1 .\" Copyright (c) 1983, 1993
2 .\" The Regents of the University of California. All rights reserved.
4 .\" Redistribution and use in source and binary forms, with or without
5 .\" modification, are permitted provided that the following conditions
7 .\" 1. Redistributions of source code must retain the above copyright
8 .\" notice, this list of conditions and the following disclaimer.
9 .\" 2. Redistributions in binary form must reproduce the above copyright
10 .\" notice, this list of conditions and the following disclaimer in the
11 .\" documentation and/or other materials provided with the distribution.
12 .\" 3. All advertising materials mentioning features or use of this software
13 .\" must display the following acknowledgement:
14 .\" This product includes software developed by the University of
15 .\" California, Berkeley and its contributors.
16 .\" 4. Neither the name of the University nor the names of its contributors
17 .\" may be used to endorse or promote products derived from this software
18 .\" without specific prior written permission.
20 .\" THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
21 .\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
22 .\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
23 .\" ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
24 .\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
25 .\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
26 .\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
27 .\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
28 .\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
29 .\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
32 .\" @(#)telnetd.8 8.4 (Berkeley) 6/1/94
44 .Nm /usr/libexec/telnetd
53 .Op Fl debug Op Ar port
57 command is a server which supports the
61 virtual terminal protocol.
63 is normally invoked by the internet server (see
65 for requests to connect to the
67 port as indicated by the
73 option may be used to start up
75 manually, instead of through
77 If started up this way,
79 may be specified to run
87 command accepts the following options:
88 .Bl -tag -width indent
92 to use IPv4 addresses only.
96 to use IPv6 addresses only.
98 This option may be used for specifying what mode should
99 be used for authentication.
100 Note that this option is only useful if
102 has been compiled with support for the
105 There are several valid values for
107 .Bl -tag -width debug
109 Turn on authentication debugging code.
111 Only allow connections when the remote user
112 can provide valid authentication information
113 to identify the remote user,
114 and is allowed access to the specified account
115 without providing a password.
117 Only allow connections when the remote user
118 can provide valid authentication information
119 to identify the remote user.
122 command will provide any additional user verification
123 needed if the remote user is not allowed automatic
124 access to the specified account.
126 Only allow connections that supply some authentication information.
127 This option is currently not supported
128 by any of the existing authentication mechanisms,
129 and is thus the same as specifying
133 This is the default state.
134 Authentication information is not required.
135 If no or insufficient authentication information
136 is provided, then the
138 program will provide the necessary user
141 Disable the authentication code.
142 All user verification will happen through the
147 Specify bftp server mode.
150 causes login to start a
152 session rather than the user's
154 In bftp daemon mode normal
155 logins are not supported, and it must be used
156 on a port other than the normal
159 .It Fl D Ar debugmode
160 This option may be used for debugging purposes.
163 to print out debugging information
164 to the connection, allowing the user to see what
167 There are several possible values for
169 .Bl -tag -width exercise
171 Print information about the negotiation of
177 information, plus some additional information
178 about what processing is going on.
180 Display the data stream received by
183 Display data written to the pty.
185 Has not been implemented yet.
188 Enable debugging on each socket created by
197 has been compiled with support for data encryption, then the
199 option may be used to enable encryption debugging code.
201 Disable the printing of host-specific information before
202 login has been completed.
204 This option is only useful if
206 has been compiled with both linemode and kludge linemode
210 option is specified, then if the remote client does not
215 will operate in character at a time mode.
216 It will still support kludge linemode, but will only
217 go into kludge linemode if the remote client requests
219 (This is done by the client sending
220 .Dv DONT SUPPRESS-GO-AHEAD
225 option is most useful when there are remote clients
226 that do not support kludge linemode, but pass the heuristic
227 (if they respond with
231 for kludge linemode support.
234 Try to force clients to use line-at-a-time mode.
237 option is not supported, it will go
238 into kludge linemode.
247 keep-alive mechanism to probe connections that
248 have been idle for some period of time to determine
249 if the client is still there, so that idle connections
250 from machines that have crashed or can no longer
251 be reached may be cleaned up.
252 .It Fl p Ar loginprog
255 command to run to complete the login.
256 The alternate command must
257 understand the same command arguments as the standard login.
259 Sets the IP type-of-service (TOS) option for the telnet
260 connection to the value
262 which can be a numeric TOS value or, on systems that support it, a symbolic
263 TOS name found in the
267 This option is used to specify the size of the field
270 structure that holds the remote host name.
271 If the resolved host name is longer than
273 the dotted decimal value will be used instead.
274 This allows hosts with very long host names that
275 overflow this field to still be uniquely identified.
