How to Install OpenBSD: The Most Sophisticated OS

advanced operating systems bsd unix cli installation howto linux alternative open source os openbsd security focused os unix like systems

Abdullah Musa

August 04, 2025

How to Install OpenBSD: OpenBSD Installation Guide

In an era of increasing digital vulnerabilities, OpenBSD remains a masterclass in software engineering and proactive security. It is not just an operating system; it is a meticulously audited fortress that prioritizes correctness and cryptography above all else, making it the ultimate choice for those who refuse to compromise on system integrity.

Welcome to MusaBase! In today's article, I will guide you through installing one of the most sophisticated and secure operating systems in existence: OpenBSD. If you are looking for a minimal, highly audited, and rock-solid system for your server or desktop, this guide is for you.

While FreeBSD is known for performance and ZFS, OpenBSD is the gold standard for security and "correctness." If you have already explored my Debian Manual Guide or Arch Linux walkthrough, you will find OpenBSD's approach to simplicity refreshing. In this walkthrough, you will learn:

Downloading the latest official OpenBSD installation ISO
Creating a reliable bootable USB drive
Navigating the OpenBSD TUI installer with ease
Custom Disk Partitioning for maximum system flexibility
Step-by-step base system installation
Essential post-install configuration and system hardening

I have written this guide to be beginner-friendly yet technically complete, providing all the commands and explanations you need to master this secure environment. Without further ado, let's get started!

What is OpenBSD?

OpenBSD is a free and open-source Unix-like operating system designed with a strong focus on security and code correctness. Its specialty lies in portability, standardization, and robust secure infrastructure. OpenBSD is a community-driven OS, meaning it's built and maintained by a dedicated volunteer community that focuses on its security, simplicity, and consistency.

Capabilities that make OpenBSD unique

Security: OpenBSD's code base is clean and small, even smaller than Linux, meaning fewer places for bugs to hide, plus the community's developers audit the code constantly.
Control: When you install OpenBSD, it's a bare minimal system with nothing installed other than required system components. Everything in your OpenBSD system will only be installed if you explicitly allow it.
Pledge & Unveil:
- Pledge: restricts what a program can do, like opening files in a specific folder.
- Unveil: limits which files or directories a program can access.
Memory Armor: W^X ensures memory areas can't be both writable and executable, stopping many classic attacks. And on each boot, the kernel is rebuilt with randomized addresses so attackers can't predict where things are happening in memory.
One Toolbox for Everything: OpenBSD ships with built-in, well-integrated tools like:
- PF Firewall
- OpenSSH
- doas, a lighter alternative to sudo

Prerequisites

Before we begin, refer to the official OpenBSD Installation Guide for detailed configuration; make sure to double-check commands and steps if you encounter any issues. OpenBSD generally requires a minimum of 8 GB of disk space and 512 MB of RAM for a standard installation. However, for a fully-fledged system with a desktop or development environment on a modern release (like OpenBSD 7.x), the following requirements are recommended:

OpenBSD System Requirements

Processor: Any Intel or AMD x86-64 bit compatible or 32-bit processor. Faster x86-64 processors are recommended for resource-intensive tasks.
RAM: Minimum 512 MB, though more RAM significantly improves system performance.
Disk Space: At least 50 GB+ is recommended for a complete system with a graphical desktop environment.

Step 1: Download OpenBSD ISO & Create Bootable USB

1.1: Download OpenBSD ISO

Go to https://www.openbsd.org/faq/faq4.html#Download
To download the ISO image according to your PC's CPU architecture, click on the provided link (e.g., amd64 for modern Intel or AMD processors, or i386 for older 32-bit processors).
After the download is complete, you will have a similar file:

OpenBSD: Official download page showing ISO options for different architectures

OpenBSD: Downloaded ISO file in the file manager

1.2: Create a Bootable USB Stick

We can make the USB bootable with a couple of different methods, but here are the two most common methods:

1.2.1: Using Balena Etcher (GUI) on Windows/Mac/Linux

Download and install Balena Etcher.
Run Etcher.
Select your openBSD.iso file.
Choose your USB drive from Etcher.
Click Flash! and after a few minutes, your USB will be bootable with the OpenBSD ISO.

