Update USB Stick For Headless Server Installation

Update USB Stick For Headless Server Installation

By |

Last Updated on 2025-01-28 16:27 by Sture

List /dev setup on the USB stick da0 with:

user@freebsdsrv:~ $ ls /dev/da* [enter]
/dev/da0     /dev/da0s1   /dev/da0s2   /dev/da0s2a
user@freebsdsrv:~ $

In this example, /dev/da0s2a contains the FreeBSD-14.2-RELEASE-amd64 OS installation.

Mount /dev/da0s2a with read and write permissions on /mnt with:

user@freebsdsrv:~ $ sudo mount -o rw /dev/da0s2a /mnt [enter]
user@freebsdsrv:~ $

List directory contents of /mnt with:

user@freebsdsrv:~ $ ls -l /mnt [enter]
total 72
-r--r--r--   1 root wheel 6109 Nov 29 13:53 COPYRIGHT
drwxr-xr-x   2 root wheel 1024 Nov 29 13:51 bin
drwxr-xr-x  14 root wheel 1536 Nov 29 13:53 boot
dr-xr-xr-x   2 root wheel  512 Nov 29 13:50 dev
drwxr-xr-x  30 root wheel 2048 Nov 29 14:02 etc
drwxr-xr-x   4 root wheel 2048 Nov 29 13:51 lib
drwxr-xr-x   3 root wheel  512 Nov 29 13:50 libexec
drwxr-xr-x   2 root wheel  512 Nov 29 13:50 media
drwxr-xr-x   2 root wheel  512 Nov 29 13:50 mnt
drwxr-xr-x   2 root wheel  512 Nov 29 13:50 net
dr-xr-xr-x   2 root wheel  512 Nov 29 13:50 proc
drwxr-xr-x   2 root wheel  512 Nov 29 13:50 rescue
drwxr-x---   2 root wheel  512 Nov 29 13:53 root
drwxr-xr-x   2 root wheel 3072 Nov 29 13:51 sbin
drwxrwxrwt   2 root wheel  512 Nov 29 13:50 tmp
drwxr-xr-x  13 root wheel  512 Nov 29 13:53 usr
drwxr-xr-x  24 root wheel  512 Nov 29 13:50 var
user@freebsdsrv:~ $

Delete file /mnt/etc/rc.local with:

user@freebsdsrv:~ $ sudo rm /mnt/etc/rc.local [enter]
user@freebsdsrv:~ $

Update /etc/fstab

Update file fstab status from read-only to read-write with:

user@freebsdsrv:~ $ sudo sh -c 'sed -e "s/ro/rw/" -i "" /mnt/etc/fstab' ; cat /mnt/etc/fstab [enter]
/dev/ufs/FreeBSD_Install / ufs rw,noatime 1 1
user@freebsdsrv:~ $

Update /etc/rc.conf

Find a currently-unused IP address in your local network.
In this example, IP address 192.168.1.250 and netmask 255.255.255.0 will be hard-coded in file rc.conf.

user@freebsdsrv:~ $ sudo sh -c 'echo ifconfig_DEFAULT=\"inet 192.168.1.250 netmask 255.255.255.0\" >> /mnt/etc/rc.conf'; sudo sh -c 'echo defaultrouter=\"192.168.1.1\" >> /mnt/etc/rc.conf' ; sudo sh -c 'echo sshd_enable=\"YES\" >> /mnt/etc/rc.conf'; sudo sh -c 'echo keymap=\"se.kbd\" >> /mnt/etc/rc.conf'; cat /mnt/etc/rc.conf [enter]
sendmail_enable="NONE"
hostid_enable="NO"
ifconfig_DEFAULT="inet 192.168.1.250 netmask 255.255.255.0"
defaultrouter="192.168.1.1"
sshd_enable="YES"
keymap="se.kbd"
user@freebsdsrv:~ $

Update /boot/loader.conf

Add autoboot_delay=”0″ to file /mnt/boot/loader.conf and verify entries to file /mnt/boot/loader.conf with:

user@freebsdsrv:~ $ sudo sh -c 'echo -e "autoboot_delay=\"0\"" >> /mnt/boot/loader.conf' ; cat /mnt/boot/loader.conf  [enter]
vfs.mountroot.timeout="10"
kernels_autodetect="NO"
loader_menu_multi_user_prompt="Installer"
autoboot_delay="0"
user@freebsdsrv:~ $

Update /etc/ssh/sshd_config

user@freebsdsrv:~ $ sudo sed -e "s/#PermitRootLogin no/PermitRootLogin yes/" -i "" /mnt/etc/ssh/sshd_config ; sudo sed -e 's/#PasswordAuthentication no/PasswordAuthentication yes/' -i "" /mnt/etc/ssh/sshd_config ; sudo sed -e 's/#PermitEmptyPasswords no/PermitEmptyPasswords yes/' -i "" /mnt/etc/ssh/sshd_config ; sudo sed -e 's/#UsePAM yes/UsePAM no/' -i "" /mnt/etc/ssh/sshd_config ; sudo sed -e 's/#UseDNS yes/UseDNS no/' -i "" /mnt/etc/ssh/sshd_config ; cat /mnt/etc/ssh/sshd_config [enter]
#	$OpenBSD: sshd_config,v 1.104 2021/07/02 05:11:21 dtucker Exp $

# This is the sshd server system-wide configuration file.  See
# sshd_config(5) for more information.

# This sshd was compiled with PATH=/usr/bin:/bin:/usr/sbin:/sbin

# The strategy used for options in the default sshd_config shipped with
# OpenSSH is to specify options with their default value where
# possible, but leave them commented.  Uncommented options override the
# default value.