278 indicates that only dotted decimal addresses
279 should be put into the
285 to refuse connections from addresses that
286 cannot be mapped back into a symbolic name
291 This option is only valid if
293 has been built with support for the authentication option.
294 It disables the use of
297 can be used to temporarily disable
298 a specific authentication type without having to recompile
303 .Ar KERBEROS_V4, Ar KERBEROS_V5, Ar SPX, Ar MINK,
306 These options are completely independent of the
312 operates by allocating a pseudo-terminal device (see
314 for a client, then creating a login process which has
315 the slave side of the pseudo-terminal as
321 manipulates the master side of the pseudo-terminal,
324 protocol and passing characters
325 between the remote client and the login process.
329 session is started up,
333 options to the client side indicating
334 a willingness to do the
337 options, which are described in more detail below:
338 .Bd -literal -offset indent
346 WILL SUPPRESS GO AHEAD
355 The pseudo-terminal allocated to the client is configured
365 has support for enabling locally the following
368 .Bl -tag -width "DO AUTHENTICATION"
376 will be sent to the client to indicate the
377 current state of terminal echoing.
378 When terminal echo is not desired, a
380 is sent to indicate that
382 will take care of echoing any data that needs to be
383 echoed to the terminal, and then nothing is echoed.
384 When terminal echo is desired, a
386 is sent to indicate that
388 will not be doing any terminal echoing, so the
389 client should do any terminal echoing that is needed.
391 Indicate that the client is willing to send a
392 8 bits of data, rather than the normal 7 bits
393 of the Network Virtual Terminal.
395 Indicate that it will not be sending
399 Indicate a willingness to send the client, upon
400 request, of the current status of all
403 .It "WILL TIMING-MARK"
406 command is received, it is always responded
408 .Dv WILL TIMING-MARK .
414 is sent in response, and the
416 session is shut down.
420 is compiled with support for data encryption, and
421 indicates a willingness to decrypt
426 has support for enabling remotely the following
429 .Bl -tag -width "DO AUTHENTICATION"
431 Sent to indicate that
433 is willing to receive an 8 bit data stream.
435 Requests that the client handle flow control
438 This is not really supported, but is sent to identify a
441 client, which will improperly respond with
447 will be sent in response.
448 .It "DO TERMINAL-TYPE"
449 Indicate a desire to be able to request the
450 name of the type of terminal that is attached
451 to the client side of the connection.
453 Indicate that it does not need to receive
455 the go ahead command.
457 Requests that the client inform the server when
458 the window (display) size changes.
459 .It "DO TERMINAL-SPEED"
460 Indicate a desire to be able to request information
461 about the speed of the serial line to which
462 the client is attached.
464 Indicate a desire to be able to request the name
465 of the X Window System display that is associated with
468 Indicate a desire to be able to request environment
469 variable information, as described in RFC 1572.
471 Indicate a desire to be able to request environment
472 variable information, as described in RFC 1408.
476 is compiled with support for linemode, and
477 requests that the client do line by line processing.
481 is compiled with support for both linemode and
482 kludge linemode, and the client responded with
484 If the client responds with
486 the it is assumed that the client supports
490 option can be used to disable this.
491 .It "DO AUTHENTICATION"
494 is compiled with support for authentication, and
495 indicates a willingness to receive authentication
496 information for automatic login.
500 is compiled with support for data encryption, and
501 indicates a willingness to decrypt
514 and use that information (if present) to determine
515 what to display before the login: prompt.
517 also use a System V style
521 capability, which will override
523 The information specified in either
527 will be displayed to both console and remote logins.
530 .Bl -tag -width /usr/ucb/bftp -compact
545 .Bl -tag -compact -width RFC-1572
548 PROTOCOL SPECIFICATION
550 TELNET OPTION SPECIFICATIONS
552 TELNET BINARY TRANSMISSION
556 TELNET SUPPRESS GO AHEAD OPTION
560 TELNET TIMING MARK OPTION
562 TELNET EXTENDED OPTIONS - LIST OPTION
564 TELNET END OF RECORD OPTION
566 Telnet Window Size Option
568 Telnet Terminal Speed Option
570 Telnet Terminal-Type Option
572 Telnet X Display Location Option
574 Requirements for Internet Hosts -- Application and Support
576 Telnet Linemode Option
578 Telnet Remote Flow Control Option
580 Telnet Authentication Option
582 Telnet Authentication: Kerberos Version 4
584 Telnet Authentication: SPX
586 Telnet Environment Option Interoperability Issues
588 Telnet Environment Option
591 IPv6 support was added by WIDE/KAME project.
595 commands are only partially implemented.
597 Because of bugs in the original
601 performs some dubious protocol exchanges to try to discover if the remote
602 client is, in fact, a
607 has no common interpretation except between similar operating systems
610 The terminal type name received from the remote client is converted to