1 .\" Copyright (c) 1983, 1993
2 .\" The Regents of the University of California. All rights reserved.
4 .\" Redistribution and use in source and binary forms, with or without
5 .\" modification, are permitted provided that the following conditions
7 .\" 1. Redistributions of source code must retain the above copyright
8 .\" notice, this list of conditions and the following disclaimer.
9 .\" 2. Redistributions in binary form must reproduce the above copyright
10 .\" notice, this list of conditions and the following disclaimer in the
11 .\" documentation and/or other materials provided with the distribution.
12 .\" 3. All advertising materials mentioning features or use of this software
13 .\" must display the following acknowledgement:
14 .\" This product includes software developed by the University of
15 .\" California, Berkeley and its contributors.
16 .\" 4. Neither the name of the University nor the names of its contributors
17 .\" may be used to endorse or promote products derived from this software
18 .\" without specific prior written permission.
20 .\" THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
21 .\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
22 .\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
23 .\" ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
24 .\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
25 .\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
26 .\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
27 .\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
28 .\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
29 .\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
32 .\" @(#)telnetd.8 8.4 (Berkeley) 6/1/94
44 .Nm /usr/libexec/telnetd
53 .Op Fl debug Op Ar port
57 command is a server which supports the
61 virtual terminal protocol.
63 is normally invoked by the internet server (see
65 for requests to connect to the
67 port as indicated by the
73 option may be used to start up
75 manually, instead of through
77 If started up this way,
79 may be specified to run
87 command accepts the following options:
88 .Bl -tag -width indent
92 to use IPv4 addresses only.
96 to use IPv6 addresses only.
98 This option may be used for specifying what mode should
99 be used for authentication.
100 Note that this option is only useful if
102 has been compiled with support for the
105 There are several valid values for
107 .Bl -tag -width debug
109 Turn on authentication debugging code.
111 Only allow connections when the remote user
112 can provide valid authentication information
113 to identify the remote user,
114 and is allowed access to the specified account
115 without providing a password.
117 Only allow connections when the remote user
118 can provide valid authentication information
119 to identify the remote user.
122 command will provide any additional user verification
123 needed if the remote user is not allowed automatic
124 access to the specified account.
126 Only allow connections that supply some authentication information.
127 This option is currently not supported
128 by any of the existing authentication mechanisms,
129 and is thus the same as specifying
133 This is the default state.
134 Authentication information is not required.
135 If no or insufficient authentication information
136 is provided, then the
138 program will provide the necessary user
141 Disable the authentication code.
142 All user verification will happen through the
147 Specify bftp server mode.
150 causes login to start a
152 session rather than the user's
154 In bftp daemon mode normal
155 logins are not supported, and it must be used
156 on a port other than the normal
159 .It Fl D Ar debugmode
160 This option may be used for debugging purposes.
163 to print out debugging information
164 to the connection, allowing the user to see what
167 There are several possible values for
169 .Bl -tag -width exercise
171 Print information about the negotiation of
177 information, plus some additional information
178 about what processing is going on.
180 Display the data stream received by
183 Display data written to the pty.
185 Has not been implemented yet.
188 Enable debugging on each socket created by
197 has been compiled with support for data encryption, then the
199 option may be used to enable encryption debugging code.
201 Disable the printing of host-specific information before
202 login has been completed.
204 This option is only useful if
206 has been compiled with both linemode and kludge linemode
210 option is specified, then if the remote client does not
215 will operate in character at a time mode.
216 It will still support kludge linemode, but will only
217 go into kludge linemode if the remote client requests
219 (This is done by the client sending
220 .Dv DONT SUPPRESS-GO-AHEAD
225 option is most useful when there are remote clients
226 that do not support kludge linemode, but pass the heuristic
227 (if they respond with
231 for kludge linemode support.
234 Try to force clients to use line-at-a-time mode.
237 option is not supported, it will go
238 into kludge linemode.
247 keep-alive mechanism to probe connections that
248 have been idle for some period of time to determine
249 if the client is still there, so that idle connections
250 from machines that have crashed or can no longer
251 be reached may be cleaned up.
252 .It Fl p Ar loginprog
255 command to run to complete the login.
256 The alternate command must
257 understand the same command arguments as the standard login.
259 Sets the IP type-of-service (TOS) option for the telnet
260 connection to the value
262 which can be a numeric TOS value or, on systems that support it, a symbolic
263 TOS name found in the
267 This option is used to specify the size of the field
270 structure that holds the remote host name.
271 If the resolved host name is longer than
273 the dotted decimal value will be used instead.
274 This allows hosts with very long host names that
275 overflow this field to still be uniquely identified.
