1 .\" Copyright (c) 1983, 1993
2 .\" The Regents of the University of California. All rights reserved.
4 .\" Redistribution and use in source and binary forms, with or without
5 .\" modification, are permitted provided that the following conditions
7 .\" 1. Redistributions of source code must retain the above copyright
8 .\" notice, this list of conditions and the following disclaimer.
9 .\" 2. Redistributions in binary form must reproduce the above copyright
10 .\" notice, this list of conditions and the following disclaimer in the
11 .\" documentation and/or other materials provided with the distribution.
12 .\" 3. All advertising materials mentioning features or use of this software
13 .\" must display the following acknowledgement:
14 .\" This product includes software developed by the University of
15 .\" California, Berkeley and its contributors.
16 .\" 4. Neither the name of the University nor the names of its contributors
17 .\" may be used to endorse or promote products derived from this software
18 .\" without specific prior written permission.
20 .\" THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
21 .\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
22 .\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
23 .\" ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
24 .\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
25 .\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
26 .\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
27 .\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
28 .\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
29 .\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
32 .\" @(#)telnetd.8 8.4 (Berkeley) 6/1/94
49 .Op Fl r Ns Ar lowpty-highpty
52 .Op Fl L Ar /bin/login
57 command is a server which supports the
61 virtual terminal protocol.
63 is normally invoked by the internet server (see
65 for requests to connect to the
67 port as indicated by the
73 option may be used to start up
75 manually, instead of through
77 If started up this way,
79 may be specified to run
87 command accepts the following options:
88 .Bl -tag -width "-a authmode"
90 This option may be used for specifying what mode should
91 be used for authentication.
92 Note that this option is only useful if
94 has been compiled with support for the
97 There are several valid values for
101 Turns on authentication debugging code.
103 Only allow connections when the remote user
104 can provide valid authentication information
105 to identify the remote user,
106 and is allowed access to the specified account
107 without providing a password.
109 Only allow connections when the remote user
110 can provide valid authentication information
111 to identify the remote user.
114 command will provide any additional user verification
115 needed if the remote user is not allowed automatic
116 access to the specified account.
118 Only allow connections that supply some authentication information.
119 This option is currently not supported
120 by any of the existing authentication mechanisms,
121 and is thus the same as specifying
125 Only allow authenticated connections (as with
128 and also logins with one-time passwords (OTPs). This option will call
129 login with an option so that only OTPs are accepted. The user can of
130 course still type secret information at the prompt.
132 This is the default state.
133 Authentication information is not required.
134 If no or insufficient authentication information
135 is provided, then the
137 program will provide the necessary user
140 This disables the authentication code.
141 All user verification will happen through the
147 .It Fl D Ar debugmode
148 This option may be used for debugging purposes.
151 to print out debugging information
152 to the connection, allowing the user to see what
155 There are several possible values for
157 .Bl -tag -width exercise
159 Prints information about the negotiation of
165 information, plus some additional information
166 about what processing is going on.
168 Displays the data stream received by
171 Displays data written to the pty.
173 Has not been implemented yet.
176 Disables the printing of host-specific information before
177 login has been completed.
184 keep-alives. Normally
188 keep-alive mechanism to probe connections that
189 have been idle for some period of time to determine
190 if the client is still there, so that idle connections
191 from machines that have crashed or can no longer
192 be reached may be cleaned up.
193 .It Fl r Ar lowpty-highpty
194 This option is only enabled when
198 It specifies an inclusive range of pseudo-terminal devices to
199 use. If the system has sysconf variable
201 configured, the default pty search range is 0 to
203 otherwise, the default range is 0 to 128. Either
207 may be omitted to allow changing
208 either end of the search range. If
210 is omitted, the - character is still required so that
218 This option is used to specify the size of the field
221 structure that holds the remote host name.
222 If the resolved host name is longer than
224 the dotted decimal value will be used instead.
225 This allows hosts with very long host names that
226 overflow this field to still be uniquely identified.
229 indicates that only dotted decimal addresses
230 should be put into the
237 to refuse connections from addresses that
238 cannot be mapped back into a symbolic name
243 This option is only valid if
245 has been built with support for the authentication option.
