1 .\" Copyright (c) 1983, 1993
2 .\" The Regents of the University of California. All rights reserved.
4 .\" Redistribution and use in source and binary forms, with or without
5 .\" modification, are permitted provided that the following conditions
7 .\" 1. Redistributions of source code must retain the above copyright
8 .\" notice, this list of conditions and the following disclaimer.
9 .\" 2. Redistributions in binary form must reproduce the above copyright
10 .\" notice, this list of conditions and the following disclaimer in the
11 .\" documentation and/or other materials provided with the distribution.
12 .\" 3. All advertising materials mentioning features or use of this software
13 .\" must display the following acknowledgement:
14 .\" This product includes software developed by the University of
15 .\" California, Berkeley and its contributors.
16 .\" 4. Neither the name of the University nor the names of its contributors
17 .\" may be used to endorse or promote products derived from this software
18 .\" without specific prior written permission.
20 .\" THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
21 .\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
22 .\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
23 .\" ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
24 .\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
25 .\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
26 .\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
27 .\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
28 .\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
29 .\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
32 .\" @(#)telnetd.8 8.4 (Berkeley) 6/1/94
43 .Nm /usr/libexec/telnetd
52 .Op Fl r Ns Ar lowpty-highpty
54 .Op Fl debug Op Ar port
58 command is a server which supports the
62 virtual terminal protocol.
64 is normally invoked by the internet server (see
66 for requests to connect to the
68 port as indicated by the
74 option may be used to start up
76 manually, instead of through
78 If started up this way,
80 may be specified to run
88 command accepts the following options:
89 .Bl -tag -width indent
91 This option may be used for specifying what mode should
92 be used for authentication.
93 Note that this option is only useful if
95 has been compiled with support for the
98 There are several valid values for
100 .Bl -tag -width debug
102 Turn on authentication debugging code.
104 Only allow connections when the remote user
105 can provide valid authentication information
106 to identify the remote user,
107 and is allowed access to the specified account
108 without providing a password.
110 Only allow connections when the remote user
111 can provide valid authentication information
112 to identify the remote user.
115 command will provide any additional user verification
116 needed if the remote user is not allowed automatic
117 access to the specified account.
119 Only allow connections that supply some authentication information.
120 This option is currently not supported
121 by any of the existing authentication mechanisms,
122 and is thus the same as specifying
126 This is the default state.
127 Authentication information is not required.
128 If no or insufficient authentication information
129 is provided, then the
131 program will provide the necessary user
134 Disable the authentication code.
135 All user verification will happen through the
140 Specify bftp server mode. In this mode,
142 causes login to start a
144 session rather than the user's
145 normal shell. In bftp daemon mode normal
146 logins are not supported, and it must be used
147 on a port other than the normal
150 .It Fl D Ar debugmode
151 This option may be used for debugging purposes.
154 to print out debugging information
155 to the connection, allowing the user to see what
158 There are several possible values for
160 .Bl -tag -width exercise
162 Print information about the negotiation of
168 information, plus some additional information
169 about what processing is going on.
171 Display the data stream received by
174 Display data written to the pty.
176 Has not been implemented yet.
179 Enable debugging on each socket created by
188 has been compiled with support for data encryption, then the
190 option may be used to enable encryption debugging code.
191 .It Fl p Ar loginprog
194 command to run to complete the login. The alternate command must
195 understand the same command arguments as the standard login.
197 Disable the printing of host-specific information before
198 login has been completed.
200 This option is only applicable to
202 systems prior to 7.0.
207 to use when init starts login sessions. The default
212 This option is only useful if
214 has been compiled with both linemode and kludge linemode
217 option is specified, then if the remote client does not
222 will operate in character at a time mode.
223 It will still support kludge linemode, but will only
224 go into kludge linemode if the remote client requests
226 (This is done by the client sending
227 .Dv DONT SUPPRESS-GO-AHEAD
232 option is most useful when there are remote clients
233 that do not support kludge linemode, but pass the heuristic
234 (if they respond with
238 for kludge linemode support.
240 Specify line mode. Try to force clients to use line-
244 option is not supported, it will go
245 into kludge linemode.
249 keep-alives. Normally
253 keep-alive mechanism to probe connections that
254 have been idle for some period of time to determine
255 if the client is still there, so that idle connections
256 from machines that have crashed or can no longer
257 be reached may be cleaned up.
258 .It Fl r Ar lowpty-highpty
259 This option is only enabled when
263 It specifies an inclusive range of pseudo-terminal devices to
264 use. If the system has sysconf variable
266 configured, the default pty search range is 0 to
268 otherwise, the default range is 0 to 128. Either
272 may be omitted to allow changing
273 either end of the search range. If
275 is omitted, the - character is still required so that
282 This option is only enabled if
284 is compiled with support for
289 option to be passed on to
291 and thus is only useful if
295 flag to indicate that only
297 validated logins are allowed, and is
298 usually useful for controlling remote logins
299 from outside of a firewall.
