romanzolotarev.com: support me and follow on twitter

Deploy a VM in Amsterdam

OpenBSD in Amsterdam is running dedicated vmd(8) servers to host opinionated VMs.

Send your name, email address, hostname, username, and public SSH key to OpenBSDAms via contact form, Twitter, or Mastodon, before you pay.

For example:

Roman Zolotarev
hi@romanzolotarev.com
www.romanzolotarev.com
romanzolotarev
ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIIqh7BmO... 1500469202

Please allow few hours for your VM to be started. You'll get IPv4 (and IPv6) address as soon as your VM is deployed. Login to the VM (assuming your private SSH key is in its default location):

$ ssh username@XXX.XXX.XXX.XXX
OpenBSD 6.3 (GENERIC) #4: Sun Jun 17 11:09:51 CEST 2018

Welcome to OpenBSD: The proactively secure Unix-like operating
system.

Please use the sendbug(1) utility to report bugs in the system.
Before reporting a bug, please try to reproduce it with the
latest version of the code. With bug reports, please try to
ensure that enough information to reproduce the problem is
enclosed, and if a known fix for it exists, include that as
well.
$

Get a password from ~/pass.txt and switch to root.

$ cat pass.txt
XXXXXXXXXXXXXXXXXXXXXXXXXX
$ su -
password:
#

Add your username to /etc/doas.conf:

# echo 'permit username' > /etc/doas.conf
#

Edit /etc/ssh/sshd_config:

PermitRootLogin no
PasswordAuthentication no

Verify the new config and restart sshd:

# sshd -t
# rcctl restart sshd
sshd(ok)
sshd(ok)
#

Run sysctl to set the time counter then run ntpd to set the local clock and terminate it by pressing ^C.

# echo 'kern.timecounter.hardware=tsc' > /etc/sysctl.conf
# sysctl kern.timecounter.hardware=tsc
kern.timecounter.hardware: i8254 -> tsc
# ntpd -sd
/var/db/ntpd.drift is empty
ntp engine ready
...
sensor vmmci0: offset 44.961541
set local clock to Sat Jun 30 21:15:05 CEST 2018 (offset 44.961541s)
...
^Cntp engine exiting
Terminating
#

Edit /etc/hostname.vio0:

inet 46.23.xx.xx 255.255.255.0
inet6 2a03:6000:xxxx::xxx 64 -soii

Edit /etc/mygate:

46.23.xx.1
2a03:6000:xxxx::1

Reinitialize the network:

# sh /etc/netstart vio0
#

Update /etc/pf.conf, test, and load it:

# echo 'pass in quick proto { icmp, icmp6 } all' >> /etc/pf.conf
# pfctl -nf /etc/pf.conf
# pfctl -f /etc/pf.conf
# pfctl -sr
block return all
pass all flags S/SA
block return in on ! lo0 proto tcp from any to any port 6000:6010
block return out log proto tcp all user = 55
block return out log proto udp all user = 55
pass in quick proto icmp all
pass in quick proto ipv6-icmp all
#

Stop and disable sndiod:

# rcctl stop sndiod
sndiod(ok)
# rcctl disable sndiod
#

Check 6.3 errata and apply available patches.

# syspatch
...
Get/Verify syspatch63-011_perl.tgz 100% |***************| 24401       00:00
Installing patch 011_perl
Relinking to create unique kernel... done.
# reboot
Connection to XXX.XXX.XXX.XXX closed.

Now you may want to setup a web server.

Tested on OpenBSD 6.3


Thanks to Mischa Peters for reading drafts fo this, to Mike Larkin, Bryan Steele, h3artbl33d, and Jeff Neitzel for tips and hints.