How to Install OpenBSD: The Most Sophisticated OS

How to Install OpenBSD: The Most Sophisticated OS

BSD Guide Installation OpenBSD Walkthrough

Abdullah Musa

August 04, 2025

Hello everyone, and welcome to MusaBase! In today's article, I'll guide you through installing the most sophisticated operating system called OpenBSD. If you are looking for secure and minimal maintained server system to install on you PC, this guide is for you. In this walkthrough, you will learn:

• Downloading the latest OpenBSD installation ISO
• Creating a bootable USB stick
• Booting into OpenBSD installer
• Installing OpenBSD through its TUI with ease
• Custom Disk Partitioning for flexibility
• Installed System configuration

I've written this guide to be a beginner-friendly but technically complete with all the commands, screenshots, and explanations you'll need. So without further ado, lets get started!

---

Table of Contents:

• What is OpenBSD?
• Prerequisites
• Step 1: Download OpenBSD ISO & Create Bootable USB
• Step 2: Boot into OpenBSD Installation Environment
• Step 3: Initial OpenBSD Setup
• Step 4: Disk Partitioning
• Step 5: Installing Base OpenBSD System Files
• Step 6: OpenBSD First Boot & Base System Configurations
• Aferwards

---

What is OpenBSD?

OpenBSD is a fee and open-source Unix-like operating system designed for strong focus on security and code correctness. It's speciality lies in portability, standardization, and robust secure infrastrcuture. OpenBSD is a community-driven OS, meaning it's built and maintained by a dedicated volunteer community that focuses on its security, simplicity, and consistency.

Capabilities that make OpenBSD unique

• Security: OpenBSD code base is clean and small, even smaller than Linux, meaning fewer places for bugs to hide, plus community's developers audit the code constantly.
• Control: When you install OpenBSD, its a bare minimal system with nothing installed other then required system components, everything in your OpenBSD system will only install if you explicitly allow it.
• Pledge & Unveil:
  • Pledge: restricts what a program can do, like opening files in a specific folder.
  • Unveil: limits which files or directories a program can access.
• Memory Armor: W^X ensures memory areas can't be both writable and executable, stopping many classic attacks. And on each boot, the kernel is rebuilt with randomized addresses so attackers can't predict where things are happening in memory.
• One Tool box for everything: OpenBSD ships with buitl-in, well-integrated tools like:
  • PF Firewall
  • OpenSSH
  • doas a lighter alternative to sudo

---

Prerequisites

Before we begin, refer to OpenBSD Installation guide for installation and configuration, make sure to double-check commands and steps if you encounter any issue. OpenBSD generally requires a minimum of 8GB of disk space and 512MB of RAM for a standard installation, but advanced users may be able to install it with as little as 512MB of disk space and 32MB of RAM. Below are system specs for a fully fledged OpenBSD with Dektop or Development Environment on a modern release like (OpenBSD 7.x).

OpenBSD System Requirements

• Processor: Any Intel or AMD x86-64-bit compatiable and 32-bit. Though faster processors (x86-64) processors are recommended for resource-intensive tasks.
• RAM: Minimum 512MB but the more RAM the more performance.
• Hard-disk: For a fully fledged with Desktop environment, +50GB recommended.

---

Step 1: Download OpenBSD ISO & Create Bootable USB

1.1: Download OpenBSD ISO

• Go to https://www.openbsd.org/faq/faq4.html#Download
• To Download the ISO image according to your PC'c CPU architecture, click on the provided link. (e.g., amd64 (for Modern Intel or AMD Processors) or i386 (for older 32-bit Processors).
• After the download is complete you would have similar file:

1.2: Create a Bootable USB Stick

We can make the USB bootable with couple of different methods but here are two most unique methods:

1.2.1: Using Balena Etcher (GUI) on Windows/Mac/Linux

• Download and install Balena Etcher.
• Run Etcher.
• Select your openBSD.iso file.
• Choose your USB drive from Etcher.
• Click Flash! and after a few minutes your USB will be booted with OpenBSD ISO.

1.2.2: Using dd (CLI) Method

Note: Be careful while using dd and selecting your USB drive as dd will overwrite it.