Balena Etcher: Main application interface for creating bootable USB drives

Balena Etcher: Selecting the OpenBSD ISO file

Balena Etcher: Choosing the target USB drive for flashing

Balena Etcher: Flashing process in progress with progress bar

1.2.2: Using dd (CLI) Method

Note: Be careful while using dd and selecting your USB drive, as dd will overwrite it.

Plug your USB drive into your PC.
Open a terminal and run the following command to identify your USB:

lsblk

Look for your USB (e.g., /dev/sdb or /dev/nvme0n1). Note the name for your USB drive.
Unmount the USB (if mounted) by running this command:

sudo umount /dev/sdX

Next, write the ISO to the USB by running the following command:

sudo dd if=/mnt/sdc1/Downloads/openBSD.iso of=/dev/sda bs=4M status=progress oflag=sync

After dd finishes writing the ISO to the USB, eject your USB by running this command:

sudo eject /dev/sdX

Step 2: Boot into OpenBSD Installation Environment

To boot into either the OpenBSD installer or an installed OpenBSD system, we must disable the Secure Boot option in the PC's UEFI/BIOS. OpenBSD's bootloader and system images are not signed with Microsoft or recognized keys, which means UEFI firmware will block them if Secure Boot is enabled.

Plug your OpenBSD bootable USB stick into your PC.
Reboot your PC.
While your PC is turning on, press F9, F10, F11, F12, ESC, or DEL key to open UEFI/BIOS settings.
Locate and disable Secure Boot and Fast Boot (if available) options (usually under the Security or Advanced Settings tab).
Save & Exit.
Next, again press F9, DEL, or ESC key to boot from your USB stick.
If everything goes right, then after a few seconds you will be greeted by the OpenBSD installer menu.
Press I or i to enter the OpenBSD installation.

⚠️ Ensure both Secure Boot and Fast Boot are disabled in UEFI settings.

OpenBSD: Installation menu prompt asking to press 'i' to begin installation

Step 3: Initial OpenBSD Setup

When we begin the OpenBSD installation, we need to configure Keyboard layout, Hostname, Network, Root Password, Enabling Support for Desktop Environment, Shell, and Adding User, etc. These configurations are really simple; we just need to choose from the given options.

3.1: Set Keyboard Layout

A Keyboard layout is the software mapping that tells the OS how to translate each physical key-press. To be more precise, the layout is responsible for showing characters when we press a key; it doesn't matter what is printed on our keyboard's keycaps. It controls what letters, numbers, or symbols are generated, including accents for typing in different languages.

By default, OpenBSD has the *us* or US QWERTY layout chosen.
If you are comfortable with the *us* layout, then press ENTER.
If you want to change the layout, then press l or L and press ENTER to list available OpenBSD keyboard layouts.

OpenBSD: List of available keyboard layouts for selection

Next, type your preferred layout (e.g., fr for French or de for German keyboard layout) and press ENTER.
I'm leaving this option at default and heading to the next step.

3.2: System Hostname

Hostname is just a name that we give to our device so it can be identified by that name. It's a human-readable label (e.g., foo or lap01) that helps others on the network recognize and address our box without needing its IP address.

To set a hostname, just type a simple name and press ENTER.
I'm giving my machine the musabase01 name.

OpenBSD: Setting hostname for the system during installation

3.3: Network Configuration

Next, we need to configure the network. In this step, we can configure different options for IPv4 with DNS configuration and optional IPv6 setup. These configurations ensure the OpenBSD installer downloads system sets over HTTP and also equip our OpenBSD system to connect to the internet or local network after installation.

The OpenBSD installer lists the available network interfaces to choose from automatically.
By default, our first connected physical ethernet card is selected by the OpenBSD installer.
If you want to change the network interface, then type the interface name and press ENTER.
I'm choosing the default one, em0.

