The shortest possible path from nothing to a server you can SSH into is four steps. None of them require talking to a human. None of them require an identity document.
Create an account. Email and password. The email is for breach notifications and warrant-canary alerts only — we never use it for marketing.
Top up your balance. We do not store payment methods. You send any supported cryptocurrency to a one-time address; we credit your account balance in USD-reference once the deposit is confirmed.
Deploy a server. Pick a plan, a region, an OS image, paste an SSH public key. Provisioning takes 30–90 seconds.
Connect. SSH to the IPv4 the dashboard shows you. Log in as root on the SSH key you uploaded.
02 · Account
Account
Sign-up
Email + password. The password is hashed with bcrypt (cost factor 12). The email is normalised to lowercase, hashed for lookup, and never stored next to plaintext. We do not check the email is "real" beyond a basic syntax pass — you are free to use any address you control.
Sessions
Logging in creates a 30-day rolling session bound to a per-device secret stored in a HttpOnly, Secure, SameSite=Lax cookie. Each browser is a separate session; you can list and revoke them from Account → Security.
Two-factor authentication
Two options:
TOTP — RFC 6238, 30-second window, SHA-1 (compatible with every authenticator app). Recovery codes are generated once at setup and shown only that one time.
WebAuthn (FIDO2) — hardware keys, platform authenticators (Touch ID, Windows Hello). Multiple keys can be registered.
When 2FA is enabled it is required for: login, password change, API-token creation, and account deletion. It is not required for deploying servers from an active session — that would be the wrong place to slow you down.
Account deletion
Deletion is self-service from Account → Security → Delete account. The flow:
All servers are destroyed (irreversible, no grace period).
Remaining balance is forfeited (we have no way to send it back — crypto refunds require an address you've authenticated, which would itself be a KYC step).
The account row is replaced with a tombstone (id + deletion timestamp). Email hash, password hash, sessions, tokens, SSH keys: gone.
Billing ledger entries are retained for 13 months for fraud reconciliation, with no PII attached.
03 · Billing & balance
Billing & balance
Top-up flow
From Account → Billing → Top up:
Pick a coin and an amount (USD-reference).
We generate a one-time receive address and lock the rate for 30 minutes.
You send funds. We watch for the required confirmations (see table below).
Once confirmed, your account balance is credited at the locked rate. Any surplus is credited at the spot rate at confirmation time.
Supported coins & confirmations
Coin
Min deposit
Confirmations
Typical wait
Bitcoin (BTC)
$10
2
~20 min
Monero (XMR)
$5
10
~20 min
Litecoin (LTC)
$5
6
~15 min
Ethereum (ETH)
$15
30
~6 min
USDT · TRC-20
$10
20
~1 min
USDC · ERC-20
$15
30
~6 min
Bitcoin Lightning
$1
n/a (off-chain)
seconds
Daily-charge model
You are charged once per UTC day for the prorated daily cost of every running server you own. The charge happens at 00:00:01 UTC against your balance.
If you have enough balance, the charge succeeds silently.
If you don't, you receive a warning email and the server is marked suspended. It stops billing and stops accepting traffic.
You have 7 days to top up. After 7 days the server is destroyed, its IPs released, and its disk wiped.
Ledger
Every line item is in Account → Billing → Ledger: top-ups, daily charges per server, SLA credits if applicable. Each row has a stable id you can reference. Exportable as CSV.
04 · Server lifecycle
Server lifecycle
Deploy
From Configure on any plan, or via the API. A new server moves through these states:
provisioning — we are allocating the VM. 30–90 seconds.
installing — OS image is being written and cloud-init is running. 30–120 seconds.
running — server is up; SSH is reachable.
stopped — gracefully shut down. No CPU/RAM bill while stopped, but the disk and IP are still allocated and billed.
suspended — balance went negative. Server is off and not reachable. 7-day grace period before destruction.
Reboot & rebuild
Two operations, often confused:
Reboot sends an ACPI shutdown signal to the guest, waits 30 s, then powers it back on. Disk contents are preserved. Add ?hard=true on the API call (or the "Hard reset" toggle in the UI) to skip the ACPI step.
Rebuild reinstalls the OS image from scratch. All disk data is destroyed. Cloud-init runs again. This is what you do when you want a fresh start without re-creating the server (keeps the same IPv4 and IPv6).
Rescue mode
Rescue mode boots the server from a small Alpine-based ISO into a 4 GB tmpfs. Your disks are unmounted and visible at /dev/vda, /dev/vdb, etc. Use it to:
Recover a system you've locked yourself out of (forgotten root password, broken sudo, etc.).
Unlock a LUKS-encrypted root volume manually.
Run fsck against a broken filesystem.
Image-dump a disk you're about to destroy.
Exit rescue mode by issuing a Reboot. The next boot picks the normal disk again.
Destroy
Destruction is irreversible. The disk is overwritten with zeros, the IPv4 returns to the pool after 24 hours of cooldown (to prevent immediate reuse of an address you may have published in DNS), and the IPv6 /64 returns to the pool immediately. The server's billing entry is closed at the timestamp of destruction.
