Deploying your own Virtual Private Server (VPS) using NetBSD can provide unmatched control, performance, and security. NetBSD is renowned for its clean design, portability, and minimalism. This guide is aimed at advanced users who want full root access, maximum performance, and a BSD-licensed base system.
This tutorial will guide you through every step, from acquiring the VPS to getting a fully functional remote NetBSD system over SSH.
Step 1: Choose a VPS Provider that Supports ISO Booting
You need a VPS provider that allows custom ISO uploads or booting from a public ISO URL. Providers like:
• Vultr (Custom ISO via upload)
• Hetzner (Rescue System + ISO mount)
• Linode (Limited support, use raw disk image)
• OVH (IPMI interface)
Ensure the following:
• VPS has at least 1 vCPU, 512MB RAM, and 10GB disk.
• Provider allows access to virtual console / VNC / IPMI / Rescue Mode.
Step 2: Obtain NetBSD ISO
Go to the official NetBSD website:
📥 https://cdn.NetBSD.org/pub/NetBSD/NetBSD-10.0/images/
Download: NetBSD-10.0-amd64.iso
You can also use the NetBSD-boot CD if your provider requires a minimal image.
Step 3: Boot the VPS with the NetBSD ISO
• Upload the ISO to the provider (or provide URL).
• Start VPS with the ISO mounted.
• Open the VNC console / IPMI interface.
• Boot into the ISO.
On boot prompt, select:
Install NetBSD
Step 4: Partition the Disk
NetBSD uses the fdisk + disklabel combination.
1. Select the target disk (usually wd0 or sd0).
2. When prompted:
Use the entire disk with NetBSD partition (MBR or GPT as per need).
3. Accept default partitioning scheme or create your own:
• / – 2 GB (FFSv2)
• /usr – 6 GB
• /var – 1 GB
• swap – 512 MB (or more, depending on RAM)
Step 5: Select and Install Sets
You’ll now be prompted to select which sets (packages) to install. Choose:
✅ base
✅ etc
✅ kernel (GENERIC or GENERIC.MP)
✅ man
✅ text
✅ comp (if you want a full compiler toolchain)
✅ games (optional)
✅ xbase, xetc, xfont, xserver (optional – for headless servers, omit these)
Install from:
FTP -> cdn.NetBSD.org -> pub/NetBSD/NetBSD-10.0/amd64/binary/sets
Ensure the network is up using DHCP or configure static IP before continuing.
Step 6: Set Root Password and Networking
• Set a strong root password.
• Configure rc.conf to enable networking:
echo ‘dhcpcd=YES’ >> /etc/rc.conf
echo ‘sshd=YES’ >> /etc/rc.conf
Alternatively, set static IP in /etc/ifconfig.wm0 (replace wm0 with your interface):
inet 192.168.1.100 netmask 255.255.255.0
Add DNS:
echo ‘nameserver 8.8.8.8’ > /etc/resolv.conf
Step 7: Enable and Configure SSH
• Make sure sshd is installed and enabled (usually part of base).
• Edit /etc/ssh/sshd_config (optional tweaks):
• PermitRootLogin yes
• PasswordAuthentication yes or no for key-based auth.
Start SSH
/etc/rc.d/sshd start
Test it locally:
ssh localhost
Step 8: Reboot and Detach ISO
Once the installation is complete:
1. Exit installer.
2. Unmount ISO in the provider’s control panel.
3. Reboot VPS:
reboot
Watch the console – your VPS should now boot from the disk into a fresh NetBSD install.
Step 9: Post-Install Security & Utilities
Update pkgsrc and install basics:
# Bootstrap pkgin
pkg_add pkgin
# Set up repositories
echo ‘http://cdn.NetBSD.org/pub/pkgsrc/packages/NetBSD/amd64/10.0/All/’ > /usr/pkg/etc/pkgin/repositories.conf
pkgin update
pkgin install sudo bash tmux curl htop
Create a non-root user:
useradd -m -G wheel youruser
passwd youruser
Enable sudo:
echo ‘youruser ALL=(ALL) ALL’ >> /usr/pkg/etc/sudoers
Step 10: Harden the System
• Disable root login in SSH:
PermitRootLogin no
• Configure firewall using npf:
Edit /etc/npf.conf:
group “external” on wm0 {
block in final from any to any
pass in final inet proto tcp to port ssh
pass out final all
}
Enable on boot:
echo ‘npf=YES’ >> /etc/rc.conf
/etc/rc.d/npfd start
✅ Summary
You now have a clean, minimal, and secure NetBSD VPS with full root control, SSH access, and package management. This system is ideal for:
• Hosting secure web services
• VPN tunneling
• Embedded system backends
• BSD-only application stacks
• Self-contained development environments
NOW you have a full VPS in a minimal BSD System, with strong security provided by the system. Have Fun .