OpenBSD: Available network interfaces detected by the installer

OpenBSD: Selecting physical ethernet card for network configuration

Next, for the IPv4 address configuration on em0, press ENTER to select [ autoconf ] for automatic assignment.
If you prefer a static setup, type your custom IPv4 address (e.g., 192.168.1.50) and press ENTER.
For IPv6, you can leave it empty by pressing ENTER, or provide a custom IPv6 address (e.g., 2606:4700:4700::1111) and press ENTER.
The OpenBSD installer will then ask if you'd like to configure more interfaces; select [ done ] to finalize your network settings.
By default, [ done ] is pre-selected; simply press ENTER to proceed to the next step.

OpenBSD: Configuring IPv4 address for network interface

OpenBSD: Configuring IPv6 address for network interface

OpenBSD: Network interface configuration completed

OpenBSD: Network configuration process completed successfully

3.4: Root Password

Here we can set a password for root access.
Enter and re-enter the password for your root account.

OpenBSD: Setting root password during installation

3.5: Configure Shell sshd

Next, we have the option to start the sshd(8) with OpenBSD boot.
By default, the selected choice is [ yes ]; press ENTER to enable the sshd daemon for your system.
If you don't want this for your system, you can simply type no and press ENTER to continue.

OpenBSD: Option to start sshd daemon at every boot

Uses of SSHD

Accepts remote SSH connections.
Authenticates users with passwords, public keys, etc.
Starts a shell session and can execute commands remotely.

3.6: Configure X11 for Desktop Environment Support

Next, the installer will ask if we want support for running a desktop environment on our OpenBSD system.
If you are planning on installing a desktop environment like KDE Plasma or GNOME, etc., then press ENTER to confirm enabling this option.
Then, on the very next prompt, the OpenBSD installer will ask for enabling xenodm.
By default, this option is selected as [ no ]. You can type yes and press ENTER to enable xenodm as your system's display manager.
If you don't want xenodm, then just press ENTER to leave this option disabled and continue to the next step. For my system, I'm also choosing to disable xenodm at the moment.

OpenBSD: Enabling X11/X Window System support for desktop environments

OpenBSD: Prompt for enabling xenodm display manager

The X Window System or X11 is the graphical display system that enables the foundational layer for building and running graphical environments.
XENODM is OpenBSD's default display manager; it launches the X Window System and executes the ~/.xsession file.

3.7: Configure Serial Console Access or com0

Next, we have the option to either leave com0 disabled, which is already disabled by default. Press ENTER to leave this option disabled.
Or, if you're planning to run a server on your OpenBSD system, then type yes and press ENTER.

OpenBSD: Configuring com0 serial console access option

COM0 is typically used for serial console access, which allows an OpenBSD system to be used without any display or monitor. It is mostly useful for servers, headless systems, or remote diagnostics.

3.8: Adding User

Next, we can add our user for our OpenBSD system.
On the prompt "Setup a user? (enter a lower-case loginname, or 'no') [no]", simply type the username you want for your user (e.g., musabase) and press ENTER.
Next, on the prompt for Full name for user username?, type any full name or leave this prompt empty and press ENTER to continue.

OpenBSD: Adding a new user by typing username

OpenBSD: Adding full name for the new user (optional)

3.8.1: Set User Password

Next, we can set a password for our user.
Enter and re-enter the password for your user.

OpenBSD: Setting password for the new user

3.9: Configure Root SSH Login

Next, the installer will prompt for allowing your root user to log in through SSH.
By default, the option is already disabled; press ENTER to leave this option disabled.

OpenBSD: Disabling root SSH login for security

3.10: Configure Timezone

Next, if you have an internet connection to your PC or laptop, then the OpenBSD installer will automatically detect your Timezone and show you the selected timezone.
If the installer selected the correct timezone (like for me, [Asia/Karachi]), then press ENTER to continue.

OpenBSD: Timezone configuration detected automatically

If the installer detected the wrong timezone, then type ? and press ENTER, and it will show the list of all available timezones.
Here, type your region or continent (e.g., America) and press ENTER.
Next, the installer will ask for a sub-timezone or state/city.
If you're not sure about your sub-timezone, then type ? and press ENTER, and it will show all available cities/states in your selected region/country.
Now, type your state/city and press ENTER, and your timezone will be changed.

