1 .\" Copyright (c) 1983, 1993
2 .\" The Regents of the University of California. All rights reserved.
4 .\" Redistribution and use in source and binary forms, with or without
5 .\" modification, are permitted provided that the following conditions
7 .\" 1. Redistributions of source code must retain the above copyright
8 .\" notice, this list of conditions and the following disclaimer.
9 .\" 2. Redistributions in binary form must reproduce the above copyright
10 .\" notice, this list of conditions and the following disclaimer in the
11 .\" documentation and/or other materials provided with the distribution.
12 .\" 3. All advertising materials mentioning features or use of this software
13 .\" must display the following acknowledgement:
14 .\" This product includes software developed by the University of
15 .\" California, Berkeley and its contributors.
16 .\" 4. Neither the name of the University nor the names of its contributors
17 .\" may be used to endorse or promote products derived from this software
18 .\" without specific prior written permission.
20 .\" THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
21 .\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
22 .\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
23 .\" ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
24 .\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
25 .\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
26 .\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
27 .\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
28 .\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
29 .\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
32 .\" @(#)telnetd.8 8.4 (Berkeley) 6/1/94
44 .Nm /usr/libexec/telnetd
53 .Op Fl r Ns Ar lowpty-highpty
55 .Op Fl debug Op Ar port
59 command is a server which supports the
63 virtual terminal protocol.
65 is normally invoked by the internet server (see
67 for requests to connect to the
69 port as indicated by the
75 option may be used to start up
77 manually, instead of through
79 If started up this way,
81 may be specified to run
89 command accepts the following options:
90 .Bl -tag -width indent
92 This option may be used for specifying what mode should
93 be used for authentication.
94 Note that this option is only useful if
96 has been compiled with support for the
99 There are several valid values for
101 .Bl -tag -width debug
103 Turn on authentication debugging code.
105 Only allow connections when the remote user
106 can provide valid authentication information
107 to identify the remote user,
108 and is allowed access to the specified account
109 without providing a password.
111 Only allow connections when the remote user
112 can provide valid authentication information
113 to identify the remote user.
116 command will provide any additional user verification
117 needed if the remote user is not allowed automatic
118 access to the specified account.
120 Only allow connections that supply some authentication information.
121 This option is currently not supported
122 by any of the existing authentication mechanisms,
123 and is thus the same as specifying
127 This is the default state.
128 Authentication information is not required.
129 If no or insufficient authentication information
130 is provided, then the
132 program will provide the necessary user
135 Disable the authentication code.
136 All user verification will happen through the
141 Specify bftp server mode. In this mode,
143 causes login to start a
145 session rather than the user's
146 normal shell. In bftp daemon mode normal
147 logins are not supported, and it must be used
148 on a port other than the normal
151 .It Fl D Ar debugmode
152 This option may be used for debugging purposes.
155 to print out debugging information
156 to the connection, allowing the user to see what
159 There are several possible values for
161 .Bl -tag -width exercise
163 Print information about the negotiation of
169 information, plus some additional information
170 about what processing is going on.
172 Display the data stream received by
175 Display data written to the pty.
177 Has not been implemented yet.
180 Enable debugging on each socket created by
189 has been compiled with support for data encryption, then the
191 option may be used to enable encryption debugging code.
192 .It Fl p Ar loginprog
195 command to run to complete the login. The alternate command must
196 understand the same command arguments as the standard login.
198 Disable the printing of host-specific information before
199 login has been completed.
201 This option is only applicable to
203 systems prior to 7.0.
208 to use when init starts login sessions. The default
213 This option is only useful if
215 has been compiled with both linemode and kludge linemode
218 option is specified, then if the remote client does not
223 will operate in character at a time mode.
224 It will still support kludge linemode, but will only
225 go into kludge linemode if the remote client requests
227 (This is done by the client sending
228 .Dv DONT SUPPRESS-GO-AHEAD
233 option is most useful when there are remote clients
234 that do not support kludge linemode, but pass the heuristic
235 (if they respond with
239 for kludge linemode support.
241 Specify line mode. Try to force clients to use line-
245 option is not supported, it will go
246 into kludge linemode.
250 keep-alives. Normally
254 keep-alive mechanism to probe connections that
255 have been idle for some period of time to determine
256 if the client is still there, so that idle connections
257 from machines that have crashed or can no longer
258 be reached may be cleaned up.
259 .It Fl r Ar lowpty-highpty
260 This option is only enabled when
264 It specifies an inclusive range of pseudo-terminal devices to
265 use. If the system has sysconf variable
267 configured, the default pty search range is 0 to
269 otherwise, the default range is 0 to 128. Either
273 may be omitted to allow changing
274 either end of the search range. If
276 is omitted, the - character is still required so that
283 This option is only enabled if
285 is compiled with support for
290 option to be passed on to
292 and thus is only useful if
296 flag to indicate that only
298 validated logins are allowed, and is
299 usually useful for controlling remote logins
300 from outside of a firewall.
