and sensitive data.
• Add a second layer of protection beyond your password.

Final Tips for Managing 2FA

• Always save your backup/recovery code securely.
• If you switch phones, transfer your authenticator app before resetting your old device.
• Need help recovering your Evoxt account? Contact Evoxt Support.

Conclusion

The post How to Enable Two-Factor Authentication (2FA) on Evoxt appeared first on Evoxt.