246 It disables the use of
249 can be used to temporarily disable
250 a specific authentication type without having to recompile
253 Specify pathname to an alternative login program.
257 operates by allocating a pseudo-terminal device (see
259 for a client, then creating a login process which has
260 the slave side of the pseudo-terminal as
266 manipulates the master side of the pseudo-terminal,
269 protocol and passing characters
270 between the remote client and the login process.
274 session is started up,
278 options to the client side indicating
279 a willingness to do the
282 options, which are described in more detail below:
283 .Bd -literal -offset indent
291 WILL SUPPRESS GO AHEAD
300 The pseudo-terminal allocated to the client is configured
301 to operate in \*(lqcooked\*(rq mode, and with
308 has support for enabling locally the following
311 .Bl -tag -width "DO AUTHENTICATION"
319 will be sent to the client to indicate the
320 current state of terminal echoing.
321 When terminal echo is not desired, a
323 is sent to indicate that
325 will take care of echoing any data that needs to be
326 echoed to the terminal, and then nothing is echoed.
327 When terminal echo is desired, a
329 is sent to indicate that
331 will not be doing any terminal echoing, so the
332 client should do any terminal echoing that is needed.
334 Indicates that the client is willing to send a
335 8 bits of data, rather than the normal 7 bits
336 of the Network Virtual Terminal.
338 Indicates that it will not be sending
342 Indicates a willingness to send the client, upon
343 request, of the current status of all
346 .It "WILL TIMING-MARK"
349 command is received, it is always responded
358 is sent in response, and the
360 session is shut down.
364 is compiled with support for data encryption, and
365 indicates a willingness to decrypt
370 has support for enabling remotely the following
373 .Bl -tag -width "DO AUTHENTICATION"
375 Sent to indicate that
377 is willing to receive an 8 bit data stream.
379 Requests that the client handle flow control
382 This is not really supported, but is sent to identify a 4.2BSD
384 client, which will improperly respond with
390 will be sent in response.
391 .It "DO TERMINAL-TYPE"
392 Indicates a desire to be able to request the
393 name of the type of terminal that is attached
394 to the client side of the connection.
396 Indicates that it does not need to receive
398 the go ahead command.
400 Requests that the client inform the server when
401 the window (display) size changes.
402 .It "DO TERMINAL-SPEED"
403 Indicates a desire to be able to request information
404 about the speed of the serial line to which
405 the client is attached.
407 Indicates a desire to be able to request the name
408 of the X windows display that is associated with
411 Indicates a desire to be able to request environment
412 variable information, as described in RFC 1572.
414 Indicates a desire to be able to request environment
415 variable information, as described in RFC 1408.
419 is compiled with support for linemode, and
420 requests that the client do line by line processing.
424 is compiled with support for both linemode and
425 kludge linemode, and the client responded with
427 If the client responds with
429 the it is assumed that the client supports
433 option can be used to disable this.
434 .It "DO AUTHENTICATION"
437 is compiled with support for authentication, and
438 indicates a willingness to receive authentication
439 information for automatic login.
443 is compiled with support for data encryption, and
444 indicates a willingness to decrypt
451 (UNICOS systems only)
460 .Bl -tag -compact -width RFC-1572
463 PROTOCOL SPECIFICATION
465 TELNET OPTION SPECIFICATIONS
467 TELNET BINARY TRANSMISSION
471 TELNET SUPPRESS GO AHEAD OPTION
475 TELNET TIMING MARK OPTION
477 TELNET EXTENDED OPTIONS - LIST OPTION
479 TELNET END OF RECORD OPTION
481 Telnet Window Size Option
483 Telnet Terminal Speed Option
485 Telnet Terminal-Type Option
487 Telnet X Display Location Option
489 Requirements for Internet Hosts -- Application and Support
491 Telnet Linemode Option
493 Telnet Remote Flow Control Option
495 Telnet Authentication Option
497 Telnet Authentication: Kerberos Version 4
499 Telnet Authentication: SPX
501 Telnet Environment Option Interoperability Issues
503 Telnet Environment Option
507 commands are only partially implemented.
509 Because of bugs in the original 4.2 BSD
512 performs some dubious protocol exchanges to try to discover if the remote
513 client is, in fact, a 4.2 BSD
517 has no common interpretation except between similar operating systems
520 The terminal type name received from the remote client is converted to