1 .\" Copyright (c) 1983, 1993
2 .\" The Regents of the University of California. All rights reserved.
4 .\" Redistribution and use in source and binary forms, with or without
5 .\" modification, are permitted provided that the following conditions
7 .\" 1. Redistributions of source code must retain the above copyright
8 .\" notice, this list of conditions and the following disclaimer.
9 .\" 2. Redistributions in binary form must reproduce the above copyright
10 .\" notice, this list of conditions and the following disclaimer in the
11 .\" documentation and/or other materials provided with the distribution.
12 .\" 3. All advertising materials mentioning features or use of this software
13 .\" must display the following acknowledgement:
14 .\" This product includes software developed by the University of
15 .\" California, Berkeley and its contributors.
16 .\" 4. Neither the name of the University nor the names of its contributors
17 .\" may be used to endorse or promote products derived from this software
18 .\" without specific prior written permission.
20 .\" THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
21 .\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
22 .\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
23 .\" ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
24 .\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
25 .\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
26 .\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
27 .\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
28 .\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
29 .\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
32 .\" @(#)telnetd.8 8.3 (Berkeley) 3/1/94
33 .\" $FreeBSD: src/libexec/telnetd/telnetd.8,v 1.16.2.7 2001/08/16 10:44:21 ru Exp $
34 .\" $DragonFly: src/libexec/telnetd/telnetd.8,v 1.3 2006/02/17 19:33:32 swildner Exp $
45 .Nm /usr/libexec/telnetd
54 .Op Fl r Ns Ar lowpty-highpty
56 .Op Fl debug Op Ar port
60 command is a server which supports the
64 virtual terminal protocol.
66 is normally invoked by the internet server (see
68 for requests to connect to the
70 port as indicated by the
76 option may be used to start up
78 manually, instead of through
80 If started up this way,
82 may be specified to run
90 command accepts the following options:
91 .Bl -tag -width indent
93 This option may be used for specifying what mode should
94 be used for authentication.
95 Note that this option is only useful if
97 has been compiled with support for the
100 There are several valid values for
102 .Bl -tag -width debug
104 Turn on authentication debugging code.
106 Only allow connections when the remote user
107 can provide valid authentication information
108 to identify the remote user,
109 and is allowed access to the specified account
110 without providing a password.
112 Only allow connections when the remote user
113 can provide valid authentication information
114 to identify the remote user.
117 command will provide any additional user verification
118 needed if the remote user is not allowed automatic
119 access to the specified account.
121 Only allow connections that supply some authentication information.
122 This option is currently not supported
123 by any of the existing authentication mechanisms,
124 and is thus the same as specifying
128 This is the default state.
129 Authentication information is not required.
130 If no or insufficient authentication information
131 is provided, then the
133 program will provide the necessary user
136 Disable the authentication code.
137 All user verification will happen through the
141 .It Fl D Ar debugmode
142 This option may be used for debugging purposes.
145 to print out debugging information
146 to the connection, allowing the user to see what
149 There are several possible values for
151 .Bl -tag -width exercise
153 Print information about the negotiation of
159 information, plus some additional information
160 about what processing is going on.
162 Display the data stream received by
165 Display data written to the pty.
167 Has not been implemented yet.
170 Enable debugging on each socket created by
179 has been compiled with support for data encryption, then the
181 option may be used to enable encryption debugging code.
182 .It Fl p Ar loginprog
185 command to run to complete the login. The alternate command must
186 understand the same command arguments as the standard login.
188 Disable the printing of host-specific information before
189 login has been completed.
191 This option is only applicable to
193 systems prior to 7.0.
198 to use when init starts login sessions. The default
203 This option is only useful if
205 has been compiled with both linemode and kludge linemode
208 option is specified, then if the remote client does not
213 will operate in character at a time mode.
214 It will still support kludge linemode, but will only
215 go into kludge linemode if the remote client requests
217 (This is done by the client sending
218 .Dv DONT SUPPRESS-GO-AHEAD
223 option is most useful when there are remote clients
224 that do not support kludge linemode, but pass the heuristic
225 (if they respond with
229 for kludge linemode support.
231 Specify line mode. Try to force clients to use line-
235 option is not supported, it will go
236 into kludge linemode.
240 keep-alives. Normally
244 keep-alive mechanism to probe connections that
245 have been idle for some period of time to determine
246 if the client is still there, so that idle connections
247 from machines that have crashed or can no longer
248 be reached may be cleaned up.
249 .It Fl r Ar lowpty-highpty
250 This option is only enabled when
254 It specifies an inclusive range of pseudo-terminal devices to
255 use. If the system has sysconf variable
257 configured, the default pty search range is 0 to
259 otherwise, the default range is 0 to 128. Either
263 may be omitted to allow changing
264 either end of the search range. If
266 is omitted, the - character is still required so that
273 This option is only enabled if
275 is compiled with support for
280 option to be passed on to
282 and thus is only useful if
286 flag to indicate that only
288 validated logins are allowed, and is
289 usually useful for controlling remote logins
290 from outside of a firewall.
