This article is getting pretty old. OpenBSD has had several releases since I wrote this article.
I wanted to spin up an OpenBSD VM and had heard that you could do that at Vultr. These are some notes I made along the way.
I found that Vultr now supports OpenBSD directly, not just as a custom option (their support document appears to be a little out of date). So, you can spin up an OpenBSD instance as you would any other instance from their console.
I added an SSH key when setting up my instance, but wasn't able to authenticate by public key after the install completed, so I did a hard reboot of the VM from Vultr's dashboard, then immediately opened the console and selected single-user mode at the boot prompt.
boot> boot -s
You only get a few seconds to do this before normal boot proceeds, so I was carefuly not to dally in clicking the Console button when the reboot kicks off.
This brought the system up in single-user mode. I pressed return at the prompt.
Enter pathname of shell or RETURN for sh:
Following the OpenBSD FAQ, I mounted the root and usr filesystems, updated the root password, and rebooted.
# fsck -p / && mount -uw / # fsck -p /usr/local && mount /usr/local # passwd # reboot
After the reboot, I was able to log in by ssh using password authentication.
I checked the .ssh/authorized_keys
file and it was empty,
explaining why public key authentication didn't work.
I prefer not to work as root unless necessary, so I created a user.
vultr# adduser Use option ``-silent'' if you don't want to see all warnings and questions. Reading /etc/shells Check /etc/master.passwd Check /etc/group Ok, let's go. Don't worry about mistakes. There will be a chance later to correct any input. Enter username []: user Enter full name []: User Enter shell csh ksh nologin sh [ksh]: Uid [1000]: Login group user [user]: Login group is ``user''. Invite user into other groups: guest no [no]: wheel Login class authpf bgpd daemon default pbuild staff unbound [default]: staff Enter password []: Enter password again []: Name: user Password: **** Fullname: User Uid: 1000 Gid: 1000 (user) Groups: user wheel Login Class: staff HOME: /home/user Shell: /bin/ksh OK? (y/n) [y]: Added user ``user'' Copy files from /etc/skel to /home/user Add another user? (y/n) [y]: n Goodbye!
I set the user's login class to staff and added it to the wheel group.
Otherwise, I took the defaults. I added my public SSH key to
~user/.ssh/authorized_keys
and checked that I could log in as the
new user with public key authentication and switch users to root if necessary.
I updated /etc/ssh/sshd_config
to deny root logins and allow
only public key authentication. Then I restarted sshd.
vultr# kill -HUP `cat /var/run/sshd.pid`
After that, I confirmed that I wasn't able to log in as root or use password authentication via ssh.
I took a look at the mail that was waiting for root. It included the install output and some advice on getting started with OpenBSD. I checked some of the suggested items as well as those listed in the afterboot manual page.
I noticed that I was getting a daily email from the system. By default,
daily runs every day to
do some valuable system checks. It also provides some informational output which
can be disabled so that root will only receive mail from the script
when something is wrong, rather than every day. The informational output is
disabled by creating /etc/daily.local
and setting the appropriate
variable.
VERBOSESTATUS=0
I was looking to install some packages, but none of the package management
tools were able to find any packages. I noticed that
/etc/installurl
was empty. This is where the package management
tools look for an URL for the package mirror server URL. I updated it with the
example given in the
manual page.
I noticed that there were some packages already installed that I wasn't
interested in: python and wget had been installed manually (I found these with
pkg_info -m
). I removed these two packages then any packages that
were no longer required and were not manually installed (their dependencies).
pkg_delete -c python wget pkg_delete -a
I hope that you found this helpful. If this is the kind of thing you're into, you may also enjoy some of my other articles. If you have any questions or comments, please feel free to drop me an e-mail.
Aaron D. Parks