• Plug your USB drive into your PC.
• Open terminal and run the following command to identify your USB:

lsblk

• Look for your USB (e.g., /dev/sdb or /dev/nvme0n1)). Note the name for your USB drive.
• Unmount the USB (if mounted) by running this command:

sudo umount /dev/sdX

Note: Replace X with your USB device (e.g, sdb1).

• Next, write the ISO to USB by running the following command:

sudo dd if=/mnt/sdc1/Downloads/openBSD.iso of=/dev/sda bs=4M status=progress oflag=sync

Note: Replace the /mnt/sdc1/Downloads/openBSD.iso and /dev/sda with your actual path where the openBSD.iso is located and to your USB.

• if=: Input file (ISO path).
• of=: Output device (USB).
• bs=4M: Block size for faster writing.
• status=progress: Shows progress.
• oflag=sync: Ensures data is written properly.

• After dd finishes writing ISO to USB, eject your USB by running this command:

sudo eject /dev/sdX

⚠️ Warning: Using dd incorrectly can overwrite your hard disl. Double-check if= and of= before executing.

---

Step 2: Boot into OpenBSD Installation Environment

To boot into either the OpenBSD installer or installed OpenBSD system we must disable the Secure Boot option in PC's UEFI/BIOS. OpenBSD's bootloader and system images are not signed with Mircosoft or recognized keys, which means UEFI firmware will block them if Secure Boot is enabled.

• Plug your OpenBSD booted USB stick to your PC.
• Reboot your PC.
• While your PC is turning on press F9, F10, F11, F12, ESC, or DEL key to open UEFI/BIOS settings.
• Locate and disable Secure Boot and Fast Boot (if available) option (Usually its under Security or Advanced Settings tab).
• Save & Exit.
• Next, again press F9, DEL, or ESC key to boot from your USB stick.
• If everthing goes right then after a few seconds you would be greeted by OpenBSD installer menu.
• Press I or i to enter into OpenBSD Installation.

⚠️ Ensure both Secure Boot and Fast Boot are disabled in UEFI settings.

---

Step 3: Initial OpenBSD Setup

When we begin the OpenBSD installation, we need to configure Keyboard layout, Hostname, and Network, Root Password, Enabling Support for Desktop Environment, Shell, and Adding User, etc. These configurations are really simple we just need to choose from given options.

3.1: Set Keyboard Layout

A Keyboard layout is the software mapping that tells the OS how to translate each physical key-press. To be more precise layout is responsible for showing characters when we press a key, it doesn't matter what printed on our keyboard's keycap. It controls what letters, numbers or symbols are generated, including accents for typing in different languages.

• By default, OpenBSD has *us* or US QWERTY layout is choosen.
• If you are comfortable with the *us* layout, then press ENTER.
• If you want to change the layout then press l or L and press ENTER to list available OpenBSD's keyboard layouts.

• Next type your preferred layout (e.g., fr for French or de for German Keyboard layout) and press ENTER.
• I'm leaving this option to default and heading to next step.

3.2: System Hostname

Hostname is just a name that we give to our device so it can be identified by the name. Its a human-readable label (e.g., foo or lap01) helps others on the network recognize and address our box without needing its IP address.

• To set hostname, just type a simple name and press ENTER.
• I'm giving my machine musabase01 name.

3.3: Network Configuration

Next, we need to configure the network. In this step, we can configure different options for IPV4 with DNS configuration and optional IPV6 setup. These configurations ensures the OpenBSD installer download system sets over HTTP and also equips our OpenBSD system to connect to the internet or local network after installation.

• The OpenBSD installer list out the available network interfaces to choose from automatically.
• By default our first connected physical ethernet card is selected by OpenBSD installer.
• If you want to to change the network interface then, type the interface name and press ENTER.
• I'm choosing the default one em0.

• Next, for ipv4 address for em0 option, press ENTER for [ autoconf ].
• If you want to create your custom ipv4 address then type your custom address (e.g., 2606:4700:4700::1111) and press ENTER.
• Next, for ipv6 we can leave this empty by press ENTER or we can type the custom ipv6 address here (e.g, 2606:4700:4700::1001) and press ENTER.
• Next, the OpenBSD installer will ask to configure the network interface again and gives us the option [ done ] to let the installer know that we are done with the configuration and ready to go to next step.
• By default [ done ] is selected by the installer, press ENTER to continue.