293 This option is used to specify the size of the field
296 structure that holds the remote host name.
297 If the resolved host name is longer than
299 the dotted decimal value will be used instead.
300 This allows hosts with very long host names that
301 overflow this field to still be uniquely identified.
304 indicates that only dotted decimal addresses
305 should be put into the
311 to refuse connections from addresses that
312 cannot be mapped back into a symbolic name
317 This option is only valid if
319 has been built with support for the authentication option.
320 It disables the use of
323 can be used to temporarily disable
324 a specific authentication type without having to recompile
329 operates by allocating a pseudo-terminal device (see
331 for a client, then creating a login process which has
332 the slave side of the pseudo-terminal as
338 manipulates the master side of the pseudo-terminal,
341 protocol and passing characters
342 between the remote client and the login process.
346 session is started up,
350 options to the client side indicating
351 a willingness to do the
354 options, which are described in more detail below:
355 .Bd -literal -offset indent
363 WILL SUPPRESS GO AHEAD
372 The pseudo-terminal allocated to the client is configured
382 has support for enabling locally the following
385 .Bl -tag -width "DO AUTHENTICATION"
393 will be sent to the client to indicate the
394 current state of terminal echoing.
395 When terminal echo is not desired, a
397 is sent to indicate that
399 will take care of echoing any data that needs to be
400 echoed to the terminal, and then nothing is echoed.
401 When terminal echo is desired, a
403 is sent to indicate that
405 will not be doing any terminal echoing, so the
406 client should do any terminal echoing that is needed.
408 Indicate that the client is willing to send a
409 8 bits of data, rather than the normal 7 bits
410 of the Network Virtual Terminal.
412 Indicate that it will not be sending
416 Indicate a willingness to send the client, upon
417 request, of the current status of all
420 .It "WILL TIMING-MARK"
423 command is received, it is always responded
425 .Dv WILL TIMING-MARK .
431 is sent in response, and the
433 session is shut down.
437 is compiled with support for data encryption, and
438 indicates a willingness to decrypt
443 has support for enabling remotely the following
446 .Bl -tag -width "DO AUTHENTICATION"
448 Sent to indicate that
450 is willing to receive an 8 bit data stream.
452 Requests that the client handle flow control
455 This is not really supported, but is sent to identify a
458 client, which will improperly respond with
464 will be sent in response.
465 .It "DO TERMINAL-TYPE"
466 Indicate a desire to be able to request the
467 name of the type of terminal that is attached
468 to the client side of the connection.
470 Indicate that it does not need to receive
472 the go ahead command.
474 Requests that the client inform the server when
475 the window (display) size changes.
476 .It "DO TERMINAL-SPEED"
477 Indicate a desire to be able to request information
478 about the speed of the serial line to which
479 the client is attached.
481 Indicate a desire to be able to request the name
482 of the X Window System display that is associated with
485 Indicate a desire to be able to request environment
486 variable information, as described in RFC 1572.
488 Indicate a desire to be able to request environment
489 variable information, as described in RFC 1408.
493 is compiled with support for linemode, and
494 requests that the client do line by line processing.
498 is compiled with support for both linemode and
499 kludge linemode, and the client responded with
501 If the client responds with
503 the it is assumed that the client supports
507 option can be used to disable this.
508 .It "DO AUTHENTICATION"
511 is compiled with support for authentication, and
512 indicates a willingness to receive authentication
513 information for automatic login.
517 is compiled with support for data encryption, and
518 indicates a willingness to decrypt
531 and use that information (if present) to determine
532 what to display before the login: prompt. You can
533 also use a System V style
537 capability, which will override
539 The information specified in either
543 will be displayed to both console and remote logins.
546 .Bl -tag -width /usr/ucb/bftp -compact
550 (UNICOS systems only)
563 .Bl -tag -compact -width RFC-1572
566 PROTOCOL SPECIFICATION
568 TELNET OPTION SPECIFICATIONS
570 TELNET BINARY TRANSMISSION
574 TELNET SUPPRESS GO AHEAD OPTION
578 TELNET TIMING MARK OPTION
580 TELNET EXTENDED OPTIONS - LIST OPTION
582 TELNET END OF RECORD OPTION
584 Telnet Window Size Option
586 Telnet Terminal Speed Option
588 Telnet Terminal-Type Option
590 Telnet X Display Location Option
592 Requirements for Internet Hosts -- Application and Support
594 Telnet Linemode Option
596 Telnet Remote Flow Control Option
598 Telnet Authentication Option
600 Telnet Authentication: Kerberos Version 4
602 Telnet Authentication: SPX
604 Telnet Environment Option Interoperability Issues
606 Telnet Environment Option
609 IPv6 support was added by WIDE/KAME project.
613 commands are only partially implemented.
615 Because of bugs in the original
619 performs some dubious protocol exchanges to try to discover if the remote
620 client is, in fact, a
625 has no common interpretation except between similar operating systems
628 The terminal type name received from the remote client is converted to
projects / dragonfly.git / blob