BGPLG(8) OpenBSD System Manager's Manual BGPLG(8)NAMEbgplgsh - looking glass shell for the OpenBSD Border Gateway Protocol
daemon
SYNOPSISbgplgshDESCRIPTION
The bgplgsh program is a looking glass shell for the bgpd(8) Border
Gateway Protocol daemon. The looking glass will provide a simple command
line interface with read-only access to a restricted set of bgpd(8) and
system status information, which is typically used on route servers by
Internet Service Providers (ISPs) and Internet eXchange points (IXs).
It requires three steps to enable the looking glass shell:
1. Add bgplgsh as a valid login shell. See shells(5) for more
information.
# echo /usr/bin/bgplgsh >> /etc/shells
2. Create a new user for restricted looking glass access. See
adduser(8) for more information about system user management.
# adduser -shell /usr/bin/bgplgsh -batch bgplg
# passwd bgplg
3. Start the Border Gateway Protocol daemon with a second, restricted,
control socket. See bgpd.conf(5) and bgplg(8) for more information.
For example, add the following to /etc/bgpd.conf to have bgpd(8)
open a second, restricted, control socket:
socket "/var/www/logs/bgpd.rsock" restricted
FILES
/var/www/logs/bgpd.rsock Position of the second, restricted, control
socket of bgpd(8).
SEE ALSObgpd(8), bgplg(8)HISTORY
The bgplgsh program first appeared in OpenBSD 4.1. The initial
implementation was done in 2005 for DE-CIX, the German commercial
internet exchange point.
AUTHORS
The bgplgsh program was written by Reyk Floeter <reyk@vantronix.net>.
CAVEATS
To prevent commands from running endlessly, bgplgsh will kill the
corresponding processes after a hard limit of 60 seconds. For example,
this can take effect when using traceroute(8) with blackholed or bad
routes.
OpenBSD 4.9 October 13, 2010 OpenBSD 4.9