3.4: Root Password

• Here we can set password for root access.
• Enter and re-enter password for your root.

3.5: Configure Shell sshd

• Next, we have the option to start the sshd(8) with OpenBSD boot.
• Be default, the selected choice is [ yes ], press ENTER enable sshd daemon for your system.
• If you don't want this for your system, you can simply type no and press ENTER to continue.

Uses of SSDH

• Accepts remote SSH connections.
• Authenticates users with passwords, public keys, etc.
• Starts a shell session and can executes commands remotely.

3.6: Configure X11 for Desktop Environment Support

• Next, the installer will ask, if we want the support for running a Desktop Environment on our OpenBSD system.
• If you are planning on installing a desktop environmnet like KDE Plasma or GNOME, etc. Then press ENTER to confirm to enable this option.
• Then on the very next prompt, the OpenBSD installer will ask for enabling the xenodm.
• By default this option is selected as [ no ]. You can type yes and press ENTER to enable xenodm as your system's display manager.
• If you don't want xenodm then just press ENTER to leave this options disable and continue to next step. For my system, I'm also choosing to disable the xenodm at the moment.

The X Window System or X11 is the graphical display system that enables the fundational layer for building and running graphical environments.
XENODM is OpenBSD's default display manager, it launches the X Window System and executes ~/.xsession file.

3.7: Configure Serial Console Access or com0

• Next, we have the option to either leave the com0 disable, which is already disabled by default. Press ENTER to leave this option disabled.
• Or if you're planning to run a server on your OpenBSD system then type yes and press ENTER.

COM0 is typically used for serial console access, which allows OpenBSD system to be used without any display or monitor. It is mostly useful for servers, headless system or remote diagnostics.

3.8: Adding User

• Next, we can add our user for our OpenBSD system.
• On the prompt "Setup a user? (enter a lower-case loginname, or 'no') [no]". Simply type the username you want for your user (e.g., musabase) and press ENTER.
• Next, on the prompt for Full nqame for user username?, type any full name and or leave this prompt empty and ENTER to continue.

3.8.1: Set User Password

• Next, we can set password for our user.
• Enter and re-enter password for your user.

3.9: Configure Root SSH Login

• Next, the installer will prompt for allowing your root user to login through SSH.
• Be default, the option is already disable, press ENTER to leave this option disabled.

3.10: Configure Timezone

• Next, if you have internet connected to your PC or Laptop then, the OpenBSD installer will automatically detect your Timezone and show you the selected timezone.
• If the installer selected Timezone is correct (like for me [Asia/Karachi]) then press ENTER to continue.

• If the installer detected the wrong timezone, then type ? and press ENTER and it will show the list of all available timezones.
• Here type your region or continent (e.g., America) and press ENTER.
• Next, the installer will ask for sub-timezone or state/city.
• If you're not sure about your sub-timezone, then type ? and press ENTER and it will show all available Cities/States in your selected Region/Country.
• Now, type your state/city and press ENTER and your timezone will be changed.

---

Step 4: Disk Partitioning

4.1: Choose Hard-disk for Partition

• On this step, the OpenBSD installer will show available disk (e.g., wd0, wd1, etc), to install OpenBSD OS files.
• By default, the installer will select the first connected hard-disk.
• If you are okay with the selected disk then press ENTER to continue or type ? to view available connected hard-disk.
• To select a different disk, simply type the name of the disk (e.g., wd1) and press ENTER.
• Since i'm installing OpenBSD on a VM for servers and mostly testing i am okay with the default selected drive.

4.2: Hard-disk Encryption

• Next, OpenBSD installer will ask to encrypt the selected hard-disk.
• Its a personal preference, i'm okay without any encryption. But you can choose to set password or encryption key for your hard-disk by typing p and pressing ENTER.

