1 .\" Copyright (c) 1983, 1993
2 .\" The Regents of the University of California. All rights reserved.
4 .\" Redistribution and use in source and binary forms, with or without
5 .\" modification, are permitted provided that the following conditions
7 .\" 1. Redistributions of source code must retain the above copyright
8 .\" notice, this list of conditions and the following disclaimer.
9 .\" 2. Redistributions in binary form must reproduce the above copyright
10 .\" notice, this list of conditions and the following disclaimer in the
11 .\" documentation and/or other materials provided with the distribution.
12 .\" 3. Neither the name of the University nor the names of its contributors
13 .\" may be used to endorse or promote products derived from this software
14 .\" without specific prior written permission.
16 .\" THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
17 .\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
18 .\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
19 .\" ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
20 .\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
21 .\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
22 .\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
23 .\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
24 .\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
25 .\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
28 .\" @(#)telnetd.8 8.4 (Berkeley) 6/1/94
40 .Nm /usr/libexec/telnetd
49 .Op Fl debug Op Ar port
53 command is a server which supports the
57 virtual terminal protocol.
59 is normally invoked by the internet server (see
61 for requests to connect to the
63 port as indicated by the
69 option may be used to start up
71 manually, instead of through
73 If started up this way,
75 may be specified to run
83 command accepts the following options:
84 .Bl -tag -width indent
88 to use IPv4 addresses only.
92 to use IPv6 addresses only.
94 This option may be used for specifying what mode should
95 be used for authentication.
96 Note that this option is only useful if
98 has been compiled with support for the
101 There are several valid values for
103 .Bl -tag -width debug
105 Turn on authentication debugging code.
107 Only allow connections when the remote user
108 can provide valid authentication information
109 to identify the remote user,
110 and is allowed access to the specified account
111 without providing a password.
113 Only allow connections when the remote user
114 can provide valid authentication information
115 to identify the remote user.
118 command will provide any additional user verification
119 needed if the remote user is not allowed automatic
120 access to the specified account.
122 Only allow connections that supply some authentication information.
123 This option is currently not supported
124 by any of the existing authentication mechanisms,
125 and is thus the same as specifying
129 This is the default state.
130 Authentication information is not required.
131 If no or insufficient authentication information
132 is provided, then the
134 program will provide the necessary user
137 Disable the authentication code.
138 All user verification will happen through the
143 Specify bftp server mode.
146 causes login to start a
148 session rather than the user's
150 In bftp daemon mode normal
151 logins are not supported, and it must be used
152 on a port other than the normal
155 .It Fl D Ar debugmode
156 This option may be used for debugging purposes.
159 to print out debugging information
160 to the connection, allowing the user to see what
163 There are several possible values for
165 .Bl -tag -width exercise
167 Print information about the negotiation of
173 information, plus some additional information
174 about what processing is going on.
176 Display the data stream received by
179 Display data written to the pty.
181 Has not been implemented yet.
184 Enable debugging on each socket created by
193 has been compiled with support for data encryption, then the
195 option may be used to enable encryption debugging code.
197 Disable the printing of host-specific information before
198 login has been completed.
200 This option is only useful if
202 has been compiled with both linemode and kludge linemode
206 option is specified, then if the remote client does not
211 will operate in character at a time mode.
212 It will still support kludge linemode, but will only
213 go into kludge linemode if the remote client requests
215 (This is done by the client sending
216 .Dv DONT SUPPRESS-GO-AHEAD
221 option is most useful when there are remote clients
222 that do not support kludge linemode, but pass the heuristic
223 (if they respond with
227 for kludge linemode support.
230 Try to force clients to use line-at-a-time mode.
233 option is not supported, it will go
234 into kludge linemode.
243 keep-alive mechanism to probe connections that
244 have been idle for some period of time to determine
245 if the client is still there, so that idle connections
246 from machines that have crashed or can no longer
247 be reached may be cleaned up.
248 .It Fl p Ar loginprog
251 command to run to complete the login.
252 The alternate command must
253 understand the same command arguments as the standard login.
255 Sets the IP type-of-service (TOS) option for the telnet
256 connection to the value
258 which can be a numeric TOS value or, on systems that support it, a symbolic
259 TOS name found in the
263 This option is used to specify the size of the field
266 structure that holds the remote host name.
267 If the resolved host name is longer than
269 the dotted decimal value will be used instead.
270 This allows hosts with very long host names that
271 overflow this field to still be uniquely identified.
274 indicates that only dotted decimal addresses
275 should be put into the
281 to refuse connections from addresses that
282 cannot be mapped back into a symbolic name
287 This option is only valid if
289 has been built with support for the authentication option.
