OpenBSD server on Hetzner Cloud

Published on 2019-06-07 and last updated on 2019-06-25

This is a step-by-step guide on setting up OpenBSD powered servers on Hetzner Cloud.

To get started, create a new server in the cloud console. The operating system image doesn’t matter.

cloud console empty server view

cloud console create new server button

Wait until the server is ready.

new server in cloud console

Select it, then klick on “ISO Images” and mount the latest OpenBSD image.

list of ISO images in cloud console

cloud console hints at mounted image

Open the web console and press the Ctrl+Alt+Del button to force a reboot.

web console ctrl+alt+del button

Wait until the OpenBSD installer has started.

OpenBSD installer welcome prompt

Choose Install.

OpenBSD installer asks for keyboard layout

Choose your keyboard layout.

OpenBSD installier asks for host part of FQDN

Choose the host part of the FQDN. (I use www.)

OpenBSD installier asks how to configure IPv4

Select the network interface vio0 and configure IPv4 to use dhcp.

OpenBSD installer asks for IPv6 address

Configure IPv6 using an address from your assigned subnet.

OpenBSD installer asks for IPv6 prefix length

Hetzner assigns /64 IPv6 subnets. So choose that as prefix length.

OpenBSD installer asks for IPv6 default router

Choose fe80::1%vio0 as IPv6 default router.

OpenBSD installer is done configuring network devices

You’re done (configuring network interfaces).

OpenBSD installer asks for domain part of FQDN

Enter the domain part of your FQDN (I’m using example.com).

OpenBSD installer asks for root password

Then choose a password for the root user.

OpenBSD installer asks whether to start ssh by default

Let sshd start by default so you’ll be able to log in without the web console.

OpenBSD installer asks whether you expect to run the X Window System

You don’t need the X Window System.

OpenBSD installer asks whether to change the default console

And you don’t need to change the default console.

OpenBSD installer asks whether to setup another user

Set up a user, if you like. (I’m choosing not to.)

OpenBSD installer asks whether to allow root to login via ssh

Allow root to log in using ssh. (You may not need this if you created another user. I haven’t done that.)

OpenBSD installer asks for timezone

Set your time zone.

OpenBSD installer asks for root disk

Select sd0 as root disk.

OpenBSD installer asks for partition table

Use the whole disk.

OpenBSD installer asks for partition scheme

Select “Auto layout”.

OpenBSD installer asks for set location

Choose http as set location and cdn.openbsd.org as server, then confirm the server directory.

OpenBSD installer asks for list of sets to install

Choose your sets. (I don’t want the x* sets and the games. You might need the x* sets for PHP.)

OpenBSD installer installs sets

Wait until the sets have been installed. Confirm that you are done.

cloud console with ISO image unmount button

Unmount the OpenBSD image in the cloud console.

OpenBSD installer is done

Reboot the server and close the web console.

Connect to the server using your local terminal:

connecting to the server using ssh

Fix the IPv6 setup. Edit /etc/hostname.vio and disable Semantically Opaque Interface Identifiers by adding -soii at the end:

dhcp
inet6 2a01:4f9:dead:beef::23 64
-soii

Add your ssh public key to your users ~/.ssh/authorized_keys file:

user@local-machine ~$: ssh-copy-id -i ~/.ssh/mykey root@www

Edit /etc/ssh/sshd_config and set PasswordAuthentication to no:

sshd configuration file with disabled password authentication

Update the system using syspatch:

syspatch installing all available updates

Reboot.

Subscribe to the OpenBSD announce mailinglist and run syspatch every time you get notified of available patches.

You are done.