OpenBSD 7.1 Install Guide

This is a quick install guide for OpenBSD 7.1.

Before You Begin

NOTE: This guide is no substitute for reading the OpenBSD FAQ. In particular, you should read the Installation Guide and the release notes for 7.1.

Booting from ISO

  1. First, you'll want to boot up from the install ISO. Make sure you verify the ISO before you install. Please consult the BuyVM, OpenBSD VMM, or the bsd.rd install guides.
    CD-ROM: E0
    Loading /7.1/AMD64/CDBOOT
    probing: pc0 com0 mem[638K 1022M a20=on]
    disk: hd0+* cd0
    >> OpenBSD/amd64 CDBOOT 3.53
    boot>
    
  2. At bootup, type boot, then press enter. Or wait a few seconds to boot automatically.
    cannot open cd0a:/etc/random.seed: No such file or directory
    booting cd0a:/7.1/amd64/bsd.rd: 3891908+1614848+3895112+0+708608 [109+435984+290736]=0xa57ab0
    ...
    root on rd0a swap on rd0b dump on rd0b
    WARNING: CHECK AND RESET THE DATE!
    erase ^?, werase ^W, kill ^U, intr ^C, status ^T
    

Installation

Welcome to the OpenBSD/amd64 7.1 installation program.
(I)nstall, (U)pgrade, (A)utoinstall or (S)hell?
  1. Type i for install
  2. NOTE: At any time during the installation, if you make a mistake, you can type ctrl+c to cancel the install process. Then, press ctrl+d to bring back the installation options.
    At any prompt except password prompts you can escape to a shell by
    typing '!'. Default answers are shown in []'s and are selected by
    pressing RETURN.  You can exit this program at any time by pressing
    Control-C, but this can leave your system in an inconsistent state.
    
    Terminal type? [vt220] 
    
  3. If you're using OpenBSD's VMM, press enter to use the default terminal type (vt220).
    System hostname? (short form, e.g. 'foo') subdomain
    
  4. Type in your system hostname. It is usually a single word. For example, if your full domain name is subdomain.example.com, type in subdomain.

Configuring Networking

Available network interfaces are: vio0 vlan0.
Which network interface do you wish to configure? (or 'done') [vio0] 
  1. If you're installing for a virtual machine, you are likely using vio0 for your network interface (short for VirtIO). If you are using some other interface (like em0), you may want to change the networking device to VirtIO.
    IPv4 address for vio0? (or 'autoconf' or 'none') [autoconf] 192.0.2.2
    IPv6 address for vio0? (or 'autoconf' or 'none') [none] 2001:db8:abcd::1
    IPv6 prefix length for vio0? [64] 48
    Available network interfaces are: vio0 vlan0.
    Which network interface do you wish to configure? (or 'done') [done] 
    Default IPv4 route? (IPv4 address or none) 192.0.2.1
    add net default: gateway 192.0.2.1
    1) none
    IPv6 default router? (list #, IPv6 address or 'none') 2001:db8::1
    add net default: gateway 2602:fccf:1::1
    
  2. For server hosting, it's recommended that you statically assign the IPv4 address rather than relying on autoconf, which uses DHCP?.
  3. Your IP addresses, prefix length, and default gateway should be in your registration email or your provider's web panel. Type in your IPv4 and IPv6 addresses here.
  4. autoconf (using DHCP) is not recommended. Unlike with static networking, DHCP allocates IP addresses dynamically. Sometimes, routers can can change your address during a reboot, causing your DNS records to be invalid, and your users unable to connect.
  5. If you chose autoconf by accident, it can be fixed later. You can either type ctrl+c to cancel installation, then ctrl+d to restart installation, or you can finish installation, then follow the static networking guide.
  6. Your IPv6 prefix length may not be the same as your subnet length. Please double check both carefully.
    DNS domain name? (e.g. 'example.com') [my.domain] example.com
    DNS nameservers? (IP address list or 'none') [none] 8.8.8.8
    
  7. The DNS domain name will be the rest of your fully qualified domain name once you skip the subdomain. If your full hostname is subdomain.example.com, it would be example.com.
  8. Common DNS nameservers include 8.8.8.8 from Google, 1.1.1.1 from Cloudflare, and 9.9.9.9 from Quad9.
  9. Eventually, we recommend setting up your own unbound caching name server for independence. If using unbound, you would use 127.0.0.1 as your nameserver.
  10. NOTE: If you use 127.0.0.1, you will not be able to download packages for installation without using the trick described below.

