1 .\" Copyright (c) 1983, 1993
2 .\" The Regents of the University of California. All rights reserved.
4 .\" Redistribution and use in source and binary forms, with or without
5 .\" modification, are permitted provided that the following conditions
7 .\" 1. Redistributions of source code must retain the above copyright
8 .\" notice, this list of conditions and the following disclaimer.
9 .\" 2. Redistributions in binary form must reproduce the above copyright
10 .\" notice, this list of conditions and the following disclaimer in the
11 .\" documentation and/or other materials provided with the distribution.
12 .\" 3. All advertising materials mentioning features or use of this software
13 .\" must display the following acknowledgement:
14 .\" This product includes software developed by the University of
15 .\" California, Berkeley and its contributors.
16 .\" 4. Neither the name of the University nor the names of its contributors
17 .\" may be used to endorse or promote products derived from this software
18 .\" without specific prior written permission.
20 .\" THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
21 .\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
22 .\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
23 .\" ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
24 .\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
25 .\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
26 .\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
27 .\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
28 .\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
29 .\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
32 .\" @(#)telnetd.8 8.4 (Berkeley) 6/1/94
49 .Op Fl r Ns Ar lowpty-highpty
52 .Op Fl L Ar /bin/login
58 command is a server which supports the
62 virtual terminal protocol.
64 is normally invoked by the internet server (see
66 for requests to connect to the
68 port as indicated by the
74 option may be used to start up
76 manually, instead of through
78 If started up this way,
80 may be specified to run
88 command accepts the following options:
89 .Bl -tag -width "-a authmode"
91 This option may be used for specifying what mode should
92 be used for authentication.
93 Note that this option is only useful if
95 has been compiled with support for the
98 There are several valid values for
100 .Bl -tag -width debug
102 Turns on authentication debugging code.
104 Only allow connections when the remote user
105 can provide valid authentication information
106 to identify the remote user,
107 and is allowed access to the specified account
108 without providing a password.
110 Only allow connections when the remote user
111 can provide valid authentication information
112 to identify the remote user.
115 command will provide any additional user verification
116 needed if the remote user is not allowed automatic
117 access to the specified account.
119 Only allow connections that supply some authentication information.
120 This option is currently not supported
121 by any of the existing authentication mechanisms,
122 and is thus the same as specifying
126 Only allow authenticated connections (as with
129 and also logins with one-time passwords (OTPs). This option will call
130 login with an option so that only OTPs are accepted. The user can of
131 course still type secret information at the prompt.
133 This is the default state.
134 Authentication information is not required.
135 If no or insufficient authentication information
136 is provided, then the
138 program will provide the necessary user
141 This disables the authentication code.
142 All user verification will happen through the
148 .It Fl D Ar debugmode
149 This option may be used for debugging purposes.
152 to print out debugging information
153 to the connection, allowing the user to see what
156 There are several possible values for
158 .Bl -tag -width exercise
160 Prints information about the negotiation of
166 information, plus some additional information
167 about what processing is going on.
169 Displays the data stream received by
172 Displays data written to the pty.
174 Has not been implemented yet.
177 Disables the printing of host-specific information before
178 login has been completed.
185 keep-alives. Normally
189 keep-alive mechanism to probe connections that
190 have been idle for some period of time to determine
191 if the client is still there, so that idle connections
192 from machines that have crashed or can no longer
193 be reached may be cleaned up.
194 .It Fl r Ar lowpty-highpty
195 This option is only enabled when
199 It specifies an inclusive range of pseudo-terminal devices to
200 use. If the system has sysconf variable
202 configured, the default pty search range is 0 to
204 otherwise, the default range is 0 to 128. Either
208 may be omitted to allow changing
209 either end of the search range. If
211 is omitted, the - character is still required so that
219 This option is used to specify the size of the field
222 structure that holds the remote host name.
223 If the resolved host name is longer than
225 the dotted decimal value will be used instead.
226 This allows hosts with very long host names that
227 overflow this field to still be uniquely identified.
230 indicates that only dotted decimal addresses
231 should be put into the
237 to refuse connections from addresses that
238 cannot be mapped back into a symbolic name
243 This option is only valid if
245 has been built with support for the authentication option.
