1 .\" Copyright (c) 1983, 1993
2 .\" The Regents of the University of California. All rights reserved.
4 .\" Redistribution and use in source and binary forms, with or without
5 .\" modification, are permitted provided that the following conditions
7 .\" 1. Redistributions of source code must retain the above copyright
8 .\" notice, this list of conditions and the following disclaimer.
9 .\" 2. Redistributions in binary form must reproduce the above copyright
10 .\" notice, this list of conditions and the following disclaimer in the
11 .\" documentation and/or other materials provided with the distribution.
12 .\" 3. All advertising materials mentioning features or use of this software
13 .\" must display the following acknowledgement:
14 .\" This product includes software developed by the University of
15 .\" California, Berkeley and its contributors.
16 .\" 4. Neither the name of the University nor the names of its contributors
17 .\" may be used to endorse or promote products derived from this software
18 .\" without specific prior written permission.
20 .\" THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
21 .\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
22 .\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
23 .\" ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
24 .\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
25 .\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
26 .\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
27 .\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
28 .\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
29 .\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
32 .\" @(#)telnetd.8 8.4 (Berkeley) 6/1/94
49 .Op Fl r Ns Ar lowpty-highpty
52 .Op Fl L Ar /bin/login
57 command is a server which supports the
61 virtual terminal protocol.
63 is normally invoked by the internet server (see
65 for requests to connect to the
67 port as indicated by the
73 option may be used to start up
75 manually, instead of through
77 If started up this way,
79 may be specified to run
87 command accepts the following options:
88 .Bl -tag -width "-a authmode"
90 This option may be used for specifying what mode should
91 be used for authentication.
92 Note that this option is only useful if
94 has been compiled with support for the
97 There are several valid values for
101 Turns on authentication debugging code.
103 Only allow connections when the remote user
104 can provide valid authentication information
105 to identify the remote user,
106 and is allowed access to the specified account
107 without providing a password.
109 Only allow connections when the remote user
110 can provide valid authentication information
111 to identify the remote user.
114 command will provide any additional user verification
115 needed if the remote user is not allowed automatic
116 access to the specified account.
118 Only allow connections that supply some authentication information.
119 This option is currently not supported
120 by any of the existing authentication mechanisms,
121 and is thus the same as specifying
125 This is the default state.
126 Authentication information is not required.
127 If no or insufficient authentication information
128 is provided, then the
130 program will provide the necessary user
133 This disables the authentication code.
134 All user verification will happen through the
140 .It Fl D Ar debugmode
141 This option may be used for debugging purposes.
144 to print out debugging information
145 to the connection, allowing the user to see what
148 There are several possible values for
150 .Bl -tag -width exercise
152 Prints information about the negotiation of
158 information, plus some additional information
159 about what processing is going on.
161 Displays the data stream received by
164 Displays data written to the pty.
166 Has not been implemented yet.
169 Disables the printing of host-specific information before
170 login has been completed.
177 keep-alives. Normally
181 keep-alive mechanism to probe connections that
182 have been idle for some period of time to determine
183 if the client is still there, so that idle connections
184 from machines that have crashed or can no longer
185 be reached may be cleaned up.
186 .It Fl r Ar lowpty-highpty
187 This option is only enabled when
191 It specifies an inclusive range of pseudo-terminal devices to
192 use. If the system has sysconf variable
194 configured, the default pty search range is 0 to
196 otherwise, the default range is 0 to 128. Either
200 may be omitted to allow changing
201 either end of the search range. If
203 is omitted, the - character is still required so that
211 This option is used to specify the size of the field
214 structure that holds the remote host name.
215 If the resolved host name is longer than
217 the dotted decimal value will be used instead.
218 This allows hosts with very long host names that
219 overflow this field to still be uniquely identified.
222 indicates that only dotted decimal addresses
223 should be put into the
230 to refuse connections from addresses that
231 cannot be mapped back into a symbolic name
236 This option is only valid if
238 has been built with support for the authentication option.