302 This option is used to specify the size of the field
305 structure that holds the remote host name.
306 If the resolved host name is longer than
308 the dotted decimal value will be used instead.
309 This allows hosts with very long host names that
310 overflow this field to still be uniquely identified.
313 indicates that only dotted decimal addresses
314 should be put into the
321 to refuse connections from addresses that
322 cannot be mapped back into a symbolic name
327 This option is only valid if
329 has been built with support for the authentication option.
330 It disables the use of
333 can be used to temporarily disable
334 a specific authentication type without having to recompile
339 operates by allocating a pseudo-terminal device (see
341 for a client, then creating a login process which has
342 the slave side of the pseudo-terminal as
348 manipulates the master side of the pseudo-terminal,
351 protocol and passing characters
352 between the remote client and the login process.
356 session is started up,
360 options to the client side indicating
361 a willingness to do the
364 options, which are described in more detail below:
365 .Bd -literal -offset indent
373 WILL SUPPRESS GO AHEAD
382 The pseudo-terminal allocated to the client is configured
383 to operate in \*(lqcooked\*(rq mode, and with
390 has support for enabling locally the following
393 .Bl -tag -width "DO AUTHENTICATION"
401 will be sent to the client to indicate the
402 current state of terminal echoing.
403 When terminal echo is not desired, a
405 is sent to indicate that
407 will take care of echoing any data that needs to be
408 echoed to the terminal, and then nothing is echoed.
409 When terminal echo is desired, a
411 is sent to indicate that
413 will not be doing any terminal echoing, so the
414 client should do any terminal echoing that is needed.
416 Indicate that the client is willing to send a
417 8 bits of data, rather than the normal 7 bits
418 of the Network Virtual Terminal.
420 Indicate that it will not be sending
424 Indicate a willingness to send the client, upon
425 request, of the current status of all
428 .It "WILL TIMING-MARK"
431 command is received, it is always responded
440 is sent in response, and the
442 session is shut down.
446 is compiled with support for data encryption, and
447 indicates a willingness to decrypt
452 has support for enabling remotely the following
455 .Bl -tag -width "DO AUTHENTICATION"
457 Sent to indicate that
459 is willing to receive an 8 bit data stream.
461 Requests that the client handle flow control
464 This is not really supported, but is sent to identify a 4.2BSD
466 client, which will improperly respond with
472 will be sent in response.
473 .It "DO TERMINAL-TYPE"
474 Indicate a desire to be able to request the
475 name of the type of terminal that is attached
476 to the client side of the connection.
478 Indicate that it does not need to receive
480 the go ahead command.
482 Requests that the client inform the server when
483 the window (display) size changes.
484 .It "DO TERMINAL-SPEED"
485 Indicate a desire to be able to request information
486 about the speed of the serial line to which
487 the client is attached.
489 Indicate a desire to be able to request the name
490 of the X Window System display that is associated with
493 Indicate a desire to be able to request environment
494 variable information, as described in RFC 1572.
496 Indicate a desire to be able to request environment
497 variable information, as described in RFC 1408.
501 is compiled with support for linemode, and
502 requests that the client do line by line processing.
506 is compiled with support for both linemode and
507 kludge linemode, and the client responded with
509 If the client responds with
511 the it is assumed that the client supports
515 option can be used to disable this.
516 .It "DO AUTHENTICATION"
519 is compiled with support for authentication, and
520 indicates a willingness to receive authentication
521 information for automatic login.
525 is compiled with support for data encryption, and
526 indicates a willingness to decrypt
530 .Bl -tag -width /usr/ucb/bftp -compact
533 (UNICOS systems only)
545 .Bl -tag -compact -width RFC-1572
548 PROTOCOL SPECIFICATION
550 TELNET OPTION SPECIFICATIONS
552 TELNET BINARY TRANSMISSION
556 TELNET SUPPRESS GO AHEAD OPTION
560 TELNET TIMING MARK OPTION
562 TELNET EXTENDED OPTIONS - LIST OPTION
564 TELNET END OF RECORD OPTION
566 Telnet Window Size Option
568 Telnet Terminal Speed Option
570 Telnet Terminal-Type Option
572 Telnet X Display Location Option
574 Requirements for Internet Hosts -- Application and Support
576 Telnet Linemode Option
578 Telnet Remote Flow Control Option
580 Telnet Authentication Option
582 Telnet Authentication: Kerberos Version 4
584 Telnet Authentication: SPX
586 Telnet Environment Option Interoperability Issues
588 Telnet Environment Option
592 commands are only partially implemented.
594 Because of bugs in the original 4.2 BSD
597 performs some dubious protocol exchanges to try to discover if the remote
598 client is, in fact, a 4.2 BSD
602 has no common interpretation except between similar operating systems
605 The terminal type name received from the remote client is converted to