246 It disables the use of
249 can be used to temporarily disable
250 a specific authentication type without having to recompile
253 Specify pathname to an alternative login program.
257 not warn when a user is trying to login with a cleartext password.
261 operates by allocating a pseudo-terminal device (see
263 for a client, then creating a login process which has
264 the slave side of the pseudo-terminal as
270 manipulates the master side of the pseudo-terminal,
273 protocol and passing characters
274 between the remote client and the login process.
278 session is started up,
282 options to the client side indicating
283 a willingness to do the
286 options, which are described in more detail below:
287 .Bd -literal -offset indent
295 WILL SUPPRESS GO AHEAD
304 The pseudo-terminal allocated to the client is configured
314 has support for enabling locally the following
317 .Bl -tag -width "DO AUTHENTICATION"
325 will be sent to the client to indicate the
326 current state of terminal echoing.
327 When terminal echo is not desired, a
329 is sent to indicate that
331 will take care of echoing any data that needs to be
332 echoed to the terminal, and then nothing is echoed.
333 When terminal echo is desired, a
335 is sent to indicate that
337 will not be doing any terminal echoing, so the
338 client should do any terminal echoing that is needed.
340 Indicates that the client is willing to send a
341 8 bits of data, rather than the normal 7 bits
342 of the Network Virtual Terminal.
344 Indicates that it will not be sending
348 Indicates a willingness to send the client, upon
349 request, of the current status of all
352 .It "WILL TIMING-MARK"
355 command is received, it is always responded
363 is sent in response, and the
365 session is shut down.
369 is compiled with support for data encryption, and
370 indicates a willingness to decrypt
375 has support for enabling remotely the following
378 .Bl -tag -width "DO AUTHENTICATION"
380 Sent to indicate that
382 is willing to receive an 8 bit data stream.
384 Requests that the client handle flow control
387 This is not really supported, but is sent to identify a 4.2BSD
389 client, which will improperly respond with
395 will be sent in response.
396 .It "DO TERMINAL-TYPE"
397 Indicates a desire to be able to request the
398 name of the type of terminal that is attached
399 to the client side of the connection.
401 Indicates that it does not need to receive
403 the go ahead command.
405 Requests that the client inform the server when
406 the window (display) size changes.
407 .It "DO TERMINAL-SPEED"
408 Indicates a desire to be able to request information
409 about the speed of the serial line to which
410 the client is attached.
412 Indicates a desire to be able to request the name
413 of the X windows display that is associated with
416 Indicates a desire to be able to request environment
417 variable information, as described in RFC 1572.
419 Indicates a desire to be able to request environment
420 variable information, as described in RFC 1408.
424 is compiled with support for linemode, and
425 requests that the client do line by line processing.
429 is compiled with support for both linemode and
430 kludge linemode, and the client responded with
432 If the client responds with
434 the it is assumed that the client supports
438 option can be used to disable this.
439 .It "DO AUTHENTICATION"
442 is compiled with support for authentication, and
443 indicates a willingness to receive authentication
444 information for automatic login.
448 is compiled with support for data encryption, and
449 indicates a willingness to decrypt
453 .Bl -tag -width /etc/services -compact
456 (UNICOS systems only)
464 .Bl -tag -compact -width RFC-1572
467 PROTOCOL SPECIFICATION
469 TELNET OPTION SPECIFICATIONS
471 TELNET BINARY TRANSMISSION
475 TELNET SUPPRESS GO AHEAD OPTION
479 TELNET TIMING MARK OPTION
481 TELNET EXTENDED OPTIONS - LIST OPTION
483 TELNET END OF RECORD OPTION
485 Telnet Window Size Option
487 Telnet Terminal Speed Option
489 Telnet Terminal-Type Option
491 Telnet X Display Location Option
493 Requirements for Internet Hosts -- Application and Support
495 Telnet Linemode Option
497 Telnet Remote Flow Control Option
499 Telnet Authentication Option
501 Telnet Authentication: Kerberos Version 4
503 Telnet Authentication: SPX
505 Telnet Environment Option Interoperability Issues
507 Telnet Environment Option
512 commands are only partially implemented.
514 Because of bugs in the original 4.2 BSD
517 performs some dubious protocol exchanges to try to discover if the remote
518 client is, in fact, a 4.2 BSD
522 has no common interpretation except between similar operating systems
525 The terminal type name received from the remote client is converted to