Recently, I switched all servers to OpenBSD, and I really appreciated the reliability and low system resource utilization it offers. Its out-of-the-box security is impressive! I especially love the fact that the default httpd server in OpenBSD is so simple and robust, and it runs in a chrooted environment by default. Instead of opting for Linux/Docker, you might consider trying OpenBSD and running potentially non-secure applications inside a chroot.

  • I will write a second post covering post-installation administration, as well as the httpd server.

Downloading and Verifying the Installation Image

  1. Visit the OpenBSD download page and choose the appropriate installation image for your target platform.

For x86-64 architecture Here is the download link

  • install75.iso For CD-ROM
  • install75.img For USB (Also works with most virtual cloud providers)
  • miniroot75.img For USB (Contains only the necessary parts to get a running system)

Public key to verify the installation : Key SHA256 Signature : Sig

signify is not available by default in gnu/linux distros! (Unless your host is *BSD Os)

Alpine Linux: apk add signify
Arch Linux: pacman -S signify
Debian/Ubuntu: apt install signify-openbsd
CentOS/RHEL/Rocky: dnf install epel-release then dnf install signify
Fedora: dnf install signify

Verify the installation

$ signify -Cp /etc/signify/openbsd-75-base.pub -x SHA256.sig install75.img
Signature Verified
install75.img: OK

All good! Now you can write that to a USB or upload it to a VPS

Writing the image

For other platforms, use the appropriate device name (e.g., /dev/sdX on Linux or /dev/rdiskX on macOS).

Assuming the USB drive is recognized as sd6:

dd if=install75.img of=/dev/rsd6c bs=1M
# or
cp install75.img /dev/rsd6cc

WARNING: Please be careful when writing to a disk! Make sure the disk selected the correct one ! Use lsblk remove & plug in to make sure it’s the right drive!

  • The disk you want to write should NOT be mounted

Hello OpenBSD 🐡

🙂 Hello there!

This is a clean image! So we will be installing it.

Enter I to install:

I

Networking

  1. Choose your keyboard eg: de
L
  1. Choose a hostname eg: cschad

It’ll appear like this:

cschad$

Note: If you’re following the guide on a cloud VM, you’ll find the network information below in your cloud dashboard.

  1. Select the network Interface eg: vio0

I used a VPS so in my case the network interface is vio0 If you’re installing from hardware it might be different!

  1. Your Public IP address (IPv4) eg: 101.142.80.81

  2. Subnet mask: Default (255.255.255.0) eg: 255.255.255.0

  • Feel free to select to put in a Public IPv6 or leave empty
  • Your domain name (optional) eg: cschad.com
  • DNS server eg: 9.9.9.9:
    • You can choose 9.9.9.9: Quad9 Dns Privacy-security focused. You can also use Cloudflare dns
# Quad9
9.9.9.9
# Cloudflare
1.1.1.1

Finally choose a strong root password.

If installing on Hardware only enable ssh if you are using it. If you want to Desktop environment and/or a Window manager for a Graphical user interface (GUI). Leave X Window system to (yes)

Don’t Allow root ssh login. You can add your ssh keys if needed

Disk encryption & partitioning

I recommend you encrypt the disk with a strong password (DIFFERENT than the ROOT password ❗)

Then type

W

For a whole disk partitioning

Auto-Partitioning & Custom Partitioning

OpenBSD does a good job auto-partitioning the disk! If you’re happy about the auto layout. Go ahead and type A for auto Layout: If you choose A Feel free to jump to the other section.

A

If you want to allocate more space to a partition for example /var /home etc Select C for a custom layout.

C

To see the available commands:

h
# or
help

To remove all partitions and add them by yourself

z
# then
a

Repeat this final step to add all the required partitions and finally save and quit with:

q

& Hit Enter!

Note: Make sure that the sum of all partitions created is equal to the total disk size 🙂

Sets and HTTP proxy

For the http server you can choose cdn.openbsd.org Or Install it from the disk!

  • game* and won’t take much space on the system! But you still deselect them with -game* and -xshare*

Finally Reboot with

R

🥳 Congratulations! You have successfully installed OpenBSD!


Next

If you have any insights or suggestions, I would love to hear them 🙂.