# Note that some of FreeBSD's defaults differ from OpenBSD's, and
# FreeBSD has a few additional options.

#Port 22
#AddressFamily any
#ListenAddress 0.0.0.0
#ListenAddress ::

#HostKey /etc/ssh/ssh_host_rsa_key
#HostKey /etc/ssh/ssh_host_ecdsa_key
#HostKey /etc/ssh/ssh_host_ed25519_key

# Ciphers and keying
#RekeyLimit default none

# Logging
#SyslogFacility AUTH
#LogLevel INFO

# Authentication:

#LoginGraceTime 2m
PermitRootLogin yes
#StrictModes yes
#MaxAuthTries 6
#MaxSessions 10

#PubkeyAuthentication yes

# The default is to check both .ssh/authorized_keys and .ssh/authorized_keys2
# but this is overridden so installations will only check .ssh/authorized_keys
AuthorizedKeysFile	.ssh/authorized_keys

#AuthorizedPrincipalsFile none

#AuthorizedKeysCommand none
#AuthorizedKeysCommandUser nobody

# For this to work you will also need host keys in /etc/ssh/ssh_known_hosts
#HostbasedAuthentication no
# Change to yes if you don't trust ~/.ssh/known_hosts for
# HostbasedAuthentication
#IgnoreUserKnownHosts no
# Don't read the user's ~/.rhosts and ~/.shosts files
#IgnoreRhosts yes

# Change to yes to enable built-in password authentication.
# Note that passwords may also be accepted via KbdInteractiveAuthentication.
PasswordAuthentication yes
PermitEmptyPasswords yes

# Change to no to disable PAM authentication
#KbdInteractiveAuthentication yes

# Kerberos options
#KerberosAuthentication no
#KerberosOrLocalPasswd yes
#KerberosTicketCleanup yes
#KerberosGetAFSToken no

# GSSAPI options
#GSSAPIAuthentication no
#GSSAPICleanupCredentials yes

# Set this to 'no' to disable PAM authentication, account processing,
# and session processing. If this is enabled, PAM authentication will
# be allowed through the KbdInteractiveAuthentication and
# PasswordAuthentication.  Depending on your PAM configuration,
# PAM authentication via KbdInteractiveAuthentication may bypass
# the setting of "PermitRootLogin prohibit-password".
# If you just want the PAM account and session checks to run without
# PAM authentication, then enable this but set PasswordAuthentication
# and KbdInteractiveAuthentication to 'no'.
UsePAM no

#AllowAgentForwarding yes
#AllowTcpForwarding yes
#GatewayPorts no
#X11Forwarding yes
#X11DisplayOffset 10
#X11UseLocalhost yes
#PermitTTY yes
#PrintMotd yes
#PrintLastLog yes
#TCPKeepAlive yes
#PermitUserEnvironment no
#Compression delayed
#ClientAliveInterval 0
#ClientAliveCountMax 3
UseDNS no
#PidFile /var/run/sshd.pid
#MaxStartups 10:30:100
#PermitTunnel no
#ChrootDirectory none
#UseBlacklist no
#VersionAddendum FreeBSD-20221019

# no default banner path
#Banner none

# override default of no subsystems
Subsystem	sftp	/usr/libexec/sftp-server

# Example of overriding settings on a per-user basis
#Match User anoncvs
#	X11Forwarding no
#	AllowTcpForwarding no
#	PermitTTY no
#	ForceCommand cvs server
user@freebsdsrv:~ $
user@freebsdsrv:~ $ sudo umount /mnt [enter]
user@freebsdsrv:~ $

Insert the modified USB into the target machine, boot it, and wait for a minute or so. You should be able to SSH into it as root.

user@iMac ~ % ssh root@192.168.1.250 [enter]   
The authenticity of host '192.168.1.250 (192.168.1.250)' can't be established.
ED25519 key fingerprint is SHA256:fJc/6q4xKsatzWj5voqi/Pst6R3oPLZN0Tgrrnm2ujY.
This key is not known by any other names.
Are you sure you want to continue connecting (yes/no/[fingerprint])? yes [enter]
Warning: Permanently added '192.168.1.250' (ED25519) to the list of known hosts.
FreeBSD 14.2-RELEASE (GENERIC) releng/14.2-n269506-c8918d6c7412

Welcome to FreeBSD!

Release Notes, Errata: https://www.FreeBSD.org/releases/
Security Advisories:   https://www.FreeBSD.org/security/
FreeBSD Handbook:      https://www.FreeBSD.org/handbook/
FreeBSD FAQ:           https://www.FreeBSD.org/faq/
Questions List:        https://www.FreeBSD.org/lists/questions/
FreeBSD Forums:        https://forums.FreeBSD.org/

Documents installed with the system are in the /usr/local/share/doc/freebsd/
directory, or can be installed later with:  pkg install en-freebsd-doc
For other languages, replace "en" with a language code like de or fr.

Show the version of FreeBSD installed:  freebsd-version ; uname -a
Please include that output and any error messages when posting questions.
Introduction to manual pages:  man man
FreeBSD directory layout:      man hier

To change this login announcement, see motd(5).
root@:~ #

bsdinstall

Run bsdinstall to install FreeBSD on the target machine.

root@:~ # bsdinstall [enter]

bsdconfig

If you’ve already installed FreeBSD, you may use bsdconfig to customise the server to suit your particular configuration. Most importantly, you can use the Package utility to load extra ‘3rd party’ software not provided in the base distributions.

root@:~ # bsdconfig [enter]
Comments are closed.