OpenBSD: List of all available timezone regions

OpenBSD: Available timezone options under Asia region

OpenBSD: Available cities/states under selected timezone region

Step 4: Disk Partitioning

In this step, I have covered both automatic and manual disk partitioning. Just a heads up: if you go with the auto-partition method, the installer may erase all your previous data on the disk. But on the other hand, manual partitioning gives us full control over every aspect of your hard drive.

4.1: Choose Hard-disk for Partition

On this step, the OpenBSD installer will show available disks (e.g., wd0, wd1, etc.) to install OpenBSD OS files.
By default, the installer will select the first connected hard disk.
If you are okay with the selected disk, then press ENTER to continue, or type ? to view available connected hard disks.
To select a different disk, simply type the name of the disk (e.g., wd1) and press ENTER.
Since I'm installing OpenBSD on a VM for servers and mostly testing, I am okay with the default selected drive.

OpenBSD: Selecting root hard disk to install base system

OpenBSD: Available connected hard disks for installation

4.2: Hard-disk Encryption

Next, the OpenBSD installer will ask to encrypt the selected hard disk.
It's a personal preference; I'm okay without any encryption. But you can choose to set a password or encryption key for your hard disk by typing p and pressing ENTER.

OpenBSD: Option to enable encryption for the hard disk

4.3: Hard-disk Partitioning

Next, we need to initialize our hard disk with either MBR or GPT.
By default, the OpenBSD installer selects the MBR partition label. The MBR disk label is usually for legacy or BIOS firmware PCs, and GPT is typically used on modern PCs that use UEFI firmware.
For this guide, I'm going with the MBR disk partition label; it is supported on almost every UEFI firmware PC, and with this label, we won't have to manually create and mount an ESP partition, which is required for UEFI systems.
Type W and press ENTER to use the whole disk as an MBR-labeled filesystem.
After selecting whole disk for MBR, the OpenBSD installer will show automatically created necessary and optional partitions on the hard disk and ask you to either confirm these automatically created partitions by pressing ENTER, or press E to edit the partition layout, or C to create a custom layout.
If you're okay with the auto-created partitions, then press ENTER; if not, then type C and press ENTER to create custom partitions.

OpenBSD: Selecting whole disk for MBR partitioning

OpenBSD: Auto-created partitions layout for MBR disk

4.3.1: Custom Partition

To create custom partitions, type C and press ENTER.
The OpenBSD installer will open its disk partitioning tool called disklabel.

OpenBSD: Command to open disklabel custom partitioning tool

OpenBSD: disklabel partitioning tool interface

4.3.1.1: Create Root Partition

For custom partitions in disklabel, we can use commands to add and mount partitions.
Do the following to create and mount the root partition:

a a  #press ENTER
offset: [64] #leave empty by pressing ENTER
size: [83886016] 25G #press ENTER
FS type: [4.2BSD] #leave empty by pressing ENTER
mount point: [none] / #press ENTER

OpenBSD: Creating and mounting custom root partition in disklabel

4.3.1.2: Create Swap Partition

To create a swap partition, do the following:

a b #press ENTER
offset: [52436160] #leave this empty by pressing ENTER
size: [31449920] 8G #press ENTER
FS type: [swap] #leave this empty by pressing ENTER

OpenBSD disklabel tool interface showing the creation of a swap partition.

4.3.1.3: Create /home Partition

Now, the /home partition or any other partition (e.g., /tmp, /var, /usr, etc.) will be created in a similar fashion as the /home partition:

a d #press ENTER
offset: [69224085] #leave empty by pressing ENTER
size: [14661995] * #(*) means use the remaining available disk space, press ENTER
FS type: [4.2BSD] #leave empty by pressing ENTER
mount point: [none] /home #press ENTER

OpenBSD disklabel tool interface showing the creation of the /home partition using remaining disk space.

Note: Don't use the * sign for the /home partition if you're planning on creating more partitions. The * sign tells the disklabel tool to use the remaining available space for the /home partition.
If you want to create separate partitions like /tmp, /usr, /var, etc., you can do it the same way as you did for the /home partition. You just need to change the label, allocation space, and mount point like this:
a e
offset: [2151851]
size: [125451651] 2G
FS type: [4.2BSD]
mount point: [none] /var

a f
offset: [2151851]
size: [125451651] 2G
FS type: [4.2BSD]
mount point: [none] /usr

a g
offset: [2151851]
size: [125451651] 2G
FS type: [4.2BSD]
mount point: [none] /tmp
Note: Never use a c to add and label a new partition, because the c label is handled automatically by the OpenBSD system.

