xref: /openbsd/usr.bin/bgplg/bgplgsh.8 (revision a6445c1d) 
1.\"	$OpenBSD: bgplgsh.8,v 1.10 2013/07/16 00:07:52 schwarze Exp $
2.\"
3.\" Copyright (c) 2005, 2006 Reyk Floeter <reyk@openbsd.org>
4.\"
5.\" Permission to use, copy, modify, and distribute this software for any
6.\" purpose with or without fee is hereby granted, provided that the above
7.\" copyright notice and this permission notice appear in all copies.
8.\"
9.\" THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
10.\" WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
11.\" MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
12.\" ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
13.\" WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
14.\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
15.\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
16.\"
17.Dd $Mdocdate: July 16 2013 $
18.Dt BGPLGSH 8
19.Os
20.Sh NAME
21.Nm bgplgsh
22.Nd looking glass shell for the
23.Ox
24Border Gateway Protocol daemon
25.Sh SYNOPSIS
26.Nm bgplgsh
27.Sh DESCRIPTION
28The
29.Nm
30program is a looking glass shell for the
31.Xr bgpd 8
32Border Gateway Protocol daemon.
33The looking glass will provide a simple command line interface
34with read-only access to a restricted set of
35.Xr bgpd 8
36and system status information, which is typically used on route
37servers by Internet Service Providers (ISPs) and Internet eXchange
38points (IXs).
39.Pp
40It requires three steps to enable the looking glass shell:
41.Bl -enum
42.It
43Add
44.Nm
45as a valid login shell.
46See
47.Xr shells 5
48for more information.
49.Bd -literal -offset indent
50# echo /usr/bin/bgplgsh \*(Gt\*(Gt /etc/shells
51.Ed
52.It
53Create a new user for restricted looking glass access.
54See
55.Xr adduser 8
56for more information about system user management.
57.Bd -literal -offset indent
58# adduser -shell /usr/bin/bgplgsh -batch bgplg
59# passwd bgplg
60.Ed
61.It
62Start the Border Gateway Protocol daemon with a second,
63restricted, control socket.
64See
65.Xr bgpd.conf 5
66and
67.Xr bgplg 8
68for more information.
69.Pp
70For example,
71add the following to
72.Pa /etc/bgpd.conf
73to have
74.Xr bgpd 8
75open a second, restricted, control socket:
76.Pp
77.Dl socket \&"/var/www/run/bgpd.rsock\&" restricted
78.El
79.Sh FILES
80.Bl -tag -width "/var/www/run/bgpd.rsockXX" -compact
81.It Pa /var/www/run/bgpd.rsock
82Position of the second, restricted, control socket of
83.Xr bgpd 8 .
84.El
85.Sh SEE ALSO
86.Xr bgpd 8 ,
87.Xr bgplg 8
88.Sh HISTORY
89The
90.Nm
91program first appeared in
92.Ox 4.1 .
93The initial implementation was done in 2005 for DE-CIX, the German
94commercial internet exchange point.
95.Sh AUTHORS
96The
97.Nm
98program was written by
99.An Reyk Floeter Aq Mt reyk@openbsd.org .
100.Sh CAVEATS
101To prevent commands from running endlessly,
102.Nm
103will kill the corresponding processes after a hard limit of 60 seconds.
104For example, this can take effect when using
105.Xr traceroute 8
106with blackholed or bad routes.
107