1 .\" Copyright (c) 1983, 1993
2 .\" The Regents of the University of California. All rights reserved.
4 .\" Redistribution and use in source and binary forms, with or without
5 .\" modification, are permitted provided that the following conditions
7 .\" 1. Redistributions of source code must retain the above copyright
8 .\" notice, this list of conditions and the following disclaimer.
9 .\" 2. Redistributions in binary form must reproduce the above copyright
10 .\" notice, this list of conditions and the following disclaimer in the
11 .\" documentation and/or other materials provided with the distribution.
12 .\" 3. All advertising materials mentioning features or use of this software
13 .\" must display the following acknowledgement:
14 .\" This product includes software developed by the University of
15 .\" California, Berkeley and its contributors.
16 .\" 4. Neither the name of the University nor the names of its contributors
17 .\" may be used to endorse or promote products derived from this software
18 .\" without specific prior written permission.
20 .\" THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
21 .\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
22 .\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
23 .\" ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
24 .\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
25 .\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
26 .\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
27 .\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
28 .\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
29 .\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
32 .\" @(#)telnetd.8 8.4 (Berkeley) 6/1/94
33 .\" $FreeBSD: src/crypto/telnet/telnetd/telnetd.8,v 1.5.2.6 2002/04/13 10:59:09 markm Exp $
34 .\" $DragonFly: src/crypto/telnet/telnetd/telnetd.8,v 1.2 2003/06/17 04:24:37 dillon Exp $
45 .Nm /usr/libexec/telnetd
55 .Op Fl debug Op Ar port
59 command is a server which supports the
63 virtual terminal protocol.
65 is normally invoked by the internet server (see
67 for requests to connect to the
69 port as indicated by the
75 option may be used to start up
77 manually, instead of through
79 If started up this way,
81 may be specified to run
89 command accepts the following options:
90 .Bl -tag -width indent
92 This option may be used for specifying what mode should
93 be used for authentication.
94 Note that this option is only useful if
96 has been compiled with support for the
99 There are several valid values for
101 .Bl -tag -width debug
103 Turn on authentication debugging code.
105 Only allow connections when the remote user
106 can provide valid authentication information
107 to identify the remote user,
108 and is allowed access to the specified account
109 without providing a password.
111 Only allow connections when the remote user
112 can provide valid authentication information
113 to identify the remote user.
116 command will provide any additional user verification
117 needed if the remote user is not allowed automatic
118 access to the specified account.
120 Only allow connections that supply some authentication information.
121 This option is currently not supported
122 by any of the existing authentication mechanisms,
123 and is thus the same as specifying
127 This is the default state.
128 Authentication information is not required.
129 If no or insufficient authentication information
130 is provided, then the
132 program will provide the necessary user
135 Disable the authentication code.
136 All user verification will happen through the
141 .\"Specify bftp server mode.
144 .\"causes login to start a
146 .\"session rather than the user's normal shell.
147 .\"In bftp daemon mode normal logins are not supported, and it must be used
148 .\"on a port other than the normal
151 .It Fl D Ar debugmode
152 This option may be used for debugging purposes.
155 to print out debugging information
156 to the connection, allowing the user to see what
159 There are several possible values for
161 .Bl -tag -width exercise
163 Print information about the negotiation of
169 information, plus some additional information
170 about what processing is going on.
172 Display the data stream received by
175 Display data written to the pty.
177 Has not been implemented yet.
180 Enable debugging on each socket created by
189 has been compiled with support for data encryption, then the
191 option may be used to enable encryption debugging code.
193 Disable the printing of host-specific information before
194 login has been completed.
196 This option is only useful if
198 has been compiled with both linemode and kludge linemode
202 option is specified, then if the remote client does not
207 will operate in character at a time mode.
208 It will still support kludge linemode, but will only
209 go into kludge linemode if the remote client requests
211 (This is done by the client sending
212 .Dv DONT SUPPRESS-GO-AHEAD
217 option is most useful when there are remote clients
218 that do not support kludge linemode, but pass the heuristic
219 (if they respond with
223 for kludge linemode support.
226 Try to force clients to use line-at-a-time mode.
229 option is not supported, it will go
230 into kludge linemode.
239 keep-alive mechanism to probe connections that
240 have been idle for some period of time to determine
241 if the client is still there, so that idle connections
242 from machines that have crashed or can no longer
243 be reached may be cleaned up.
244 .It Fl p Ar loginprog
247 command to run to complete the login.
248 The alternate command must
249 understand the same command arguments as the standard login.
252 This option is used to specify the size of the field
255 structure that holds the remote host name.
256 If the resolved host name is longer than
258 the dotted decimal value will be used instead.
259 This allows hosts with very long host names that
260 overflow this field to still be uniquely identified.
