I have been using OpenBSD and FreeBSD for a long time now. I started as a die-hard FreeBSD advocate beginning in
4.0-RELEASE days. Lately I have been using and enjoying OpenBSD more and more. It is very refreshing to have an
OS that doesn't make assumptions or try overly hard to make things easier through excessive abstractions.
This guide assumes you have VMware Fusion (or similar) however the installation is no different on hardware.
Note: The links etc are for the
cd ~/Downloads # or wherever your iso and sha256 file are shasum -a256 -c SHA256 --ignore-missing install63.iso: OK
Preparing your Virtual Machine
Once downloaded, create a VM in VMware Fusion for OpenBSD. For my install I used
Install from disc or image
Select Desired CPU/Mem/Disk
Now lets get to the actual install…
Once the VM is started you will see a welcome message:
Welcome to the OpenBSD/amd64 6.3 installation program. (I)nstall, (U)pgrade, (A)utoinstall or (S)hell?
i and hit
Choose your keyboard layout ('?' or "l" for list) [default]
System hostname? (short form, e.g. 'foo')
bsd (or anything you want here)
Available network interfaces are: em0 vlan0. Which network interface do you wish to configure? (or 'done') [em0]
IPv4 address from em0? (or 'dhcp' or 'none') [dhcp]
Enter, we're using DHCP to get up and running as this isn't a server install.
For all servers I implore your to use static IP addresses.
IPv6 address for em0? (or 'autoconf' or 'none') [none]
Enter, IPv6 is not part of this tutorial.
Available network interfaces are: em0 vlan0. Which network interface do you wish to configure? (or 'done') [done]
Enter, we're all set, lets move on.
DNS domain name? (e.g. 'example.com') [my.domain]
.local for my home lab, select whatever domain you wish here.
User and Service Configuration
Password for root account? (will not echo) Password for root account? (again)
Please type a secure password. You will also be creating a user account which is the account that you will use to login to the machine.
Start sshd(8) by default? [yes]
Enter,we want to have SSH running by default.
Do you expect to run the X Window System? [yes]
This depends on what your end-goal of the system is. If this is going to be a development machine where you run
or similar, then keep this set to yes. On servers I would recommend setting this to no.
Setup a user? (enter a lower-case loginname, or 'no') [no] USERNAME Full name for user USERNAME? [USERNAME] Password for user USERNAME? (will not echo) Password for user USERNAME? (again)
Type a username, I recommend you use the same username as your have on your local machine for simplicity. However, you can always configure the ssh client later.
Allow root ssh login? (yes, no, prohibit-password) [no]
Leave this the default, which is no. Remote root login is a bad idea, always.
What timezone are you in? ('?' for list) [America/New_York]
Enter for the default.
Available disks are: sd0. Which disk is the root disk? ('?' for details) [sd0]
Enter for the default, since this is a VM, we only have one disk.
No valid MBR or GPT. Use (W)hole disk MBR, whole disk (G)PT or (E)dit? [whole]
Enter for the default.
At this point an auto-allocated lay will appear for sd0, this is most likely suitable for your default install on a virtual machine. Adjusting this is beyond the scope of this document.
Use (A)uto layout, (E)dit auto layout, or create (C)ustom layout? [a]
Enter for the default.
Sets Selection and Installation
Lets install the sets! Location of sets? (cd0 disk http or 'done') [http] HTTP proxy URL? (e.g. 'http://proxy:8080', or 'none') [none] HTTP Server? (hostname, list#, 'done', or '?') [fastly.cdn.openbsd.org] Server directory? [pub/OpenBSD/6.3/amd64]
Enter for the default, we will be installing from http to pull and sign the latest install sets.
You will be prompted for a HTTP proxy URL, type
Enter if you don't need one.
You will then be prompted for a HTTP server, it should be auto filled with an OpenBSD mirror, type
The server directory will also be auto filled, type
Select sets by entering a set name, a file name pattern or 'all'. De-select sets by prepending a '-', e.g. '-game*'. Set name(s)? (or 'abort' or 'done') [done]
As we disabled X from our configuration above, lets remove all the X sets. Do this by typing the following:
x*.tgz files will be de-selected, type
Enter to move on.
At this time the sets will be downloaded and verified via SHA256 signature.
Once the download and unpack/install is complete, type
Enter to complete the sets install.
You may be prompted to update the clock at this time.
Saving configuration files...done. Making all device nodes...done. Relinking to create unique kernel...done. CONGRATULATIONS! Your OpenBSD install has been successfully completed! Exit to (S)hell, (H)alt, or (R)eboot? [reboot]
Enter to reboot into your fresh OpenBSD install!
Once you have finished your install and you have rebooted into your new OS there are a couple things you should do right away.
We will kick off
syspatch and reboot to get all the latest stability, security, and performance fixes.
Now that you have a pristine OpenBSD VM installed, it is a good idea to shut it down and create a clone of this. It can be the foundation of many services. A future post will go over the automation of this process as well as steps I take to further increase and improve the security and configuration of my OpenBSD installs.