User Management

Password for root account? (will not echo)
Password for root account? (again)
  1. Type in your root password twice. Note that your password will NOT be printed on the screen. It is invisible to improve security.
    Start sshd(8) by default? [yes]
    Change the default console to com0? [yes]
    Available speeds are: 9600 19200 38400 57600 115200.
    Which speed should com0 use? (or 'done') [115200]
    
  2. You will need to start sshd by default to remotely administer the system. For the other settings, accept the default.
    Setup a user? (enter a lower-case loginname, or 'no') [no] username
    Full name for user username? [username]
    Password for user username? (will not echo)
    Password for user username? (again)
    WARNING: root is targeted by password guessing attacks, pubkeys are safer.
    Allow root ssh login? (yes, no, prohibit-password) [no]
    
  3. Create a username so you can avoid logging in as root. Don't allow root ssh login; disabling it will help improve security.

Partitioning Disks

Available disks are: sd0.
Which disk is the root disk? ('?' for details) [sd0] 
  1. Press ? to see information about available disks.
  2. Select the correct disk. WARNING: Selecting the wrong disk may erase data forever!
    No valid MBR or GPT.
    Use (W)hole disk MBR, whole disk (G)PT or (E)dit? [whole]
    
  3. You are encouraged to read up on fdisk and disklabel. If this is a fresh install and you have no important data on the disk, accept the default (W)hole Disk.
    Setting OpenBSD MBR partition to whole sd0...done.
    The auto-allocated layout for sd0 is:
    #                size           offset  fstype [fsize bsize   cpg]
      a:           624.9M               64  4.2BSD   2048 16384     1 # /
      b:          1029.8M          1279840    swap                    
      c:         20480.0M                0  unused                    
      d:           879.8M          3388864  4.2BSD   2048 16384     1 # /tmp
      e:          1314.7M          5190752  4.2BSD   2048 16384     1 # /var
      f:          2449.8M          7883296  4.2BSD   2048 16384     1 # /usr
      g:           668.9M         12900448  4.2BSD   2048 16384     1 # /usr/X11R6
      h:          2448.7M         14270432  4.2BSD   2048 16384     1 # /usr/local
      i:          1690.0M         19285344  4.2BSD   2048 16384     1 # /usr/src
      j:          5499.9M         22746368  4.2BSD   2048 16384     1 # /usr/obj
      k:          3873.5M         34010176  4.2BSD   2048 16384     1 # /home
    Use (A)uto layout, (E)dit auto layout, or create (C)ustom layout? [a] 
    
  4. Unless you have a specific layout in mind, type enter to use (A)uto layout. If you have special needs, consult the disklabel guide.
    newfs: reduced number of fragments per cylinder group from 79984 to 79352 to en
    large last cylinder group
    /dev/rsd0a: 624.9MB in 1279776 sectors of 512 bytes                            
    5 cylinder groups of 154.98MB, 9919 blocks, 19840 inodes each
    /dev/rsd0k: 3873.5MB in 7932864 sectors of 512 bytes                           
    ...
    /dev/sd0i (67db13a3ff84ca60.i) on /mnt/usr/src type ffs (rw, asynchronous, local, nodev, nosuid)
    /dev/sd0e (67db13a3ff84ca60.e) on /mnt/var type ffs (rw, asynchronous, local, nodev, nosuid)
    

Installing Base Sets

Let's install the sets!
Location of sets? (cd0 disk http nfs or 'done') [cd0] 

Using CD ISO

  1. To use a CD ISO, type cd0. To use a flash drive, type disk. To download from the internet, type http.
  2. If you choose to use cd0:
Location of sets? (cd0 disk http nfs or 'done') [cd0] 
Pathname to the sets? (or 'done') [7.1/amd64] 