278 indicates that only dotted decimal addresses
279 should be put into the
285 to refuse connections from addresses that
286 cannot be mapped back into a symbolic name
291 This option is only valid if
293 has been built with support for the authentication option.
294 It disables the use of
297 can be used to temporarily disable
298 a specific authentication type without having to recompile
303 operates by allocating a pseudo-terminal device (see
305 for a client, then creating a login process which has
306 the slave side of the pseudo-terminal as
312 manipulates the master side of the pseudo-terminal,
315 protocol and passing characters
316 between the remote client and the login process.
320 session is started up,
324 options to the client side indicating
325 a willingness to do the
328 options, which are described in more detail below:
329 .Bd -literal -offset indent
337 WILL SUPPRESS GO AHEAD
346 The pseudo-terminal allocated to the client is configured
356 has support for enabling locally the following
359 .Bl -tag -width "DO AUTHENTICATION"
367 will be sent to the client to indicate the
368 current state of terminal echoing.
369 When terminal echo is not desired, a
371 is sent to indicate that
373 will take care of echoing any data that needs to be
374 echoed to the terminal, and then nothing is echoed.
375 When terminal echo is desired, a
377 is sent to indicate that
379 will not be doing any terminal echoing, so the
380 client should do any terminal echoing that is needed.
382 Indicate that the client is willing to send a
383 8 bits of data, rather than the normal 7 bits
384 of the Network Virtual Terminal.
386 Indicate that it will not be sending
390 Indicate a willingness to send the client, upon
391 request, of the current status of all
394 .It "WILL TIMING-MARK"
397 command is received, it is always responded
399 .Dv WILL TIMING-MARK .
405 is sent in response, and the
407 session is shut down.
411 is compiled with support for data encryption, and
412 indicates a willingness to decrypt
417 has support for enabling remotely the following
420 .Bl -tag -width "DO AUTHENTICATION"
422 Sent to indicate that
424 is willing to receive an 8 bit data stream.
426 Requests that the client handle flow control
429 This is not really supported, but is sent to identify a
432 client, which will improperly respond with
438 will be sent in response.
439 .It "DO TERMINAL-TYPE"
440 Indicate a desire to be able to request the
441 name of the type of terminal that is attached
442 to the client side of the connection.
444 Indicate that it does not need to receive
446 the go ahead command.
448 Requests that the client inform the server when
449 the window (display) size changes.
450 .It "DO TERMINAL-SPEED"
451 Indicate a desire to be able to request information
452 about the speed of the serial line to which
453 the client is attached.
455 Indicate a desire to be able to request the name
456 of the X Window System display that is associated with
459 Indicate a desire to be able to request environment
460 variable information, as described in RFC 1572.
462 Indicate a desire to be able to request environment
463 variable information, as described in RFC 1408.
467 is compiled with support for linemode, and
468 requests that the client do line by line processing.
472 is compiled with support for both linemode and
473 kludge linemode, and the client responded with
475 If the client responds with
477 the it is assumed that the client supports
481 option can be used to disable this.
482 .It "DO AUTHENTICATION"
485 is compiled with support for authentication, and
486 indicates a willingness to receive authentication
487 information for automatic login.
491 is compiled with support for data encryption, and
492 indicates a willingness to decrypt
505 and use that information (if present) to determine
506 what to display before the login: prompt.
508 also use a System V style
512 capability, which will override
514 The information specified in either
518 will be displayed to both console and remote logins.
521 .Bl -tag -width /usr/ucb/bftp -compact
536 .Bl -tag -compact -width RFC-1572
539 PROTOCOL SPECIFICATION
541 TELNET OPTION SPECIFICATIONS
543 TELNET BINARY TRANSMISSION
547 TELNET SUPPRESS GO AHEAD OPTION
551 TELNET TIMING MARK OPTION
553 TELNET EXTENDED OPTIONS - LIST OPTION
555 TELNET END OF RECORD OPTION
557 Telnet Window Size Option
559 Telnet Terminal Speed Option
561 Telnet Terminal-Type Option
563 Telnet X Display Location Option
565 Requirements for Internet Hosts -- Application and Support
567 Telnet Linemode Option
569 Telnet Remote Flow Control Option
571 Telnet Authentication Option
573 Telnet Authentication: Kerberos Version 4
575 Telnet Authentication: SPX
577 Telnet Environment Option Interoperability Issues
579 Telnet Environment Option
582 IPv6 support was added by WIDE/KAME project.
586 commands are only partially implemented.
588 Because of bugs in the original
592 performs some dubious protocol exchanges to try to discover if the remote
593 client is, in fact, a
598 has no common interpretation except between similar operating systems
601 The terminal type name received from the remote client is converted to