4.3.1.4: Confirm & Exit

Next, type p and press ENTER to print out the partition layout.
If your partition layout is correct, then write or save the changes by typing w and pressing ENTER. Next, to exit the disklabel tool, type q and press ENTER.
If everything went right, the OpenBSD installer will detect the partitions and start to write the changes for partitions.

OpenBSD disklabel tool showing a printed view (p command) of the custom partition table layout.

OpenBSD disklabel tool showing the write command (w) to save the custom partition layout to disk.

OpenBSD installer acknowledging the written partition changes and exiting the disklabel tool (q command).

Step 5: Installing Base OpenBSD System Files

After creating the partitions, the OpenBSD installer will ask for the location of the base system files.
By default, it will select the first cd device or usb device called cd0.
Press ENTER to continue.
On the next prompt, if [7.7/amd64] is mentioned, press ENTER. If not, then you need to enter cd1 or http to get the base system files.
The installer will print all files that are going to be installed in your system (e.g., bsd, base77.tgz, game77.tgz, etc.), and by default, the OpenBSD installer will install all files we can see here.
Press ENTER to confirm the installation of all files because these are all somewhat necessary.

OpenBSD installer prompt asking for the location of the installation sets (e.g., cd0, cd1, http).

OpenBSD installer showing the path to the sets for version 7.7 on amd64 architecture.

OpenBSD installer listing all available file sets (base, comp, game, etc.) for installation.

Next, the installer will ask for verification of the checksum of the ISO file for OpenBSD.
We don't necessarily need to do the verification, as we just downloaded the ISO from the official website.
Type yes and press ENTER.

OpenBSD installer prompt asking if the user wants to verify the sets using the SHA256.sig file.

After skipping the checksum verification, the installer will automatically start to install the base system files to the hard disk.

OpenBSD installer showing the initial progress of extracting and installing the base system file sets.

OpenBSD installer continuing the extraction and installation of the remaining system file sets (comp, man, game, etc.).

After the base system files are installed, the OpenBSD installer will ask for the location of the sets files again.
By default, the [done] option is selected, so just press ENTER.
Next, the installer will write some additional information, and after a few seconds, it will prompt for a reboot of the system.
The reboot option is selected by default, so press ENTER. Otherwise, type reboot and press ENTER.
The PC will reboot and boot us into the installed OpenBSD system.

OpenBSD installer showing the completion message after successfully installing all base system files.

Final OpenBSD installer prompt asking the user to reboot the system to complete the installation.

Step 6: OpenBSD First Boot & Base System Configurations

After rebooting the system, our PC will boot into our installed OpenBSD system.
After loading the system files, it will ask us to log in.
Enter your username, then your user's password that you created during installation, and you are in your installed OpenBSD system.

OpenBSD system booted to the command line login prompt, ready for user authentication.

6.1: Base System Configuration

Now that we are in our installed OpenBSD system, we can do some first boot configurations. This includes adding the user to the wheel group, installing and configuring sudo and also doas, a lightweight alternative to sudo, in addition to installing nano, a simple command line text editor. But before we do anything, we need root or super user access. Since we are logged in as our user and our user doesn't have elevated permissions at the moment, we'll change from normal user to super user.

6.1.2: Change User to Root

To change user from normal to super user, simply run:

su

The system will ask for your root password. Enter the root password that we created during installation.

OpenBSD command line showing a normal user executing the 'su' command to switch to root.

OpenBSD command line showing a successful switch to the root user, indicated by the '#' prompt and changed hostname.

6.1.3: Install sudo & nano

Now that we have root access, we can simply perform any task without worrying about elevated permissions.
To install sudo and nano, simply run:

pkg_add sudo nano

After a few seconds of fetching and extracting packages, the package manager will ask for choosing from given sudo variants. Type 1 and press ENTER.

OpenBSD package manager (pkg_add) starting the installation of the 'sudo' and 'nano' packages.