239 It disables the use of
242 can be used to temporarily disable
243 a specific authentication type without having to recompile
246 Specify pathname to an alternative login program.
250 operates by allocating a pseudo-terminal device (see
252 for a client, then creating a login process which has
253 the slave side of the pseudo-terminal as
259 manipulates the master side of the pseudo-terminal,
262 protocol and passing characters
263 between the remote client and the login process.
267 session is started up,
271 options to the client side indicating
272 a willingness to do the
275 options, which are described in more detail below:
276 .Bd -literal -offset indent
284 WILL SUPPRESS GO AHEAD
293 The pseudo-terminal allocated to the client is configured
294 to operate in \*(lqcooked\*(rq mode, and with
301 has support for enabling locally the following
304 .Bl -tag -width "DO AUTHENTICATION"
312 will be sent to the client to indicate the
313 current state of terminal echoing.
314 When terminal echo is not desired, a
316 is sent to indicate that
318 will take care of echoing any data that needs to be
319 echoed to the terminal, and then nothing is echoed.
320 When terminal echo is desired, a
322 is sent to indicate that
324 will not be doing any terminal echoing, so the
325 client should do any terminal echoing that is needed.
327 Indicates that the client is willing to send a
328 8 bits of data, rather than the normal 7 bits
329 of the Network Virtual Terminal.
331 Indicates that it will not be sending
335 Indicates a willingness to send the client, upon
336 request, of the current status of all
339 .It "WILL TIMING-MARK"
342 command is received, it is always responded
351 is sent in response, and the
353 session is shut down.
357 is compiled with support for data encryption, and
358 indicates a willingness to decrypt
363 has support for enabling remotely the following
366 .Bl -tag -width "DO AUTHENTICATION"
368 Sent to indicate that
370 is willing to receive an 8 bit data stream.
372 Requests that the client handle flow control
375 This is not really supported, but is sent to identify a 4.2BSD
377 client, which will improperly respond with
383 will be sent in response.
384 .It "DO TERMINAL-TYPE"
385 Indicates a desire to be able to request the
386 name of the type of terminal that is attached
387 to the client side of the connection.
389 Indicates that it does not need to receive
391 the go ahead command.
393 Requests that the client inform the server when
394 the window (display) size changes.
395 .It "DO TERMINAL-SPEED"
396 Indicates a desire to be able to request information
397 about the speed of the serial line to which
398 the client is attached.
400 Indicates a desire to be able to request the name
401 of the X windows display that is associated with
404 Indicates a desire to be able to request environment
405 variable information, as described in RFC 1572.
407 Indicates a desire to be able to request environment
408 variable information, as described in RFC 1408.
412 is compiled with support for linemode, and
413 requests that the client do line by line processing.
417 is compiled with support for both linemode and
418 kludge linemode, and the client responded with
420 If the client responds with
422 the it is assumed that the client supports
426 option can be used to disable this.
427 .It "DO AUTHENTICATION"
430 is compiled with support for authentication, and
431 indicates a willingness to receive authentication
432 information for automatic login.
436 is compiled with support for data encryption, and
437 indicates a willingness to decrypt
444 (UNICOS systems only)
453 .Bl -tag -compact -width RFC-1572
456 PROTOCOL SPECIFICATION
458 TELNET OPTION SPECIFICATIONS
460 TELNET BINARY TRANSMISSION
464 TELNET SUPPRESS GO AHEAD OPTION
468 TELNET TIMING MARK OPTION
470 TELNET EXTENDED OPTIONS - LIST OPTION
472 TELNET END OF RECORD OPTION
474 Telnet Window Size Option
476 Telnet Terminal Speed Option
478 Telnet Terminal-Type Option
480 Telnet X Display Location Option
482 Requirements for Internet Hosts -- Application and Support
484 Telnet Linemode Option
486 Telnet Remote Flow Control Option
488 Telnet Authentication Option
490 Telnet Authentication: Kerberos Version 4
492 Telnet Authentication: SPX
494 Telnet Environment Option Interoperability Issues
496 Telnet Environment Option
500 commands are only partially implemented.
502 Because of bugs in the original 4.2 BSD
505 performs some dubious protocol exchanges to try to discover if the remote
506 client is, in fact, a 4.2 BSD
510 has no common interpretation except between similar operating systems
513 The terminal type name received from the remote client is converted to