05 · SSH & access
SSH & access
Every server is provisioned with key-based SSH only. Password authentication is disabled in the default sshd_config we ship; you are free to re-enable it, but we strongly recommend you don't.
SSH keys
Add keys at Account → SSH keys, paste any OpenSSH-format public key. We accept:
ssh-ed25519 — recommended. Short, fast, modern.
ssh-rsa — 3072 bits or more. (Anything smaller is rejected.)
ecdsa-sha2-nistp256 / nistp384 / nistp521 — accepted but discouraged.
Multiple keys per account. Multiple keys per server. Any key on the server's authorized list can log in.
Recommended ~/.ssh/config
~/.ssh/config
Host nokyc-*
User root
IdentityFile ~/.ssh/id_ed25519_nokyc
IdentitiesOnly yes
ControlMaster auto
ControlPath ~/.ssh/cm-%r@%h:%p
ControlPersist 10m
ServerAliveInterval 60
ServerAliveCountMax 3
Then for a server with IPv4 198.51.100.42:
Host nokyc-edge
HostName 198.51.100.42
And ssh nokyc-edge just works.
Rescue-mode SSH
The rescue ISO injects the same set of SSH keys at boot. The rescue host fingerprint is different from your normal host fingerprint — this is expected and not a man-in-the-middle. The rescue fingerprint is shown on the console in the dashboard.
06 · Networking
Networking
IP addressing
IPv4 — one per server, included in the plan. Additional IPv4 is not currently sold (we are conservative with v4 allocation).
IPv6 — one routed /64 per server, free. Use whatever addresses inside that prefix you like; we don't filter source addresses within your block.
All addresses are static for the life of the server. Rebuilding the OS does not change them.
Reverse DNS
From Server → Network → Reverse DNS, or via POST /servers/{id}/rdns. We propagate within 5 minutes. There is no validation that you actually control the forward record — the rDNS is yours to set as you like.
Firewall
Two layers:
Edge filter (optional, configurable per server). Stateful, drop-by-default with the rules you provide. Lives on the hypervisor and protects the guest from receiving the traffic at all. Use it for layer-4 rules you want enforced before the guest even sees the packet.
Guest firewall (entirely yours). nftables, iptables, pf, whatever your OS ships. We don't touch it.
DDoS mitigation
Volumetric-attack mitigation is always-on, upstream of our PoPs. There is nothing to enable. The thresholds:
< 10 Gbps: absorbed silently.
10–100 Gbps: scrubbed at the transit provider. You may see brief latency increases.
> 100 Gbps: announced via BGP to a dedicated scrubbing path. Latency increases more noticeably; service remains reachable.
The "nuclear option" of null-routing an IP is on the table only for sustained attacks that threaten the wider PoP. We tell you within minutes if it happens.
07 · Operating systems
Operating systems
The image catalogue is refreshed on every upstream point release. The image_id in the right column is what you pass to the API.
Family
Versions
Arch
Init
image_id
Debian
11 (bullseye), 12 (bookworm), 13 (trixie)
amd64, arm64
cloud-init
debian-13-minimal
Ubuntu
20.04, 22.04, 24.04 LTS
amd64, arm64
cloud-init
ubuntu-24.04
Alpine
3.18, 3.19, 3.20
amd64, arm64
cloud-init (community)
alpine-3.20
Arch
rolling (weekly snapshot)
amd64
cloud-init
arch-rolling
Fedora
39, 40, 41
amd64
cloud-init
fedora-41
Rocky
9 (RHEL-compat)
amd64
cloud-init
rocky-9
OpenBSD
7.4, 7.5
amd64
manual / autoinstall
openbsd-7.5
FreeBSD
13.3, 14.0
amd64
cloud-init
freebsd-14
NixOS
24.05
amd64
nixos-rebuild
nixos-24.05
Custom
any (ISO upload ≤ 4 GB)
amd64, arm64
whatever your ISO does
custom
cloud-init user-data
Any image marked "cloud-init" accepts a user-data blob at deploy time. Up to 64 KiB. Example for a Debian server that installs WireGuard and sets a hostname:
Upload via POST /images (or Account → Images → Upload). Maximum 4 GiB. The ISO must be bootable in BIOS or UEFI mode (we present both). Once uploaded, the image gets an id like custom-9f4a2b1c and is selectable in any deploy flow.
08 · API reference
API reference
REST over HTTPS. JSON in, JSON out. Cursor-pagination on list endpoints. Idempotency keys supported on every POST via the Idempotency-Key header.
If you exceed the bucket, you'll receive HTTP 429 with a Retry-After header in seconds. Provisioning endpoints have a separate, more permissive bucket (200/min) because they are inherently bursty.