303 This option is used to specify the size of the field
306 structure that holds the remote host name.
307 If the resolved host name is longer than
309 the dotted decimal value will be used instead.
310 This allows hosts with very long host names that
311 overflow this field to still be uniquely identified.
314 indicates that only dotted decimal addresses
315 should be put into the
322 to refuse connections from addresses that
323 cannot be mapped back into a symbolic name
328 This option is only valid if
330 has been built with support for the authentication option.
331 It disables the use of
334 can be used to temporarily disable
335 a specific authentication type without having to recompile
340 operates by allocating a pseudo-terminal device (see
342 for a client, then creating a login process which has
343 the slave side of the pseudo-terminal as
349 manipulates the master side of the pseudo-terminal,
352 protocol and passing characters
353 between the remote client and the login process.
357 session is started up,
361 options to the client side indicating
362 a willingness to do the
365 options, which are described in more detail below:
366 .Bd -literal -offset indent
374 WILL SUPPRESS GO AHEAD
383 The pseudo-terminal allocated to the client is configured
384 to operate in \*(lqcooked\*(rq mode, and with
391 has support for enabling locally the following
394 .Bl -tag -width "DO AUTHENTICATION"
402 will be sent to the client to indicate the
403 current state of terminal echoing.
404 When terminal echo is not desired, a
406 is sent to indicate that
408 will take care of echoing any data that needs to be
409 echoed to the terminal, and then nothing is echoed.
410 When terminal echo is desired, a
412 is sent to indicate that
414 will not be doing any terminal echoing, so the
415 client should do any terminal echoing that is needed.
417 Indicate that the client is willing to send a
418 8 bits of data, rather than the normal 7 bits
419 of the Network Virtual Terminal.
421 Indicate that it will not be sending
425 Indicate a willingness to send the client, upon
426 request, of the current status of all
429 .It "WILL TIMING-MARK"
432 command is received, it is always responded
441 is sent in response, and the
443 session is shut down.
447 is compiled with support for data encryption, and
448 indicates a willingness to decrypt
453 has support for enabling remotely the following
456 .Bl -tag -width "DO AUTHENTICATION"
458 Sent to indicate that
460 is willing to receive an 8 bit data stream.
462 Requests that the client handle flow control
465 This is not really supported, but is sent to identify a 4.2BSD
467 client, which will improperly respond with
473 will be sent in response.
474 .It "DO TERMINAL-TYPE"
475 Indicate a desire to be able to request the
476 name of the type of terminal that is attached
477 to the client side of the connection.
479 Indicate that it does not need to receive
481 the go ahead command.
483 Requests that the client inform the server when
484 the window (display) size changes.
485 .It "DO TERMINAL-SPEED"
486 Indicate a desire to be able to request information
487 about the speed of the serial line to which
488 the client is attached.
490 Indicate a desire to be able to request the name
491 of the X Window System display that is associated with
494 Indicate a desire to be able to request environment
495 variable information, as described in RFC 1572.
497 Indicate a desire to be able to request environment
498 variable information, as described in RFC 1408.
502 is compiled with support for linemode, and
503 requests that the client do line by line processing.
507 is compiled with support for both linemode and
508 kludge linemode, and the client responded with
510 If the client responds with
512 the it is assumed that the client supports
516 option can be used to disable this.
517 .It "DO AUTHENTICATION"
520 is compiled with support for authentication, and
521 indicates a willingness to receive authentication
522 information for automatic login.
526 is compiled with support for data encryption, and
527 indicates a willingness to decrypt
531 .Bl -tag -width /usr/ucb/bftp -compact
534 (UNICOS systems only)
546 .Bl -tag -compact -width RFC-1572
549 PROTOCOL SPECIFICATION
551 TELNET OPTION SPECIFICATIONS
553 TELNET BINARY TRANSMISSION
557 TELNET SUPPRESS GO AHEAD OPTION
561 TELNET TIMING MARK OPTION
563 TELNET EXTENDED OPTIONS - LIST OPTION
565 TELNET END OF RECORD OPTION
567 Telnet Window Size Option
569 Telnet Terminal Speed Option
571 Telnet Terminal-Type Option
573 Telnet X Display Location Option
575 Requirements for Internet Hosts -- Application and Support
577 Telnet Linemode Option
579 Telnet Remote Flow Control Option
581 Telnet Authentication Option
583 Telnet Authentication: Kerberos Version 4
585 Telnet Authentication: SPX
587 Telnet Environment Option Interoperability Issues
589 Telnet Environment Option
593 commands are only partially implemented.
595 Because of bugs in the original 4.2 BSD
598 performs some dubious protocol exchanges to try to discover if the remote
599 client is, in fact, a 4.2 BSD
603 has no common interpretation except between similar operating systems
606 The terminal type name received from the remote client is converted to
615 IPv6 support was added by WIDE/KAME project.