263 indicates that only dotted decimal addresses
264 should be put into the
270 to refuse connections from addresses that
271 cannot be mapped back into a symbolic name
276 This option is only valid if
278 has been built with support for the authentication option.
279 It disables the use of
282 can be used to temporarily disable
283 a specific authentication type without having to recompile
288 operates by allocating a pseudo-terminal device (see
290 for a client, then creating a login process which has
291 the slave side of the pseudo-terminal as
297 manipulates the master side of the pseudo-terminal,
300 protocol and passing characters
301 between the remote client and the login process.
305 session is started up,
309 options to the client side indicating
310 a willingness to do the
313 options, which are described in more detail below:
314 .Bd -literal -offset indent
322 WILL SUPPRESS GO AHEAD
331 The pseudo-terminal allocated to the client is configured
341 has support for enabling locally the following
344 .Bl -tag -width "DO AUTHENTICATION"
352 will be sent to the client to indicate the
353 current state of terminal echoing.
354 When terminal echo is not desired, a
356 is sent to indicate that
358 will take care of echoing any data that needs to be
359 echoed to the terminal, and then nothing is echoed.
360 When terminal echo is desired, a
362 is sent to indicate that
364 will not be doing any terminal echoing, so the
365 client should do any terminal echoing that is needed.
367 Indicate that the client is willing to send a
368 8 bits of data, rather than the normal 7 bits
369 of the Network Virtual Terminal.
371 Indicate that it will not be sending
375 Indicate a willingness to send the client, upon
376 request, of the current status of all
379 .It "WILL TIMING-MARK"
382 command is received, it is always responded
384 .Dv WILL TIMING-MARK .
390 is sent in response, and the
392 session is shut down.
396 is compiled with support for data encryption, and
397 indicates a willingness to decrypt
402 has support for enabling remotely the following
405 .Bl -tag -width "DO AUTHENTICATION"
407 Sent to indicate that
409 is willing to receive an 8 bit data stream.
411 Requests that the client handle flow control
414 This is not really supported, but is sent to identify a
417 client, which will improperly respond with
423 will be sent in response.
424 .It "DO TERMINAL-TYPE"
425 Indicate a desire to be able to request the
426 name of the type of terminal that is attached
427 to the client side of the connection.
429 Indicate that it does not need to receive
431 the go ahead command.
433 Requests that the client inform the server when
434 the window (display) size changes.
435 .It "DO TERMINAL-SPEED"
436 Indicate a desire to be able to request information
437 about the speed of the serial line to which
438 the client is attached.
440 Indicate a desire to be able to request the name
441 of the X Window System display that is associated with
444 Indicate a desire to be able to request environment
445 variable information, as described in RFC 1572.
447 Indicate a desire to be able to request environment
448 variable information, as described in RFC 1408.
452 is compiled with support for linemode, and
453 requests that the client do line by line processing.
457 is compiled with support for both linemode and
458 kludge linemode, and the client responded with
460 If the client responds with
462 the it is assumed that the client supports
466 option can be used to disable this.
467 .It "DO AUTHENTICATION"
470 is compiled with support for authentication, and
471 indicates a willingness to receive authentication
472 information for automatic login.
476 is compiled with support for data encryption, and
477 indicates a willingness to decrypt
490 and use that information (if present) to determine
491 what to display before the login: prompt.
492 You can also use a System V style
496 capability, which will override
498 The information specified in either
502 will be displayed to both console and remote logins.
505 .Bl -tag -width ".Pa /etc/services" -compact
510 .\".It Pa /usr/ucb/bftp
520 .Bl -tag -compact -width ".Cm RFC 1572"
523 PROTOCOL SPECIFICATION
525 TELNET OPTION SPECIFICATIONS
527 TELNET BINARY TRANSMISSION
531 TELNET SUPPRESS GO AHEAD OPTION
535 TELNET TIMING MARK OPTION
537 TELNET EXTENDED OPTIONS - LIST OPTION
539 TELNET END OF RECORD OPTION
541 Telnet Window Size Option
543 Telnet Terminal Speed Option
545 Telnet Terminal-Type Option
547 Telnet X Display Location Option
549 Requirements for Internet Hosts -- Application and Support
551 Telnet Linemode Option
553 Telnet Remote Flow Control Option
555 Telnet Authentication Option
557 Telnet Authentication: Kerberos Version 4
559 Telnet Authentication: SPX
561 Telnet Environment Option Interoperability Issues
563 Telnet Environment Option
566 IPv6 support was added by WIDE/KAME project.
570 commands are only partially implemented.
572 Because of bugs in the original
576 performs some dubious protocol exchanges to try to discover if the remote
577 client is, in fact, a
582 has no common interpretation except between similar operating systems
585 The terminal type name received from the remote client is converted to