https://ndonaghy.com/tags/openbsd/ Recent content in Openbsd on Niall Donaghy Hugo en-gb Tue, 07 Apr 2026 01:57:29 +0100 https://ndonaghy.com/posts/openbsd-sshd-hardening/ Tue, 07 Apr 2026 01:57:29 +0100 https://ndonaghy.com/posts/openbsd-sshd-hardening/ <h1 id="goals">Goals:</h1> <ul> <li>a sane sshd configuration</li> <li>a sane pf configuration</li> <li>optional: add sshguard (but recommended)</li> </ul> <h1 id="setup-ssh-for-your-main-user">setup SSH for your main user</h1> <p>Your main user is not root. :)</p> <p>Change to your regular user and setup SSH dirs:</p> <pre tabindex="0"><code>su - niall mkdir -p /home/niall/.ssh chmod 700 /home/niall/.ssh chown niall:niall /home/niall/.ssh # add pubkey(s) you want to be authorised for login nano /home/niall/.ssh/authorized_keys &lt;paste in&gt; </code></pre><p>Default /etc/ssh/sshd_config has key-based login enabled, so test it now:</p> https://ndonaghy.com/posts/openbsd-7.8-installation/ Tue, 07 Apr 2026 01:33:03 +0100 https://ndonaghy.com/posts/openbsd-7.8-installation/ <p>This guide is VirtualBox-centric, but most everything will translate to your hypervisor or bare metal of choice.</p> <h1 id="materials">Materials</h1> <p>Installation ISO:</p> <ul> <li>cd78.iso - you will download packages from network</li> <li>install78.iso - self-contained</li> </ul> <h1 id="hypervisor">Hypervisor</h1> <p>Create a new VM with the required CPU, RAM, and storage specs, and mount the ISO to boot from it and begin installation.</p> <p>VirtualBox-specific notes:</p> <ul> <li>Network: If using wifi on host, use NAT mode for the NIC; bridge mode performance tanks (does not apply if host is wired).</li> <li>Storage: make &ldquo;IDE&rdquo; type PIIX4, attach ISO there, make &ldquo;ACHI&rdquo; type ACHI, enable host IO cache, and attach VDI there.</li> <li>VDI: Can tick Solid-state drive.</li> <li>Don&rsquo;t be tempted by UEFI mode, you will have boot issues.</li> <li>Don&rsquo;t be tempted by NVMe mode, disk will deadlock during install; ACHI is faster in Vbox anyway!</li> </ul> <h1 id="installation">Installation</h1> <h2 id="network">network</h2> <p>Follow instructions to set autoconf(DHCP) or static IP addressing and gateway, DNS, etc. In this doc, in post-install tasks, instructions given to convert DHCP config to static config</p> https://ndonaghy.com/posts/openbsd-disabling-unused-services/ Tue, 07 Apr 2026 00:10:44 +0100 https://ndonaghy.com/posts/openbsd-disabling-unused-services/ <p>Whilst setting up this OpenBSD VPS I trimmed some unused services. Secure by default, but securer when not running. :)</p> <h2 id="check_quotas">check_quotas</h2> <p>There are disk quota checks at boot, however, I am not using quotas:</p> <pre tabindex="0"><code>doas rcctl disable check_quotas doas rcctl stop check_quotas </code></pre><h2 id="dhcpleased">dhcpleased</h2> <p>The DHCP client daemon; this is not needed as I am using a static IP:</p> <pre tabindex="0"><code>doas rcctl disable dhcpleased doas rcctl stop dhcpleased </code></pre><h2 id="slaacd">slaacd</h2> <p>IPv6 stateless autoconfiguration; disable if you are not using IPv6, I am not:</p>