1 .\" Copyright (c) 1983, 1993
2 .\" The Regents of the University of California. All rights reserved.
4 .\" Redistribution and use in source and binary forms, with or without
5 .\" modification, are permitted provided that the following conditions
7 .\" 1. Redistributions of source code must retain the above copyright
8 .\" notice, this list of conditions and the following disclaimer.
9 .\" 2. Redistributions in binary form must reproduce the above copyright
10 .\" notice, this list of conditions and the following disclaimer in the
11 .\" documentation and/or other materials provided with the distribution.
12 .\" 3. Neither the name of the University nor the names of its contributors
13 .\" may be used to endorse or promote products derived from this software
14 .\" without specific prior written permission.
16 .\" THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
17 .\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
18 .\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
19 .\" ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
20 .\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
21 .\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
22 .\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
23 .\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
24 .\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
25 .\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
28 .\" @(#)telnetd.8 8.4 (Berkeley) 6/1/94
29 .\" $FreeBSD: src/crypto/telnet/telnetd/telnetd.8,v 1.5.2.6 2002/04/13 10:59:09 markm Exp $
30 .\" $DragonFly: src/crypto/telnet/telnetd/telnetd.8,v 1.2 2003/06/17 04:24:37 dillon Exp $
41 .Nm /usr/libexec/telnetd
51 .Op Fl debug Op Ar port
55 command is a server which supports the
59 virtual terminal protocol.
61 is normally invoked by the internet server (see
63 for requests to connect to the
65 port as indicated by the
71 option may be used to start up
73 manually, instead of through
75 If started up this way,
77 may be specified to run
85 command accepts the following options:
86 .Bl -tag -width indent
88 This option may be used for specifying what mode should
89 be used for authentication.
90 Note that this option is only useful if
92 has been compiled with support for the
95 There are several valid values for
99 Turn on authentication debugging code.
101 Only allow connections when the remote user
102 can provide valid authentication information
103 to identify the remote user,
104 and is allowed access to the specified account
105 without providing a password.
107 Only allow connections when the remote user
108 can provide valid authentication information
109 to identify the remote user.
112 command will provide any additional user verification
113 needed if the remote user is not allowed automatic
114 access to the specified account.
116 Only allow connections that supply some authentication information.
117 This option is currently not supported
118 by any of the existing authentication mechanisms,
119 and is thus the same as specifying
123 This is the default state.
124 Authentication information is not required.
125 If no or insufficient authentication information
126 is provided, then the
128 program will provide the necessary user
131 Disable the authentication code.
132 All user verification will happen through the
137 .\"Specify bftp server mode.
140 .\"causes login to start a
142 .\"session rather than the user's normal shell.
143 .\"In bftp daemon mode normal logins are not supported, and it must be used
144 .\"on a port other than the normal
147 .It Fl D Ar debugmode
148 This option may be used for debugging purposes.
151 to print out debugging information
152 to the connection, allowing the user to see what
155 There are several possible values for
157 .Bl -tag -width exercise
159 Print information about the negotiation of
165 information, plus some additional information
166 about what processing is going on.
168 Display the data stream received by
171 Display data written to the pty.
173 Has not been implemented yet.
176 Enable debugging on each socket created by
185 has been compiled with support for data encryption, then the
187 option may be used to enable encryption debugging code.
189 Disable the printing of host-specific information before
190 login has been completed.
192 This option is only useful if
194 has been compiled with both linemode and kludge linemode
198 option is specified, then if the remote client does not
203 will operate in character at a time mode.
204 It will still support kludge linemode, but will only
205 go into kludge linemode if the remote client requests
207 (This is done by the client sending
208 .Dv DONT SUPPRESS-GO-AHEAD
213 option is most useful when there are remote clients
214 that do not support kludge linemode, but pass the heuristic
215 (if they respond with
219 for kludge linemode support.
222 Try to force clients to use line-at-a-time mode.
225 option is not supported, it will go
226 into kludge linemode.
235 keep-alive mechanism to probe connections that
236 have been idle for some period of time to determine
237 if the client is still there, so that idle connections
238 from machines that have crashed or can no longer
239 be reached may be cleaned up.
240 .It Fl p Ar loginprog
243 command to run to complete the login.
244 The alternate command must
245 understand the same command arguments as the standard login.
248 This option is used to specify the size of the field
251 structure that holds the remote host name.
252 If the resolved host name is longer than
254 the dotted decimal value will be used instead.
255 This allows hosts with very long host names that
256 overflow this field to still be uniquely identified.
259 indicates that only dotted decimal addresses
260 should be put into the
266 to refuse connections from addresses that
267 cannot be mapped back into a symbolic name
272 This option is only valid if
274 has been built with support for the authentication option.