Select sets by entering a set name, a file name pattern or 'all'. De-select
sets by prepending a '-', e.g.: '-game*'. Selected sets are labelled '[X]'.
    [X] bsd           [X] comp71.tgz    [X] xbase71.tgz   [X] xserv71.tgz
    [X] bsd.rd        [X] man71.tgz     [X] xshare71.tgz
    [X] base71.tgz    [X] game71.tgz    [X] xfont71.tgz
Set name(s)? (or 'abort' or 'done') [done] 
Directory does not contain SHA256.sig. Continue without verification? [no] yes 
  1. If using the default ISO, the default pathname will be 7.1/amd64. You may need to replace amd64 with your specific architecture.
  2. If you're using CD, please verify the ISO before you install. Once you have done this, you can then install without verification. If you are using HTTP, you must verify the sets to be safe. Do not use unverified sets over HTTP.
    # OpenBSD has base sets?, which are default software that is included with the installation image. Base software is audited and maintained by the OpenBSD team.
  3. In the OpenBSD FAQ:
    New users are recommended to install all of them.
    Some libraries from xbase71.tgz, like freetype or fontconfig, can be used outside of X by programs that manipulate text or graphics. Such programs will usually need fonts, either from xfont71.tgz or font packages. For the sake of simplicity, the developers decided against maintaining a minimal xbase71.tgz set that would allow most non-X ports to run.
    If you chose to skip some file sets at install time, you might realize later that you really do need them after all. Simply boot bsd.rd from your root file system and choose (U)pgrade. When you get to the list of file sets, select the ones you need.
  4. The X sets are often needed even if you don't run X. If you skip it now, you may later need to reboot the server and run bsd.rd to upgrade the installation. This would require downtime. The X packages are only a few hundred megabytes and present minimal security risk so long as X is disabled.

Using HTTP

  1. If you choose to use http:
Location of sets? (cd0 disk http nfs or 'done') [cd0] http
HTTP proxy URL? (e.g. 'http://proxy:8080', or 'none') [none] 
HTTP Server? (hostname, list#, 'done' or '?') ?
HTTP Server? (hostname, list#, 'done' or '?') [mirror.esc7.net] 
Server directory? [pub/OpenBSD/7.1/amd64] 

Select sets by entering a set name, a file name pattern or 'all'. De-select
sets by prepending a '-', e.g.: '-game*'. Selected sets are labelled '[X]'.
    [X] bsd           [X] comp71.tgz    [X] xbase71.tgz   [X] xserv71.tgz
    [X] bsd.rd        [X] man71.tgz     [X] xshare71.tgz
    [X] base71.tgz    [X] game71.tgz    [X] xfont71.tgz
Set name(s)? (or 'abort' or 'done') [done] 
  1. Unless you have specifically configured an HTTP proxy, you can leave the setting as none.
  2. For HTTP Server, type ? to see a list of possible servers. Here, we select mirror.esc7.net because it is closest to where our server is located.
  3. The Server directory should be left at its default pub/OpenBSD/7.1/amd64. You may need to replace amd64 with your specific architecture.
  4. NOTE: If you choose http, it will need proper networking (including DNS). At times, DNS may not be properly configured, such as if you are using unbound. There is a way to bypass normal DNS resolution: instead of using a hostname like example.com, use an IPv4 address like 192.0.2.1.
    # Select all the sets, then enter done.

Using Disk

  1. If you choose to use disk, type disk:
Location of sets? (cd0 disk http nfs or 'done') [http] disk
Is the disk partition already mounted? [yes] no
Available disks are: sd0 sd1.
Which disk contains the install media? (or 'done') [sd0] 
  1. Select the disk with install media.

Install and Reboot

Installing bsd          100% |**************************| 22339 KB    00:03    
Installing bsd.rd       100% |**************************|  4498 KB    00:00    
Installing base71.tgz    81% |*********************     |   270 MB    00:19 ETA
...
  1. Once installation is complete, type done for Location of sets:
Location of sets? (cd0 disk http nfs or 'done') [done] 
  1. Set the timezone (make it match your physical location).
Time appears wrong.  Set to 'Sun Apr 24 17:30:42 EDT 2022'? [yes] 
Saving configuration files... done.
Making all device nodes... done.
Cannot fetch http://firmware.openbsd.org/firmware/7.1/SHA256.sig (timed out)
fw_update: added none; updated none; kept none
Relinking to create unique kernel... done.

CONGRATULATIONS! Your OpenBSD install has been successfully completed!

When you login to your new system the first time, please read your mail
using the 'mail' command.
  1. Restart the VPS.
Exit to (S)hell, (H)alt or (R)eboot? [reboot]