4.3: Hard-disk Partitioning

• Next, we need to initialize our hard-disk with either MBR or GPT.
• By default, the OpenBSD installer selects the MBR partition label. The MBR disk label is usually for legacy or BIOS firmware PCs, and GPT is typically used on modern PCs that uses UEFI firmware.
• For this guide i'm going with the MBR disk partition label, it is supported on almost every UEFI firmware PCs and with this label we won't have to manually create and mount an ESP partition which is required for UEFI systems.
• Type W and press ENTER to use whole disk as MBR labeled filesystem.
• After selecting whole disk for MBR, the OpenBSD installer will show a automatically created necessary and optional partitions on the hard-disk and ask you to either confirm these automatically created partitions by pressing ENTER or press E to edit the partitions layout, C to create custom layout.
• If you're okay with the auto created partitions then press ENTER, if not then type C and press ENTER to create custom partitions.

4.3.1: Custom Partition

• To create custom partitions, type C and press ENTER.
• The OpenBSD installer will open its disk partitioning tool called disklabel.

4.3.1.1: Create Root Partition

• For custom partitions in disklabel, we can use commands to add and mount partitions.
• Do the following to create and mount the root partition:

a a  #press ENTER
offset: [64] #leave empty by pressing ENTER
size: [83886016] 25G #press ENTER
FS type: [4.2BSD] #leave empty by pressing ENTER
mount point: [none] / #press ENTER

• a a: The first a adds a new partition to the disk and the second a label the partition as a (a is always ysed for root /).
• offset: [64]: Just press ENTER, we don't need to fill this field. Offset is where the partition starts in disk sectors.
• size: [8.886016] 25G: Here i define the space allocation that i want to give my root partition. Adjust this size as needed.
• FS type: [4.2BSD]: Just press ENTER, we don't need to fill this field. Its a Filesystem type for OpenBSD.
• mount point: [none] /: Here we tell the disklabel the mountpoint for our root partition. Which is /.

4.3.1.2: Create Swap Partition

• To create swap partition, do the following:

a b #press ENTER
offset: [52436160] #leave this empty by pressing ENTER
size: [31449920] 8G #press ENTER
FS type: [swap] #leave this empty by pressing ENTER

Note: Adjust the size for your swap partition as needed.

4.3.1.3: Create /home Partition

• Now for /home partition or any other partition (e.g., /tmp, /var, /usr, etc) will be created in the similar fashion as /home partiton:

a d #press ENTER
offset: [69224085] #leave empty by pressing ENTER
size: [14661995] * #(*) means use the remaning available disk space, press ENTER
FS type: [4.2BSD] #leave empty by pressing ENTER
mount point: [none] /home #press ENTER

Note: Don't use * sign for /home partition if you're planning on creating more partitions. The * sign tells the disklabel tool to use the remaning available space for the /home partition.
If you want to create separate partitions like /tmp, /usr, /var, etc. Then you can do it the same as you did for /home partition. You just need to change the label, allocation space and mountpoint like this:

a e
offset: [2151851]
size: [125451651] 2G
FS type: [4.2BSD]
mount point: [none] /var

a f
offset: [2151851]
size: [125451651] 2G
FS type: [4.2BSD]
mount point: [none] /usr

a g
offset: [2151851]
size: [125451651] 2G
FS type: [4.2BSD]
mount point: [none] /tmp

Note: Never user a c to add and label new partition, because the c label is handeled automatically by OpenBSD system.

4.3.1.4: Confirm & Exit

• Next, type p and press ENTER to print out the partition layout.
• If your partition is correct, then write or save the changes by typing w and pressing ENTER. Next, to exit the disklabel tool type q and press ENTER.
• If everything went right, the OpenBSD installer will detects the partitions and start to write the changes for partitions.

---

Step 5: Installing Base OpenBSD System Files

• After creating the partitions, the OpenBSD installer will ask for the location of base system files.
• By default, it will select the first cd device or usb device called cd0.
• Press ENTER to continue.
• On the next prompt, if [7.7/amd64] is mentioned, press ENTER, if not then you need to enter cd1 or http to get the base system files.
• The installer will print all files that are going to install in your system (e.g., bsd, base77.tgz, game77.tgz, etc) and by default, the OpenBSD installer will install all files we can see here.
• Press ETNER to confirm the installation of all files becuase these all are somw what necessary.

