romanzolotarev.com: support and follow me on Mastodon
DISCLAIMER
I'm just a happy customer of OpenBSD Amsterdam.
Mischa Peters runs the place.
When you sign up, Mischa donates 16.7% to
OpenBSD Foundation.
Tested on OpenBSD 6.3
OpenBSD in Amsterdam is running dedicated vmd(8) servers to host opinionated VMs.
Send your name, email address, hostname, username, and public SSH key to OpenBSDAms via contact form, Twitter, or Mastodon, before you pay.
For example:
Roman Zolotarev
hi@romanzolotarev.com
www.romanzolotarev.com
romanzolotarev
ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIIqh7BmO... 1500469202
Please allow few hours for your VM to be started. You'll get IPv4 (and IPv6) address as soon as your VM is deployed. Login to the VM (assuming your private SSH key is in its default location):
$ ssh username@XXX.XXX.XXX.XXX OpenBSD 6.3 (GENERIC) #4: Sun Jun 17 11:09:51 CEST 2018 Welcome to OpenBSD: The proactively secure Unix-like operating system. Please use the sendbug(1) utility to report bugs in the system. Before reporting a bug, please try to reproduce it with the latest version of the code. With bug reports, please try to ensure that enough information to reproduce the problem is enclosed, and if a known fix for it exists, include that as well. $
Get the password from ~/.ssh/authorized_keys and switch to root.
$ head -1 ~/.ssh/authorized_keys| tr ' ' '\n'|tail -1 XXXXXXXXXXXXXXXXXXXXXXXXXX $ su - password: #
Add your username to /etc/doas.conf:
# echo 'permit username' > /etc/doas.conf #
Edit /etc/ssh/sshd_config:
PermitRootLogin no PasswordAuthentication no
Verify the new config and restart sshd:
# sshd -t # rcctl restart sshd sshd(ok) sshd(ok) #
Run sysctl to set the time counter then run ntpd to set the
local clock and terminate it by pressing ^C.
# echo 'kern.timecounter.hardware=tsc' >> /etc/sysctl.conf # sysctl kern.timecounter.hardware=tsc kern.timecounter.hardware: i8254 -> tsc # ntpd -sd /var/db/ntpd.drift is empty ntp engine ready ... sensor vmmci0: offset 44.961541 set local clock to Sat Jun 30 21:15:05 CEST 2018 (offset 44.961541s) ... ^Cntp engine exiting Terminating #
Edit /etc/hostname.vio0:
inet 46.23.xx.xx 255.255.255.0
inet6 2a03:6000:xxxx::xxx 64 -soii
Edit /etc/mygate:
46.23.xx.1
2a03:6000:xxxx::1
Reinitialize the network:
# sh /etc/netstart vio0 #
Update /etc/pf.conf, test, and load it:
# echo 'pass in quick proto { icmp, icmp6 } all' >> /etc/pf.conf
# pfctl -nf /etc/pf.conf
# pfctl -f /etc/pf.conf
# pfctl -sr
block return all
pass all flags S/SA
block return in on ! lo0 proto tcp from any to any port 6000:6010
block return out log proto tcp all user = 55
block return out log proto udp all user = 55
pass in quick proto icmp all
pass in quick proto ipv6-icmp all
#
Stop and disable sndiod:
# rcctl stop sndiod sndiod(ok) # rcctl disable sndiod #
Check 6.3 errata and apply available patches.
# syspatch ... Get/Verify syspatch63-011_perl.tgz 100% |***************| 24401 00:00 Installing patch 011_perl Relinking to create unique kernel... done. # reboot Connection to XXX.XXX.XXX.XXX closed.
Now you may want to setup a web server.
Thanks to Mischa Peters for reading drafts fo this, to Mike Larkin, Bryan Steele, h3artbl33d, and Jeff Neitzel for tips and hints.