support me and follow on twitter

Deploy a VM in Amsterdam

OpenBSD in Amsterdam is running dedicated vmd(8) servers to host opinionated VMs.

Send your name, email address, hostname, username, and public SSH key to OpenBSDAms via contact form, Twitter, or Mastodon, before you pay.

For example:

Roman Zolotarev
ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIIqh7BmO... 1500469202

Please allow few hours for your VM to be started. You'll get IPv4 (and IPv6) address as soon as your VM is deployed. Login to the VM (assuming your private SSH key is in its default location):

$ ssh username@XXX.XXX.XXX.XXX
OpenBSD 6.3 (GENERIC) #4: Sun Jun 17 11:09:51 CEST 2018

Welcome to OpenBSD: The proactively secure Unix-like operating

Please use the sendbug(1) utility to report bugs in the system.
Before reporting a bug, please try to reproduce it with the
latest version of the code. With bug reports, please try to
ensure that enough information to reproduce the problem is
enclosed, and if a known fix for it exists, include that as

Get a password from ~/pass.txt and switch to root.

$ cat pass.txt
$ su -

Add your username to /etc/doas.conf:

# echo 'permit username' > /etc/doas.conf

Edit /etc/ssh/sshd_config:

PermitRootLogin no
PasswordAuthentication no

Verify the new config and restart sshd:

# sshd -t
# rcctl restart sshd

Run sysctl to set the time counter then run ntpd to set the local clock and terminate it by pressing ^C.

# echo 'kern.timecounter.hardware=tsc' > /etc/sysctl.conf
# sysctl kern.timecounter.hardware=tsc
kern.timecounter.hardware: i8254 -> tsc
# ntpd -sd
/var/db/ntpd.drift is empty
ntp engine ready
sensor vmmci0: offset 44.961541
set local clock to Sat Jun 30 21:15:05 CEST 2018 (offset 44.961541s)
^Cntp engine exiting

Edit /etc/hostname.vio0:

inet 46.23.xx.xx
inet6 2a03:6000:xxxx::xxx 64 -soii

Edit /etc/mygate:


Reinitialize the network:

# sh /etc/netstart vio0

Update /etc/pf.conf, test, and load it:

# echo 'pass in quick proto { icmp, icmp6 } all' >> /etc/pf.conf
# pfctl -nf /etc/pf.conf
# pfctl -f /etc/pf.conf
# pfctl -sr
block return all
pass all flags S/SA
block return in on ! lo0 proto tcp from any to any port 6000:6010
block return out log proto tcp all user = 55
block return out log proto udp all user = 55
pass in quick proto icmp all
pass in quick proto ipv6-icmp all

Stop and disable sndiod:

# rcctl stop sndiod
# rcctl disable sndiod

Check 6.3 errata and apply available patches.

# syspatch
Get/Verify syspatch63-011_perl.tgz 100% |***************| 24401       00:00
Installing patch 011_perl
Relinking to create unique kernel... done.
# reboot
Connection to XXX.XXX.XXX.XXX closed.

Now you may want to setup a web server.

Tested on OpenBSD 6.3

Thanks to Mischa Peters for reading drafts fo this, to Mike Larkin, Bryan Steele, h3artbl33d, and Jeff Neitzel for tips and hints.