How to Install OpenBSD on ARM based Hetzner Cloud Servers

This tutorial describes how to install OpenBSD on ARM based Hetzner Cloud servers using the Hetzner rescue system

Please contact us if anything is not clearly described, does not work, seems incorrect or if you require support.

Installing OpenBSD on a Hetzner cloud server is very easy and only takes about five minutes. Here is everything you need to know in easy to follow steps.

Table of contents

Choosing the Correct Hetzner Cloud Server

Create a hetzner cloud server and make sure you choose the ARM variant:

Choosing a ARM cloud server in the Hetzner WebUI

After creating it, boot it into the rescue system:

Booting the Hetzner rescue system

ARM based servers seem to boot significantly slower than regular ones - about one to two minutes until you can login with SSH. Just give it a minute ;-)

Downloading and Flashing the OpenBSD Installer Inside the Hetzner Rescue System

Go to The OpenBSD 7.5 download page for ARM64 images and download the miniroot image. The miniroot image is simply a dd-able image that you write directly to /dev/sda . It will start the installer after you reboot. Download the SHA256.sig as well:


Verify the sha256sum of the image:

sha256sum miniroot75.img 
05df229dc026785b5b3d1ec8b0dcd46780a2a5bdf99b7e739d83abf4ff7b3ff5  miniroot75.img

grep 05df229dc026785b5b3d1ec8b0dcd46780a2a5bdf99b7e739d83abf4ff7b3ff5 SHA256.sig 
SHA256 (miniroot75.img) = 05df229dc026785b5b3d1ec8b0dcd46780a2a5bdf99b7e739d83abf4ff7b3ff5

Simply write the miniroot image to disk using dd .

dd if=miniroot75.img of=/dev/sda bs=4M

After this, reboot to start the installation:


Installing OpenBSD using the Hetzner Cloud Server KVM Console

Now open the Hetzner KVM Console for your VM to configure and run the installation:

Activating the Hetzner KVM console

Here is a Screenshot of the OpenBSD installer viewed by the KVM console:

Viewing the OpenBSD installer in the Hetzner KVM console

For whatever reason, sometimes the KVM console screen would go blank. In this case simply click the red “Connect” button at the bottom right screen.

Reconnecting to the Hetzner KVM console on black screen

The installation itself is pretty straight forward and if you’re a bit into Linux (or BSD) you should understand everything. Most of the defaults can be accepted.

Here are all configuration options where we did not choose the defaults.

  • System hostname:
  • Allow root SSH login: yes
  • Location of sets: http

As said, pretty much all of it is ENTER ENTER ENTER.

When the installation is finished, simply press ENTER ;-) to reboot.

Viewing the finished OpenBSD installation in the Hetzner KVM console

OpenBSD boots rather quickly itself, compared to the rescue systems initial boot. After the reboot, you should be able to login using SSH. You can also see that the system booted in the Hetzner Cloud server KVM console:

Viewing the booted OpenBSD installation in the KVM web console

Most Basic Security Steps for the New OpenBSD Installation

After the server is reachable via SSH we recommend you to follow at least these steps for a reasonably secure setup.

Setup Your SSH Public Key

Setup your ssh public keys on the server to be able to login without a password:

ssh-copy-id root@<your-servers-ip>

Disable Password Based SSH Authentication

Disable password authentication and enforce SSH keypair authentication in the SSH configuration file:

sed -i 's/.*PasswordAuthentication.*/PasswordAuthentication no/g' /etc/ssh/sshd_config

Then restart sshd for the changes to take effect:

rcctl restart sshd               

Disabling the Root User Password

Now that we can login without a password, we can remove the password we set during the installation. This will not set an empty password for root, but simply no password - as in no password would work, as well as an empty password would not work. You can then only login as root via SSH.

sed -i 's/^root:[^:]*:/root::/' /etc/master.passwd

Questions? Requests? Suggestions?

We are looking forward to hearing from you!

Are you looking for
Linux Emergency Support,
Linux Consulting for Projects,
Linux Managed Hosting,
Qubes OS Consulting and Support or
Linux Trainings and Workshops?