Back to the sea ; the OpenBSD installation, episode II
OpenBSD is really easy to install.
It’s not shinning, but it asks for a few questions and only takes a couple of minutes to get a working system.
Grab the install48.iso file that corresponds to your version and CPU architecture. Burn it to a CD or use it to boot a VM.
The installation is straight forward, no big deal.
It’ll ask for the keyboard layout you want to use.
It’ll propose you to configure a DHCP (or fixed) network configuration.
It’ll configure the root password, create a basic user, configure SSH and NTP and set your time zone.
The disk configuration might be a bit tricky.
But just read the FAQ and you’ll be able to handle this.
If you downloaded the
install*.iso file, every archives will be provided on
the CD (emulation). So you’ll choose
cd as the “Location of sets?”. If not,
you may use
ftp ; if you have a network access.
When asked for the “Set name(s)?”, I choose
done. This might not
be the safest installation for a server but there are packages that might
require X stuff latter and I don’t really want to fight with those latter.
Then, I consider that a non running service doesn’t harm. I know it’s not quite
true, but that’s the level of security I want to afford.
Let the installation proceed, auto-configure a few other things and you’re ready to reboot.
Here we are. The system has rebooted and the login prompt is ready for me.
As I configured a user and SSH, I won’t use the console. I’ll do everything via a remote SSH connexion.
From DHCP to fixed IP
I installed the system with a DHCP configuration. It’s just easier for a start ; and I don’t remember what the default network range inside a VMware Fusion NAT ;-)
There are only a few steps to switch to fixed IP:
# vi /etc/hostname.em0 inet 192.168.12.144 255.255.255.0 192.168.12.255 # vi /etc/myname eddie.tumfatig.net # vi /etc/mygate 192.168.12.2 # vi /etc/hosts 192.168.12.144 eddie.tumfatig.net eddie # vi /etc/resolv.conf search tumfatig.net carnat.net free.fr nameserver 192.168.12.2 lookup file bind
Reboot the server to apply the name and network configuration.
I want to use long SSH keys and deny SSH access via password.
Create the server keys:
# ssh-keygen -t rsa1 -f ssh_host_key -N '' -C "tumfatig.net" -b 4096 # ssh-keygen -t dsa -f ssh_host_dsa_key -N '' -C "tumfatig.net" -b 1024 # ssh-keygen -t rsa -f ssh_host_rsa_key -N '' -C "tumfatig.net" -b 4096 # cp -p ssh*key* /etc/ssh/
Create the personal keys:
# ssh-keygen -t rsa -C "email@example.com" -b 4096
Deny password authentication:
# vi /etc/ssh/sshd_config PasswordAuthentication no # kill -HUP `cat /var/run/sshd.pid`
Execute a command as another user
Your normal user is no admin ; or at least, it shouldn’t. So to do big guy
things, you need to be granted the ultimate mighty power.
sudo is the tool
that enables you to run a single command as Zeus.
# visudo %wheel ALL=(ALL) SETENV: ALL
If your user was created during installation, it already is in the
group. If not, add it and relog to apply the changes. And remember:
We trust you have received the usual lecture from the local System Administrator. It usually boils down to these three things: #1) Respect the privacy of others. #2) Think before you type. #3) With great power comes great responsibility.
The default user environment is perfect for administration. Fast, silent, efficient. But I like to add a bit of color in my terminals.
# vi ~/.profile PATH=$HOME/bin:/bin:/sbin:/usr/bin:/usr/sbin:/usr/X11R6/bin:/usr/local/bin:/usr/ local/sbin:/usr/games:. export PATH HOME TERM export EDITOR="/usr/local/bin/vim" export EXINIT='set autoindent' export PAGER="/usr/bin/less" export VISUAL=$EDITOR HISTFILE=$HOME/.history HISTSIZE=4096 alias ls="/bin/ls -aF" ll="ls -lh" set -o emacs umask 022 _U="`whoami`" _H="`hostname -s`" _V="`uname -sr`" BLANK='^[[0m' DRED='^[[0;31m' DGREEN='^[[0;32m' DYELLOW='^[[0;33m' DBLUE='^[[0;34m' DPURPLE='^[[0;35m' DCYAN='^[[0;36m' DWHITE='^[[0;37m' case $TERM in xterm*|*rxvt*) # PS1='^0;[ $_U@$_H:$(pwd) ]^G #$DRED-($DCYAN$_U$BLANK@$DCYAN$_H$DRED)-($DWHITE$_V$DRED)-($DYELLOW$(date +"%Y-% m-%d")$DRED)- #$DRED-($DYELLOW$(date +"%H:%M")$DRED)-($DGREEN$(pwd)$DRED)- $BLANK' PS1='^0;[ $_U@$_H:$(pwd) ]^G $DRED-($DCYAN$_U$BLANK@$DCYAN$_H$DRED)-($DWHITE$_V$DRED)-($DYELLOW$(date +"%Y-%m -%d %H:%M")$DRED)- $DRED-($DGREEN$(pwd)$DRED)-$BLANK # ' ;; *) PS1='[ $_U@$_H:$(pwd) ] ' ;; esac
The mighty editor
I like to use
vim as my system editor:
# pkg\_add http://ftp.fr.openbsd.org/pub/OpenBSD/4.8/packages/amd64/vim-7.2.444-no\_x11.tgz # pkg_add http://ftp.fr.openbsd.org/pub/OpenBSD/4.8/packages/amd64/vim-spell-fr-7.2.tgz # vi ~/.vimrc set nocompatible set backspace=indent,eol,start set nobackup set history=50 set ruler set showcmd set incsearch syntax on
It’s time for a remote backup:
# ssh 192.168.12.144 "sudo tar czpf - /" > eddie.obsd48amd64.01basics.tar.gz tar: Removing leading / from absolute path names in the archive tar: Ustar cannot archive a socket /dev/log tar: Ustar cannot archive a socket /var/cron/tabs/.sock tar: Ustar cannot archive a socket /var/empty/dev/log tar: Ustar cannot archive a socket /var/www/dev/log
That’s All Folks!