275 It disables the use of
278 can be used to temporarily disable
279 a specific authentication type without having to recompile
284 operates by allocating a pseudo-terminal device (see
286 for a client, then creating a login process which has
287 the slave side of the pseudo-terminal as
293 manipulates the master side of the pseudo-terminal,
296 protocol and passing characters
297 between the remote client and the login process.
301 session is started up,
305 options to the client side indicating
306 a willingness to do the
309 options, which are described in more detail below:
310 .Bd -literal -offset indent
318 WILL SUPPRESS GO AHEAD
327 The pseudo-terminal allocated to the client is configured
337 has support for enabling locally the following
340 .Bl -tag -width "DO AUTHENTICATION"
348 will be sent to the client to indicate the
349 current state of terminal echoing.
350 When terminal echo is not desired, a
352 is sent to indicate that
354 will take care of echoing any data that needs to be
355 echoed to the terminal, and then nothing is echoed.
356 When terminal echo is desired, a
358 is sent to indicate that
360 will not be doing any terminal echoing, so the
361 client should do any terminal echoing that is needed.
363 Indicate that the client is willing to send a
364 8 bits of data, rather than the normal 7 bits
365 of the Network Virtual Terminal.
367 Indicate that it will not be sending
371 Indicate a willingness to send the client, upon
372 request, of the current status of all
375 .It "WILL TIMING-MARK"
378 command is received, it is always responded
380 .Dv WILL TIMING-MARK .
386 is sent in response, and the
388 session is shut down.
392 is compiled with support for data encryption, and
393 indicates a willingness to decrypt
398 has support for enabling remotely the following
401 .Bl -tag -width "DO AUTHENTICATION"
403 Sent to indicate that
405 is willing to receive an 8 bit data stream.
407 Requests that the client handle flow control
410 This is not really supported, but is sent to identify a
413 client, which will improperly respond with
419 will be sent in response.
420 .It "DO TERMINAL-TYPE"
421 Indicate a desire to be able to request the
422 name of the type of terminal that is attached
423 to the client side of the connection.
425 Indicate that it does not need to receive
427 the go ahead command.
429 Requests that the client inform the server when
430 the window (display) size changes.
431 .It "DO TERMINAL-SPEED"
432 Indicate a desire to be able to request information
433 about the speed of the serial line to which
434 the client is attached.
436 Indicate a desire to be able to request the name
437 of the X Window System display that is associated with
440 Indicate a desire to be able to request environment
441 variable information, as described in RFC 1572.
443 Indicate a desire to be able to request environment
444 variable information, as described in RFC 1408.
448 is compiled with support for linemode, and
449 requests that the client do line by line processing.
453 is compiled with support for both linemode and
454 kludge linemode, and the client responded with
456 If the client responds with
458 the it is assumed that the client supports
462 option can be used to disable this.
463 .It "DO AUTHENTICATION"
466 is compiled with support for authentication, and
467 indicates a willingness to receive authentication
468 information for automatic login.
472 is compiled with support for data encryption, and
473 indicates a willingness to decrypt
486 and use that information (if present) to determine
487 what to display before the login: prompt.
488 You can also use a System V style
492 capability, which will override
494 The information specified in either
498 will be displayed to both console and remote logins.
501 .Bl -tag -width ".Pa /etc/services" -compact
506 .\".It Pa /usr/ucb/bftp
516 .Bl -tag -compact -width ".Cm RFC 1572"
519 PROTOCOL SPECIFICATION
521 TELNET OPTION SPECIFICATIONS
523 TELNET BINARY TRANSMISSION
527 TELNET SUPPRESS GO AHEAD OPTION
531 TELNET TIMING MARK OPTION
533 TELNET EXTENDED OPTIONS - LIST OPTION
535 TELNET END OF RECORD OPTION
537 Telnet Window Size Option
539 Telnet Terminal Speed Option
541 Telnet Terminal-Type Option
543 Telnet X Display Location Option
545 Requirements for Internet Hosts -- Application and Support
547 Telnet Linemode Option
549 Telnet Remote Flow Control Option
551 Telnet Authentication Option
553 Telnet Authentication: Kerberos Version 4
555 Telnet Authentication: SPX
557 Telnet Environment Option Interoperability Issues
559 Telnet Environment Option
562 IPv6 support was added by WIDE/KAME project.
566 commands are only partially implemented.
568 Because of bugs in the original
572 performs some dubious protocol exchanges to try to discover if the remote
573 client is, in fact, a
578 has no common interpretation except between similar operating systems
581 The terminal type name received from the remote client is converted to