• Next, the installer will ask for verification of checksum of the ISO file for OpenBSD.
• We don't necessarily need to do the verification, we just downloaded the ISO from official website.
• Type yes and press ENTER.

• After skipping the checksum verification the installer will automatically start to install the base system files to hard-disk.

• After the base system files are installed, the OpenBSD installer will ask for location of sets files again.
• By default [done] option is selected so just press ENTER.
• Next, installer will write some additional information and after a few seconds it will prompt for reboot the system.
• Reboot option is selected by default so press ENTER otherwise tpye reboot and press ENTER.
• The PC will reboot and boot us into the installed OpenBSD System.

---

Step 6: OpenBSD First Boot & Base System Configurations

• After rebooting the system, our PC will boot into our installed OpenBSD system.
• After loading the system files it will ask us to login.
• Enter your username then your user's password that you created during installation and you are in your installed OpenBSD system.

6.1: Base System Configuration

Now that we are in our installed OpenBSD system, we can do some first boot configurations. This includes adding user to wheel group, installing and configuring sudo and also doas an lightweight alternatice to sudo with addition to installing nano a simple command line text editor. But before we do anything we need root or super user access. Since we are logged in as our user and our user don't have elevated permissions at the moment, we'll change from normal user to super user.

6.1.2: Change User to Root

• To change user from normal to super user simply run:

su

• The system will ask for your root password, enter the root password that we created during installation.

When we change from normal user to root or super user, the shell changes from $ to #. This indicates that now we are operating as root.
In Simpler terms, $ is for user shell.
And # is for root shell.

6.1.3: Install sudo & nano

• Now that we have root access, we can simply perform any task with out worrying about elevated permissions.
• To install sudo and nano, simply run:

pkg_add sudo nano

• After a few seconds of fetching and extracting packages, the pacakge manager will ask for choosing from given sudo variants, type 1 and press ENTER.

6.1.4: Configuring doas & sudo

• By configuring doas and sudo, we can perform elevated tasks with normal user.
• To configure doas simply run:

nano /etc/doas.conf

• The command will create a new file named doas.conf.
• In this file we can define permissions for groups or users, by adding this line:

permit nopass keepenv :wheel

• Then press CTRL + O to save the changes and press ENTER to apply the changes, then press CTRL + X to exit the file.

• Next, we'll configure sudo file named visudo.
• Do the following:

export EDITOR=/usr/local/bin/nano
visudo

• The export command will make the visudo file to use nano as its default editor.
• The visudo command will open a sudoers in nano.

• In the sudoers file, navigate to bottom with keyboard's down () key.
• Look for a line that contains:

# %wheel   ALL=(ALL) SETENV: ALL

• Remove the # from the start of the line.

%wheel   ALL=(ALL) SETENV: ALL

• Next, press CTRL + O to save the changes and press ENTER to apply the changes, then press CTRL + X to exit the file.

6.1.5: Add User to wheel Group

• Now that all the configurations for wheel group is done, we can add our user or users to this group.
• Run the following command:

usermod -G wheel musabase

• Now, we can perform root access tasks with our user.
• Run:

exit

• It will exit you from root shell to your user shell.

6.1.6: Update System

• Now that we can perform elevated permission required task from our user, lets update the system with user shell.
• Run:

sudo syspatch
#or
doas syspatch

• It will ask you for your user's password.
• Enter the password for your user, that you created during the installation.

• After the update is complete reboot the system with:

sudo reboot
#or
doas reboot

• After the reboot, the system will apply new changes from updates.

---

Aferwards

Now your OpenBSD system is installed and configured for next steps. You can port your own software on your OpenBSD system like Apple or Sony does for Play Station or you can run your own dedicated server for vairous tasks. I'll upload a follow-up article on installing a Desktop Environment on OpenBSD in coming days stay tuned!.
If you hit any error or other issues following this guide, please let me know in the comments. I'm here to help.

1o1 out, I'll see you in the next one!

Abdullah Musa August 04, 2025