Difference between revisions of "OpenBSD Post Install Steps"

From Aram's Wiki
Jump to: navigation, search
(Update the software)
(Vultr.com)
 
(4 intermediate revisions by the same user not shown)
Line 12: Line 12:
  
 
  # As root
 
  # As root
echo 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIANJ9BKKslS9Zqp1dRWL1nRiLmFp7nGvP06zPJ4L7cES aram@emerald.local' >> /root/.ssh/authorized_keys
 
 
  echo 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJnkro8LT0TS+NTOIB787wfqIwv2VTmXXYsnsoVk71UE aram@horizon.local' >> /root/.ssh/authorized_keys
 
  echo 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJnkro8LT0TS+NTOIB787wfqIwv2VTmXXYsnsoVk71UE aram@horizon.local' >> /root/.ssh/authorized_keys
 +
echo 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIC8dcfsqZJWTNTCfATbD6WiZyWoK3AiihynONRjCrtMw aram@oceanic.local' >> /root/.ssh/authorized_keys
 +
echo 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIMRc0UWKrFpCv/EOUo2jpEQt+C/pa0tc1rUWKgjbKTp7 aram@edengate.local' >> /root/.ssh/authorized_keys
  
 
Change the autogenerated password:
 
Change the autogenerated password:
Line 35: Line 36:
 
This will create a user with a random password that can do passwordless doas:
 
This will create a user with a random password that can do passwordless doas:
  
  useradd -m -g staff -L staff -c 'Aram Hăvărneanu' -s /usr/local/bin/bash -p `jot -r -c 30 a z | rs -g0 0 30 | encrypt -b a` aram
+
  useradd -m -g staff -L staff -G wheel -c 'Aram Hăvărneanu' -s /bin/ksh -p `jot -r -c 30 a z | rs -g0 0 30 | encrypt -b a` aram
  
 
Enable passwordless doas for the staff group:
 
Enable passwordless doas for the staff group:
Line 51: Line 52:
 
  # as a user
 
  # as a user
 
  mkdir -p .ssh
 
  mkdir -p .ssh
echo 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIANJ9BKKslS9Zqp1dRWL1nRiLmFp7nGvP06zPJ4L7cES aram@emerald.local' >> .ssh/authorized_keys
 
 
  echo 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJnkro8LT0TS+NTOIB787wfqIwv2VTmXXYsnsoVk71UE aram@horizon.local' >> .ssh/authorized_keys
 
  echo 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJnkro8LT0TS+NTOIB787wfqIwv2VTmXXYsnsoVk71UE aram@horizon.local' >> .ssh/authorized_keys
 +
echo 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIC8dcfsqZJWTNTCfATbD6WiZyWoK3AiihynONRjCrtMw aram@oceanic.local' >> .ssh/authorized_keys
 +
echo 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIMRc0UWKrFpCv/EOUo2jpEQt+C/pa0tc1rUWKgjbKTp7 aram@edengate.local' >> .ssh/authorized_keys
 +
chmod 700 .ssh
 +
chmod 644 .ssh/authorized_keys

Latest revision as of 15:34, 8 February 2023


Introduction

Everything on this page needs to be done as root, unless specified, so login as root, or su to root.

su -

Vultr.com

Vultr.com doesn't install ssh keys, you will need to log-in as root with the autogenerated password, then install your ssh key.

# As root
echo 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJnkro8LT0TS+NTOIB787wfqIwv2VTmXXYsnsoVk71UE aram@horizon.local' >> /root/.ssh/authorized_keys
echo 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIC8dcfsqZJWTNTCfATbD6WiZyWoK3AiihynONRjCrtMw aram@oceanic.local' >> /root/.ssh/authorized_keys
echo 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIMRc0UWKrFpCv/EOUo2jpEQt+C/pa0tc1rUWKgjbKTp7 aram@edengate.local' >> /root/.ssh/authorized_keys

Change the autogenerated password:

usermod -p `jot -r -c 30 a z | rs -g0 0 30 | encrypt -b a` root

Set the hostname

echo 'freedom.mgk.ro' > /etc/myname

Update the software

echo 'https://cdn.openbsd.org/pub/OpenBSD' > /etc/installurl
syspatch

Install basic software

pkg_add bash rsync

Create a user

This will create a user with a random password that can do passwordless doas:

useradd -m -g staff -L staff -G wheel -c 'Aram Hăvărneanu' -s /bin/ksh -p `jot -r -c 30 a z | rs -g0 0 30 | encrypt -b a` aram

Enable passwordless doas for the staff group:

cat <<EOF > /etc/doas.conf
permit nopass :staff
permit nopass keepenv root
EOF

SSH

For ssh access, use su to switch from root to the user and then add ssh keys.

su - aram
# as a user
mkdir -p .ssh
echo 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJnkro8LT0TS+NTOIB787wfqIwv2VTmXXYsnsoVk71UE aram@horizon.local' >> .ssh/authorized_keys
echo 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIC8dcfsqZJWTNTCfATbD6WiZyWoK3AiihynONRjCrtMw aram@oceanic.local' >> .ssh/authorized_keys
echo 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIMRc0UWKrFpCv/EOUo2jpEQt+C/pa0tc1rUWKgjbKTp7 aram@edengate.local' >> .ssh/authorized_keys
chmod 700 .ssh
chmod 644 .ssh/authorized_keys