bgplgsh —
looking glass shell for the OpenBSD Border Gateway
Protocol daemon
The
bgplgsh program is a looking glass shell
for the
bgpd(8) Border Gateway
Protocol daemon. The looking glass will provide a simple command line
interface with read-only access to a restricted set of
bgpd(8) and system status
information, which is typically used on route servers by Internet Service
Providers (ISPs) and Internet eXchange points (IXs).
It requires three steps to enable the looking glass shell:
- Add
bgplgsh as a valid login shell. See
shells(5) for more
information.
# echo /usr/bin/bgplgsh >> /etc/shells
- Create a new user for restricted looking glass access. See
adduser(8) for more
information about system user management.
# adduser -shell /usr/bin/bgplgsh -batch bgplg
# passwd bgplg
- Start the Border Gateway Protocol daemon with a second, restricted,
control socket. See
bgpd.conf(5) and
bgplg(8) for more
information.
For example, add the following to
/etc/bgpd.conf to have
bgpd(8) open a second,
restricted, control socket:
socket
"/var/www/run/bgpd.rsock" restricted
- /var/www/run/bgpd.rsock
- Position of the second, restricted, control socket of
bgpd(8).
bgpd(8),
bgplg(8)
The
bgplgsh program first appeared in
OpenBSD 4.1. The initial implementation was done in
2005 for DE-CIX, the German commercial internet exchange point.
The
bgplgsh program was written by
Reyk Floeter
<
reyk@openbsd.org>.
To prevent commands from running endlessly,
bgplgsh will kill the corresponding
processes after a hard limit of 60 seconds. For example, this can take effect
when using
traceroute(8)
with blackholed or bad routes.
![[OpenBSD]](/openbsd.gif){kind=small}