1 .\" Copyright (c) 1983, 1993
2 .\" The Regents of the University of California. All rights reserved.
4 .\" Redistribution and use in source and binary forms, with or without
5 .\" modification, are permitted provided that the following conditions
7 .\" 1. Redistributions of source code must retain the above copyright
8 .\" notice, this list of conditions and the following disclaimer.
9 .\" 2. Redistributions in binary form must reproduce the above copyright
10 .\" notice, this list of conditions and the following disclaimer in the
11 .\" documentation and/or other materials provided with the distribution.
12 .\" 3. All advertising materials mentioning features or use of this software
13 .\" must display the following acknowledgement:
14 .\" This product includes software developed by the University of
15 .\" California, Berkeley and its contributors.
16 .\" 4. Neither the name of the University nor the names of its contributors
17 .\" may be used to endorse or promote products derived from this software
18 .\" without specific prior written permission.
20 .\" THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
21 .\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
22 .\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
23 .\" ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
24 .\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
25 .\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
26 .\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
27 .\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
28 .\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
29 .\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
32 .\" @(#)telnetd.8 8.4 (Berkeley) 6/1/94
49 .Op Fl r Ns Ar lowpty-highpty
52 .Op Fl L Ar /bin/login
57 command is a server which supports the
61 virtual terminal protocol.
63 is normally invoked by the internet server (see
65 for requests to connect to the
67 port as indicated by the
73 option may be used to start up
75 manually, instead of through
77 If started up this way,
79 may be specified to run
87 command accepts the following options:
88 .Bl -tag -width "-a authmode"
90 This option may be used for specifying what mode should
91 be used for authentication.
92 Note that this option is only useful if
94 has been compiled with support for the
97 There are several valid values for
101 Turns on authentication debugging code.
103 Only allow connections when the remote user
104 can provide valid authentication information
105 to identify the remote user,
106 and is allowed access to the specified account
107 without providing a password.
109 Only allow connections when the remote user
110 can provide valid authentication information
111 to identify the remote user.
114 command will provide any additional user verification
115 needed if the remote user is not allowed automatic
116 access to the specified account.
118 Only allow connections that supply some authentication information.
119 This option is currently not supported
120 by any of the existing authentication mechanisms,
121 and is thus the same as specifying
125 Only allow authenticated connections (as with
128 and also logins with one-time passwords (OTPs). This option will call
129 login with an option so that only OTPs are accepted. The user can of
130 course still type secret information at the prompt.
132 This is the default state.
133 Authentication information is not required.
134 If no or insufficient authentication information
135 is provided, then the
137 program will provide the necessary user
140 This disables the authentication code.
141 All user verification will happen through the
147 .It Fl D Ar debugmode
148 This option may be used for debugging purposes.
151 to print out debugging information
152 to the connection, allowing the user to see what
155 There are several possible values for
157 .Bl -tag -width exercise
159 Prints information about the negotiation of
165 information, plus some additional information
166 about what processing is going on.
168 Displays the data stream received by
171 Displays data written to the pty.
173 Has not been implemented yet.
176 Disables the printing of host-specific information before
177 login has been completed.
184 keep-alives. Normally
188 keep-alive mechanism to probe connections that
189 have been idle for some period of time to determine
190 if the client is still there, so that idle connections
191 from machines that have crashed or can no longer
192 be reached may be cleaned up.
193 .It Fl r Ar lowpty-highpty
194 This option is only enabled when
198 It specifies an inclusive range of pseudo-terminal devices to
199 use. If the system has sysconf variable
201 configured, the default pty search range is 0 to
203 otherwise, the default range is 0 to 128. Either
207 may be omitted to allow changing
208 either end of the search range. If
210 is omitted, the - character is still required so that
218 This option is used to specify the size of the field
221 structure that holds the remote host name.
222 If the resolved host name is longer than
224 the dotted decimal value will be used instead.
225 This allows hosts with very long host names that
226 overflow this field to still be uniquely identified.
229 indicates that only dotted decimal addresses
230 should be put into the
237 to refuse connections from addresses that
238 cannot be mapped back into a symbolic name
243 This option is only valid if
245 has been built with support for the authentication option.
