Vmm /

Alpine Linux

Alpine Linux is a security-oriented, lightweight Linux distribution based on musl libc, busybox and uses OpenRC for its init system.


  • small, simple and secure.
  • Uses musl, busyBox and OpenRC.


  • Includes non-free blobs.
  • No way to prevent these blobs from installing.


This guide will show you how you can install Alpine Linux on Openbsd's VMM.


  • Replace all instance of username with your username.
  • Replace all instance of host.example.com with the hostname of host system.
  • Replace all instance of username.host.example.com with the hostname of your virtual machine.

Login to Virtual Machine

First let's login to the host operating system.

$ ssh username@host.example.com

NOTE : Hostname should be username@host.example.com not username@username.host.example.com.

Download the iso image

Alpine provides different type of iso image for different use case. But you will be going to running it on a virtual machine so you need to download the latest stable version of virtual iso image from their download page

At the time of writing, the latest stable version is 3.16.

$ wget https://dl-cdn.alpinelinux.org/alpine/v3.16/releases/x86_64/alpine-virt-3.16.0-x86_64.iso

Also download the SHA256 signatures.

$ wget https://dl-cdn.alpinelinux.org/alpine/v3.16/releases/x86_64/alpine-virt-3.16.0-x86_64.iso.sha256

Now let's verify the iso image.

$ sha256 -C alpine-*.sha256 alpine-*.iso
(SHA256) alpine-virt-3.16.0-x86_64.iso: OK

If the output is OK then you good to go, however if your output is FAILED then you should contact to a sysadmin for confirmation before reporting to Alpine linux.

NOTE : Never run any iso image before verifying it.

Now delete the signature and rename the iso image to username.iso.

$ rm alpine-*.sha256
$ mv alpine-*.iso username.iso

Create a VM disk image file

Before creating disk image file make sure to stop and remove any username.qcow2 disk image if exist.

$ vmctl stop username
$ rm username.qcow2

To create a disk image file of 20 GB size.

$ vmctl create -s 20G username.qcow2

Check VMM configuration

VMM configuration file is located at /etc/vm.conf. The file contains all the entries of users of that host server.

So to find your entry, run:

$ sed -ne '/username/,$p' /etc/vm.conf | head -n10
vm "username" {
	owner username
	memory 1024M
	cdrom "/home/username/username.iso"
	disk /home/username/username.qcow2
	interface { 
		locked lladdr aa:bb:cc:dd:ed:03
		switch "switch0"

In this command sed searches /etc/vm.conf for username and returns the all the lines after the match including the matched line then pipe the result to head to only print 10 lines from start.

From the result, make sure cdrom and disk points to the right path. If not, move the iso image and disk image files to the right path.

NOTE : You can't edit /etc/vm.conf because it need root permission.

Start the Installation

Start the virtual machine.

$ vmctl start username

Open the serial console and press Enter.

$ vmctl console username
Connected to /dev/ttypj (speed 115200)

Now press Enter to continue.

Welcome to Alpine Linux 3.16
Kernel 5.15.41-0-virt on an x86_64 (/dev/ttyS0)

NOTE : At any time, if you want to exit the serial console, type ~^d (tilde followed by ctrl+d).

Install Alpine Linux

Login as root.

localhost login: root

Start the setup-alpine installer script.

# setup-alpine

NOTE : Text inside [...] is default answer. Type Enter without answer to go with the default answer and type ? for brief explanation of the question.

Enter the hostname of your virtual machine (given by your trainer).

Enter system hostname (fully qualified form, e.g. 'foo.example.org') [localhost] username.host.example.com

Select the ethernet interface.

Available interfaces are: eth0.
Enter '?' for help on bridges, bonding and vlans.
Which one do you want to initialize? (or '?' or 'done') [eth0] eth0

Enter the static IP address of your virtual machine (given by your trainer).

Ip address for eth0? (or 'dhcp', 'none', '?') [dhcp]

Enter the Gateway of your virtual machine (given by your trainer).

Gateway? (or 'none') [none]

We will set IPv6 later.

Do you want to do any manual network configuration? (y/n) [n] n

Leave it blank.

DNS domain name? (e.g 'bar.com')

For privacy reasons, don't use Google DNS server ( or Here I am using quad9 DNS server.

DNS nameserver(s)?

Enter your root password.

Changing password for root
New password:
Retype password:

Select your timezone. Type ? to list all timezone or sub-timezone.

Which timezone are you in? ('?' for list) [UTC] UTC

We don't need proxy server.

HTTP/FTP proxy URL? (e.g. 'http://proxy:8080', or 'none') [none] none

Select chrony.

Which NTP client to run? ('busybox', 'openntpd', 'chrony' or 'none') [chrony] chrony

Select f to find the fastest mirror.

r) Add random from the above list
f) Detect and add fastest mirror from above list
e) Edit /etc/apk/repositories with text editor
Enter mirror number (1-74) or URL to add (or r/f/e/done) [1] f

We will setup users later.

Setup a user? (enter a lower-case loginname, or 'no') [no] no

Select openssh

Which ssh server? ('openssh', 'dropbear' or 'none') [openssh] openssh

NOTE : You should never allow root ssh login.

Allow root ssh login? ('?' for help) [prohibit-password] no

Select the disk from the list (there should be only one because we are in VM).

Available disks are:
  vda	(21.5 GB 0x0b5d )
Which disk(s) would you like to use? (or '?' for help or 'none') [none] vda

Select sys to install the system on disk.

How would you like to use it? ('sys', 'data', 'crypt', 'lvm' or '?' for help) [?] sys

Select y.

WARNING: The following disk(s) will be erased:
  vda	(21.5 GB 0x0b5d )
WARNING: Erase the above disk(s) and continue? (y/n) [n] y

After the installation, reboot the system.

Installation is complete. Please reboot.
# reboot

Press ~^d to exit the serial console.

You no longer need the iso image file.

$ rm username.iso

Start the virtual machine.

$ vmctl start username

Open the serial console and press Enter.

$ vmctl console username

Login as root.

username.host.example.com login: root

To update the system, run:

apk update
apk upgrade

Create a User

To add a user, run:

# adduser username
Changing password for username
New password:
Retype password:

To add user to wheel, run:

# adduser username wheel

Configure doas

Login as root.

$ su

Install doas:

# apk add doas

In Alpine Linux, default configuration file is located at /etc/doas.d/doas.conf.

To allow doas for wheel group.

# echo "permit persist :wheel" >> /etc/doas.d/doas.conf

To allow doas for wheel group without password.

# echo "permit nopass :wheel" >> /etc/doas.d/doas.conf

Setup SSH

NOTE: Make sure your are able to login to your virtual machine from your local computer.

$ ssh username@username.host.example.com
username@username.host.example.com's password: 

Now, Setup Public Key Authentication and Disable Password Authentication.