09 · Security & privacy
Security & privacy
Disk encryption
We do not encrypt your disks for you. You can opt into LUKS at install time via cloud-init (the rescue ISO will prompt you for the passphrase on every boot). The reasons we don't auto-encrypt:
Auto-encryption with a key we hold is theatre — if compelled, we can produce the key.
Auto-encryption with a key you hold breaks unattended reboot.
Both modes are available; we let you pick the trade-off.
Warrant canary
We publish a daily-signed canary at https://nokycvps.com/canary.txt with a detached PGP signature at canary.txt.sig. The canary includes:
A current-date timestamp.
The headline of a current event we couldn't have predicted in advance (proof of liveness).
A list of explicit statements about orders we have not received.
When one of those statements would become false, we let the canary stop updating instead. Treat extended silence (> 48 hours) as a signal.
Tor onion mirror
The site and the API are both mirrored as v3 onion services. The hostnames are published in our DNS as TXT records on nokycvps.com and rotated yearly. From a Tor-routed client:
My deploy has been "provisioning" for more than 5 minutes
Provisioning normally takes 30–90 seconds. Anything past 3 minutes is unusual. Check the status page for a region-specific incident. If status is green, the most common cause is a custom ISO that fails to boot — check the noVNC console. If nothing helps: destroy and redeploy. We don't bill you for failed provisioning.
I lost my SSH key
From the dashboard: Server → Recovery → Boot into rescue. SSH into rescue with any current key on your account. mount /dev/vda1 /mnt, edit /mnt/root/.ssh/authorized_keys, reboot. If you have no keys at all on the account, add one first via the dashboard, then rescue.
My IPv4 is reachable from one country but not another
Try a traceroute from both ends. If the route diverges before reaching our PoP, this is upstream of us — we can show you the public smokeping for your region's transit at status.nokycvps.com. If the route reaches us but stops, it's our problem and the status page should already reflect it.
My VPS rebooted on its own
Three possible causes, in order of likelihood: (1) OOM-kill of init — check journalctl -k -b -1 from the prior boot. (2) Scheduled maintenance — check the dashboard's Notifications. (3) Hypervisor incident — check the status page. If none of the three, open the noVNC console and look at the boot log.
I sent crypto to the top-up address and nothing has happened
Check the confirmations. Bitcoin needs 2, Monero needs 10, etc. (see the supported-coins table). If confirmed but no credit after 30 minutes, paste the transaction hash into Account → Billing → Recover deposit — the credit will be applied within a few minutes once we manually re-check.
I get 429 Too Many Requests on the API
You've hit the per-token bucket. Honour the Retry-After header. If you have a legitimate need for higher throughput, create a second token — rate limits are per-token, and most clients use a single token. (Don't rotate the same token in a loop; we'd treat that as one.)
The noVNC console shows a blank screen
Press a key. Many guests blank the framebuffer after inactivity. If a key produces no response, the guest is probably hung; reboot from the dashboard. The console captures a SysRq sequence on Linux too — useful for debugging an unresponsive kernel.
12 · FAQ
FAQ
Do you ask for identity documents?
No. We don't ask, we don't accept, and we wouldn't store them if you sent them. The whole architecture is designed so we don't have identity to hand over.
Why crypto only?
Card networks impose KYC by design — the merchant agreement requires it. Crypto doesn't. Adding fiat would mean adding a payment processor, and adding a payment processor would mean adding their compliance department to our trust boundary. We did not want that.
Can I have multiple accounts?
Yes. We don't fingerprint, we don't device-cookie across accounts, we don't care. Use as many email addresses as you like.
What happens if my crypto provider asks me for KYC?
That's between you and them. We do not communicate with crypto exchanges, and the only thing they see in their books is a withdrawal to an address. They cannot tell, from the address alone, that it was sent to us.
Do you offer refunds?
Credits to your account balance, yes. Refunds back to a wallet, no — crypto is irreversible and refunding would require us to know an address belongs to you, which is itself a KYC step.
What's the difference between VPS and dedicated?
VPS = KVM virtual machine on a shared hypervisor, live-migratable, redundant host. Dedicated = a whole physical server, sole tenant, no live-migration. VPS is the right answer for almost everyone.
Do you support Terraform / Pulumi / OpenTofu?
A Terraform provider is on the roadmap; in the meantime the REST API is stable enough that a small wrapper takes about a day to write. Drop us a pull request when you do.
Can I run a Tor relay or exit node?
Relay yes. Exit no — not because we object, but because the abuse handling around exit nodes does not fit our "no complaint mailbox" stance, and we'd rather be honest about it than let you set one up and surprise you with a destruction notice.
Do you have a Discord / Slack / support chat?
No. We don't operate a real-time support channel because we don't operate the kind of business where one would help (no tickets means no human queue at the back). The docs are the support channel; if something is missing, that is a bug we want to know about.
What if I get a complaint about my server?
We won't forward it. We don't run a complaint mailbox, and that is a deliberate architectural choice rather than an oversight. The only thing that will reach you from us is a notification that we have been served with a binding court order — and even then we will let you know before we act on it, where the order does not gag us.
