NAME
bgplgsh
—
looking glass shell for the OpenBSD
Border Gateway Protocol daemon
SYNOPSIS
bgplgsh |
DESCRIPTION
The bgplgsh
program is a looking glass
shell for the bgpd(8) Border Gateway Protocol daemon. The looking glass
will provide a simple command line interface with read-only access to a
restricted set of bgpd(8) and system status information, which is typically
used on route servers by Internet Service Providers (ISPs) and Internet
eXchange points (IXs).
It requires three steps to enable the looking glass shell:
- Add
bgplgsh
as a valid login shell. See shells(5) for more information.# echo /usr/bin/bgplgsh >> /etc/shells
- Create a new user for restricted looking glass access. See
adduser(8) for more information about system user management.
# adduser -shell bgplgsh -batch bgplg # passwd bgplg
- Start the Border Gateway Protocol daemon with a second, restricted,
control socket. See
bgpd.conf(5) and
bgplg(8) for more information.
For example, add the following to /etc/bgpd.conf to have bgpd(8) open a second, restricted, control socket:
socket "/var/www/run/bgpd.rsock" restricted
FILES
- /var/www/run/bgpd.rsock
- Position of the second, restricted, control socket of bgpd(8).
SEE ALSO
HISTORY
The bgplgsh
program first appeared in
OpenBSD 4.1. The initial implementation was done in
2005 for DE-CIX, the German commercial internet exchange point.
AUTHORS
The bgplgsh
program was written by
Reyk Floeter
<reyk@openbsd.org>.
CAVEATS
To prevent commands from running endlessly,
bgplgsh
will kill the corresponding processes after
a hard limit of 60 seconds. For example, this can take effect when using
traceroute(8) with blackholed or bad routes.