Here are a few notes on the installation and administration of OpenBSD. This was written for version 5.6, circa 2015.


OpenBSD has good documentation that comes in two forms: the OpenBSD FAQ and its manual pages. The FAQ's Getting Started page has good links.

These man pages are good introductory material: afterboot, hier, daily, sysctl.

Absolute OpenBSD is a very good book. Note the discount code on the author's page.


How do we get OpenBSD? Download an ISO from one of the mirrors. Which ISO? Probably either cd56.iso or install56.iso. The former is the minimal net-based install, the later includes more software on the image. Unless we're installing more than a couple of boxes, go with the net-based cd56.iso, because it's likely to save bandwidth overall, and it sets our default source to the net rather than CD for when we want to add additional packages post-install.

OpenBSD installation is straightforward. It asks only a dozen or so questions of the user. The only potentially tricky bit is partitioning the disk.

Partitioning. OpenBSD uses various partitions, with a greater number and granularity (particularly /usr partitions) than seen on other *nixes. These are: / (root), swap, /tmp, /var/, /usr, /usr/local, /usr/X11R6, /usr/src, /usr/obj, and /home. The /usr/src and /usr/obj partitions are used in OpenBSD's update process, where the updated source tree is pulled into /usr/src and compiled binaries placed in /usr/obj. The size and necessity of these partitions vary with system type. A firewall, for example, may not have a compiler for security reasons, so separate /usr/src and /usr/obj partitions become unnecessary. An embedded system may not have the horsepower or disk space for compiling. However, where practical, it's a good idea to have all these partitions, because OpenBSD uses them (among other reasons) as security mechanisms.

We may well want to edit the suggested/automatic partition scheme to better suit our needs. Once editing the partition table, ? gives help. If we want to print the partition table in gigabytes, use p g. The partitions are identified by letter, and the swap partition is always "b".

One final detail. When the installer asks you which bits of the base system to install, you can use wildcards. For example, to deselect all the X Window bit, enter -X*, or +X* to select it all.

The installation process is short, about ten minutes in all. There's little time cost in restarting it if we screw it up.

The boot loader

The boot loader waits a few seconds before loading the kernel. Hit the space bar to stay at the boot loader prompt. The boot loader has a help command. If you want to resume normal booting, enter the boot command.

To boot into single-user mode, enter boot -s. To do anything useful, we'll want to mount one or more filesystems. But first, if we have any reason to believe the filesystem may not be clean (e.g. the system crashed), run fsck -p to check and make any very minor repairs on any filesystems listed in fstab. Run mount -a to mount any filesystems listed in fstab which are not already mounted.

To start the network in single-user mode, run sh /etc/netstart.

It's possible to boot alternate kernels (e.g. boot /bsd.rd), or boot from other disks.


OpenBSD 6.1 introduced `syspatch`, and official binary patch system for core. This eliminates the need for third-party `openup`. $ doas syspatch To update non-core binary packages: $ doas pkg_add -Uu - -