Difference between revisions of "OpenBSD Post Install Steps"
(→Update the software) |
(→Vultr.com) |
||
(4 intermediate revisions by the same user not shown) | |||
Line 12: | Line 12: | ||
# As root | # As root | ||
− | |||
echo 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJnkro8LT0TS+NTOIB787wfqIwv2VTmXXYsnsoVk71UE aram@horizon.local' >> /root/.ssh/authorized_keys | echo 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJnkro8LT0TS+NTOIB787wfqIwv2VTmXXYsnsoVk71UE aram@horizon.local' >> /root/.ssh/authorized_keys | ||
+ | echo 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIC8dcfsqZJWTNTCfATbD6WiZyWoK3AiihynONRjCrtMw aram@oceanic.local' >> /root/.ssh/authorized_keys | ||
+ | echo 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIMRc0UWKrFpCv/EOUo2jpEQt+C/pa0tc1rUWKgjbKTp7 aram@edengate.local' >> /root/.ssh/authorized_keys | ||
Change the autogenerated password: | Change the autogenerated password: | ||
Line 35: | Line 36: | ||
This will create a user with a random password that can do passwordless doas: | This will create a user with a random password that can do passwordless doas: | ||
− | useradd -m -g staff -L staff -c 'Aram Hăvărneanu' -s | + | useradd -m -g staff -L staff -G wheel -c 'Aram Hăvărneanu' -s /bin/ksh -p `jot -r -c 30 a z | rs -g0 0 30 | encrypt -b a` aram |
Enable passwordless doas for the staff group: | Enable passwordless doas for the staff group: | ||
Line 51: | Line 52: | ||
# as a user | # as a user | ||
mkdir -p .ssh | mkdir -p .ssh | ||
− | |||
echo 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJnkro8LT0TS+NTOIB787wfqIwv2VTmXXYsnsoVk71UE aram@horizon.local' >> .ssh/authorized_keys | echo 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJnkro8LT0TS+NTOIB787wfqIwv2VTmXXYsnsoVk71UE aram@horizon.local' >> .ssh/authorized_keys | ||
+ | echo 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIC8dcfsqZJWTNTCfATbD6WiZyWoK3AiihynONRjCrtMw aram@oceanic.local' >> .ssh/authorized_keys | ||
+ | echo 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIMRc0UWKrFpCv/EOUo2jpEQt+C/pa0tc1rUWKgjbKTp7 aram@edengate.local' >> .ssh/authorized_keys | ||
+ | chmod 700 .ssh | ||
+ | chmod 644 .ssh/authorized_keys |
Latest revision as of 15:34, 8 February 2023
Contents
Introduction
Everything on this page needs to be done as root, unless specified, so login as root, or su to root.
su -
Vultr.com
Vultr.com doesn't install ssh keys, you will need to log-in as root with the autogenerated password, then install your ssh key.
# As root echo 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJnkro8LT0TS+NTOIB787wfqIwv2VTmXXYsnsoVk71UE aram@horizon.local' >> /root/.ssh/authorized_keys echo 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIC8dcfsqZJWTNTCfATbD6WiZyWoK3AiihynONRjCrtMw aram@oceanic.local' >> /root/.ssh/authorized_keys echo 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIMRc0UWKrFpCv/EOUo2jpEQt+C/pa0tc1rUWKgjbKTp7 aram@edengate.local' >> /root/.ssh/authorized_keys
Change the autogenerated password:
usermod -p `jot -r -c 30 a z | rs -g0 0 30 | encrypt -b a` root
Set the hostname
echo 'freedom.mgk.ro' > /etc/myname
Update the software
echo 'https://cdn.openbsd.org/pub/OpenBSD' > /etc/installurl syspatch
Install basic software
pkg_add bash rsync
Create a user
This will create a user with a random password that can do passwordless doas:
useradd -m -g staff -L staff -G wheel -c 'Aram Hăvărneanu' -s /bin/ksh -p `jot -r -c 30 a z | rs -g0 0 30 | encrypt -b a` aram
Enable passwordless doas for the staff group:
cat <<EOF > /etc/doas.conf permit nopass :staff permit nopass keepenv root EOF
SSH
For ssh access, use su to switch from root to the user and then add ssh keys.
su - aram # as a user mkdir -p .ssh echo 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJnkro8LT0TS+NTOIB787wfqIwv2VTmXXYsnsoVk71UE aram@horizon.local' >> .ssh/authorized_keys echo 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIC8dcfsqZJWTNTCfATbD6WiZyWoK3AiihynONRjCrtMw aram@oceanic.local' >> .ssh/authorized_keys echo 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIMRc0UWKrFpCv/EOUo2jpEQt+C/pa0tc1rUWKgjbKTp7 aram@edengate.local' >> .ssh/authorized_keys chmod 700 .ssh chmod 644 .ssh/authorized_keys