OpenBSD package manager prompting the user to choose a 'sudo' package variant (1: sudo-1.9.15.4).

OpenBSD package manager showing successful installation completion messages for 'nano' and 'sudo' packages.

6.1.4: Configuring doas & sudo

By configuring doas and sudo, we can perform elevated tasks with a normal user.
To configure doas, simply run:

nano /etc/doas.conf

The command will create a new file named doas.conf.
In this file, we can define permissions for groups or users by adding this line:

permit nopass keepenv :wheel

Then press CTRL + O to save the changes, press ENTER to apply the changes, and then press CTRL + X to exit the file.

OpenBSD command line: using the nano editor to create and open the /etc/doas.conf file.

Nano editor showing the empty /etc/doas.conf file with a bottom menu bar.

Nano editor showing the /etc/doas.conf file with the added line 'permit nopass keepenv :wheel'.

Next, we'll configure the sudo file named visudo.
Do the following:

export EDITOR=/usr/local/bin/nano
visudo

The export command will make the visudo command use nano as its default editor.
The visudo command will open the sudoers file in nano.

OpenBSD command line: setting the EDITOR environment variable to nano and then running visudo.

Nano editor showing the opened sudoers file (via visudo) with system instructions and comments.

In the sudoers file, navigate to the bottom with the keyboard's down arrow key.
Look for a line that contains:

# %wheel   ALL=(ALL) SETENV: ALL

Remove the # from the start of the line.

%wheel   ALL=(ALL) SETENV: ALL

Next, press CTRL + O to save the changes, press ENTER to apply the changes, and then press CTRL + X to exit the file.

Nano editor showing the sudoers file with the cursor on the '# %wheel ALL=(ALL) SETENV: ALL' line.

Nano editor showing the sudoers file after uncommenting the '%wheel ALL=(ALL) SETENV: ALL' line.

6.1.5: Add User to wheel Group

Now that all the configurations for the wheel group are done, we can add our user (or users) to this group.
Run the following command:

usermod -G wheel musabase

OpenBSD command line: using the usermod command to add the user 'musabase' to the 'wheel' group.

Now, we can perform root access tasks with our user.
Run:

exit

It will exit you from the root shell to your user shell.

OpenBSD command line: root user (# prompt) executing the 'exit' command to leave the root shell.

OpenBSD command line: successfully returned to the normal user shell ($ prompt) after exiting root.

6.1.6: Update System

Now that we can perform elevated permission required tasks from our user, let's update the system with our user shell.
Run:

sudo syspatch
#or
doas syspatch

It will ask you for your user's password.
Enter the password for your user that you created during the installation.

OpenBSD command line: normal user executing 'sudo syspatch' to check for and apply system updates.

OpenBSD sudo prompt asking for the user's password to authorize the syspatch command.

OpenBSD syspatch tool fetching, extracting, and installing available system patches.

OpenBSD syspatch completion message indicating updates were installed successfully, prompting a reboot.

After the update is complete, reboot the system with:

sudo reboot
#or
doas reboot

After the reboot, the system will apply new changes from the updates.

🎉 Congratulations! Your OpenBSD system is now up and running!

You have successfully installed and configured one of the most secure operating systems in the world. Whether you plan to use it as a rock-solid server or a minimal workstation, you now have a foundation built on proactive security and clean code. Now, it is time to enhance your experience with a graphical environment.

What's Next?

🌟 KDE Plasma: Transform your terminal into a modern workstation by following my guide on installing KDE Plasma on OpenBSD.

🎨 GNOME Desktop: If you prefer a sleek and polished interface, check out how to install GNOME on OpenBSD.

⚡ XFCE Environment: Looking for speed and simplicity? See my walkthrough on how to install XFCE on OpenBSD.

🛠️ Support & Feedback: OpenBSD has a unique approach to hardware and drivers. If you hit any snags or configuration issues, please let me know in the comments below, and I will be happy to help.

If this guide helped you master the art of secure computing, subscribe to our newsletter for more advanced BSD and Linux tutorials.
101 out, I’ll see you in the next one! 🚀

Abdullah Musa August 04, 2025

How to Install OpenBSD: The Most Sophisticated OS