246 It disables the use of
249 can be used to temporarily disable
250 a specific authentication type without having to recompile
253 Specify pathname to an alternative login program.
257 operates by allocating a pseudo-terminal device (see
259 for a client, then creating a login process which has
260 the slave side of the pseudo-terminal as
266 manipulates the master side of the pseudo-terminal,
269 protocol and passing characters
270 between the remote client and the login process.
274 session is started up,
278 options to the client side indicating
279 a willingness to do the
282 options, which are described in more detail below:
283 .Bd -literal -offset indent
291 WILL SUPPRESS GO AHEAD
300 The pseudo-terminal allocated to the client is configured
310 has support for enabling locally the following
313 .Bl -tag -width "DO AUTHENTICATION"
321 will be sent to the client to indicate the
322 current state of terminal echoing.
323 When terminal echo is not desired, a
325 is sent to indicate that
327 will take care of echoing any data that needs to be
328 echoed to the terminal, and then nothing is echoed.
329 When terminal echo is desired, a
331 is sent to indicate that
333 will not be doing any terminal echoing, so the
334 client should do any terminal echoing that is needed.
336 Indicates that the client is willing to send a
337 8 bits of data, rather than the normal 7 bits
338 of the Network Virtual Terminal.
340 Indicates that it will not be sending
344 Indicates a willingness to send the client, upon
345 request, of the current status of all
348 .It "WILL TIMING-MARK"
351 command is received, it is always responded
360 is sent in response, and the
362 session is shut down.
366 is compiled with support for data encryption, and
367 indicates a willingness to decrypt
372 has support for enabling remotely the following
375 .Bl -tag -width "DO AUTHENTICATION"
377 Sent to indicate that
379 is willing to receive an 8 bit data stream.
381 Requests that the client handle flow control
384 This is not really supported, but is sent to identify a 4.2BSD
386 client, which will improperly respond with
392 will be sent in response.
393 .It "DO TERMINAL-TYPE"
394 Indicates a desire to be able to request the
395 name of the type of terminal that is attached
396 to the client side of the connection.
398 Indicates that it does not need to receive
400 the go ahead command.
402 Requests that the client inform the server when
403 the window (display) size changes.
404 .It "DO TERMINAL-SPEED"
405 Indicates a desire to be able to request information
406 about the speed of the serial line to which
407 the client is attached.
409 Indicates a desire to be able to request the name
410 of the X windows display that is associated with
413 Indicates a desire to be able to request environment
414 variable information, as described in RFC 1572.
416 Indicates a desire to be able to request environment
417 variable information, as described in RFC 1408.
421 is compiled with support for linemode, and
422 requests that the client do line by line processing.
426 is compiled with support for both linemode and
427 kludge linemode, and the client responded with
429 If the client responds with
431 the it is assumed that the client supports
435 option can be used to disable this.
436 .It "DO AUTHENTICATION"
439 is compiled with support for authentication, and
440 indicates a willingness to receive authentication
441 information for automatic login.
445 is compiled with support for data encryption, and
446 indicates a willingness to decrypt
454 (UNICOS systems only)
463 .Bl -tag -compact -width RFC-1572
466 PROTOCOL SPECIFICATION
468 TELNET OPTION SPECIFICATIONS
470 TELNET BINARY TRANSMISSION
474 TELNET SUPPRESS GO AHEAD OPTION
478 TELNET TIMING MARK OPTION
480 TELNET EXTENDED OPTIONS - LIST OPTION
482 TELNET END OF RECORD OPTION
484 Telnet Window Size Option
486 Telnet Terminal Speed Option
488 Telnet Terminal-Type Option
490 Telnet X Display Location Option
492 Requirements for Internet Hosts -- Application and Support
494 Telnet Linemode Option
496 Telnet Remote Flow Control Option
498 Telnet Authentication Option
500 Telnet Authentication: Kerberos Version 4
502 Telnet Authentication: SPX
504 Telnet Environment Option Interoperability Issues
506 Telnet Environment Option
511 commands are only partially implemented.
513 Because of bugs in the original 4.2 BSD
516 performs some dubious protocol exchanges to try to discover if the remote
517 client is, in fact, a 4.2 BSD
521 has no common interpretation except between similar operating systems
524 The terminal type name received from the remote client is converted to