290 It disables the use of
293 can be used to temporarily disable
294 a specific authentication type without having to recompile
299 .Ar KERBEROS_V4, Ar KERBEROS_V5, Ar SPX, Ar MINK,
302 These options are completely independent of the
308 operates by allocating a pseudo-terminal device (see
310 for a client, then creating a login process which has
311 the slave side of the pseudo-terminal as
317 manipulates the master side of the pseudo-terminal,
320 protocol and passing characters
321 between the remote client and the login process.
325 session is started up,
329 options to the client side indicating
330 a willingness to do the
333 options, which are described in more detail below:
334 .Bd -literal -offset indent
342 WILL SUPPRESS GO AHEAD
351 The pseudo-terminal allocated to the client is configured
361 has support for enabling locally the following
364 .Bl -tag -width "DO AUTHENTICATION"
372 will be sent to the client to indicate the
373 current state of terminal echoing.
374 When terminal echo is not desired, a
376 is sent to indicate that
378 will take care of echoing any data that needs to be
379 echoed to the terminal, and then nothing is echoed.
380 When terminal echo is desired, a
382 is sent to indicate that
384 will not be doing any terminal echoing, so the
385 client should do any terminal echoing that is needed.
387 Indicate that the client is willing to send a
388 8 bits of data, rather than the normal 7 bits
389 of the Network Virtual Terminal.
391 Indicate that it will not be sending
395 Indicate a willingness to send the client, upon
396 request, of the current status of all
399 .It "WILL TIMING-MARK"
402 command is received, it is always responded
404 .Dv WILL TIMING-MARK .
410 is sent in response, and the
412 session is shut down.
416 is compiled with support for data encryption, and
417 indicates a willingness to decrypt
422 has support for enabling remotely the following
425 .Bl -tag -width "DO AUTHENTICATION"
427 Sent to indicate that
429 is willing to receive an 8 bit data stream.
431 Requests that the client handle flow control
434 This is not really supported, but is sent to identify a
437 client, which will improperly respond with
443 will be sent in response.
444 .It "DO TERMINAL-TYPE"
445 Indicate a desire to be able to request the
446 name of the type of terminal that is attached
447 to the client side of the connection.
449 Indicate that it does not need to receive
451 the go ahead command.
453 Requests that the client inform the server when
454 the window (display) size changes.
455 .It "DO TERMINAL-SPEED"
456 Indicate a desire to be able to request information
457 about the speed of the serial line to which
458 the client is attached.
460 Indicate a desire to be able to request the name
461 of the X Window System display that is associated with
464 Indicate a desire to be able to request environment
465 variable information, as described in RFC 1572.
467 Indicate a desire to be able to request environment
468 variable information, as described in RFC 1408.
472 is compiled with support for linemode, and
473 requests that the client do line by line processing.
477 is compiled with support for both linemode and
478 kludge linemode, and the client responded with
480 If the client responds with
482 the it is assumed that the client supports
486 option can be used to disable this.
487 .It "DO AUTHENTICATION"
490 is compiled with support for authentication, and
491 indicates a willingness to receive authentication
492 information for automatic login.
496 is compiled with support for data encryption, and
497 indicates a willingness to decrypt
510 and use that information (if present) to determine
511 what to display before the login: prompt.
513 also use a System V style
517 capability, which will override
519 The information specified in either
523 will be displayed to both console and remote logins.
526 .Bl -tag -width /usr/ucb/bftp -compact
541 .Bl -tag -compact -width RFC-1572
544 PROTOCOL SPECIFICATION
546 TELNET OPTION SPECIFICATIONS
548 TELNET BINARY TRANSMISSION
552 TELNET SUPPRESS GO AHEAD OPTION
556 TELNET TIMING MARK OPTION
558 TELNET EXTENDED OPTIONS - LIST OPTION
560 TELNET END OF RECORD OPTION
562 Telnet Window Size Option
564 Telnet Terminal Speed Option
566 Telnet Terminal-Type Option
568 Telnet X Display Location Option
570 Requirements for Internet Hosts -- Application and Support
572 Telnet Linemode Option
574 Telnet Remote Flow Control Option
576 Telnet Authentication Option
578 Telnet Authentication: Kerberos Version 4
580 Telnet Authentication: SPX
582 Telnet Environment Option Interoperability Issues
584 Telnet Environment Option
587 IPv6 support was added by WIDE/KAME project.
591 commands are only partially implemented.
593 Because of bugs in the original
597 performs some dubious protocol exchanges to try to discover if the remote
598 client is, in fact, a
603 has no common interpretation except between similar operating systems
606 The terminal type name received from the remote client is converted to