1TELNETD(8)                BSD System Manager's Manual               TELNETD(8)
2

NAME

4     telnetd — DARPA telnet protocol server
5

SYNOPSIS

7     /usr/sbin/in.telnetd [-ihnNs] [-a authmode] [-D debugmode] [-L loginprg]
8                          [-S tos] [-X authtype] [-edebug] [-debug port]
9

DESCRIPTION

11     The telnetd program is a server which supports the DARPA telnet interac‐
12     tive communication protocol.  Telnetd is normally invoked by the internet
13     server (see inetd(8)) for requests to connect to the telnet port as indi‐
14     cated by the /etc/services file (see services(5)).  The -debug option may
15     be used to start up telnetd manually, instead of through inetd(8).  If
16     started up this way, port may be specified to run telnetd on an alternate
17     TCP port number.
18
19     The telnetd program accepts the following options:
20
21     -a authmode  This option may be used for specifying what mode should be
22                  used for authentication.  Note that this option is only use‐
23                  ful if telnetd has been compiled with support for authenti‐
24                  cation, which is not available in the current version.  The
25                  following values of authmode are understood:
26
27                  debug  Turns on authentication debugging code.
28
29                  user   Only allow connections when the remote user can pro‐
30                         vide valid authentication information to identify the
31                         remote user, and is allowed access to the specified
32                         account without providing a password.
33
34                  valid  Only allow connections when the remote user can pro‐
35                         vide valid authentication information to identify the
36                         remote user.  The login(1) command will provide any
37                         additional user verification needed if the remote
38                         user is not allowed automatic access to the specified
39                         account.
40
41                  other  Only allow connections that supply some authentica‐
42                         tion information.  This option is currently not sup‐
43                         ported by any of the existing authentication mecha‐
44                         nisms, and is thus the same as specifying valid.
45
46                  none   This is the default state.  Authentication informa‐
47                         tion is not required.  If no or insufficient authen‐
48                         tication information is provided, then the login(1)
49                         program will provide the necessary user verification.
50
51                  off    This disables the authentication code.  All user ver‐
52                         ification will happen through the login(1) program.
53
54     -D debugmode
55                  This option may be used for debugging purposes.  This allows
56                  telnetd to print out debugging information to the connec‐
57                  tion, allowing the user to see what telnetd is doing.  There
58                  are several possible values for debugmode:
59
60                  options   Prints information about the negotiation of telnet
61                            options.
62
63                  report    Prints the options information, plus some addi‐
64                            tional information about what processing is going
65                            on.
66
67                  netdata   Displays the data stream received by telnetd.
68
69                  ptydata   Displays data written to the pty.
70
71                  exercise  Has not been implemented yet.
72
73     -edebug      If telnetd has been compiled with support for encryption,
74                  then the -edebug option may be used to enable encryption
75                  debugging code.
76
77     -h           Disables the printing of host-specific information before
78                  login has been completed.
79
80     -i           Disable reverse DNS lookups and use the numeric IP address
81                  in logs and REMOTEHOST environment variable. (-i switch cor‐
82                  responds to utilities like last)
83
84     -L loginprg  This option may be used to specify a different login pro‐
85                  gram.  By default, /bin/login is used.
86
87     -n           Disable TCP keep-alives.  Normally telnetd enables the TCP
88                  keep-alive mechanism to probe connections that have been
89                  idle for some period of time to determine if the client is
90                  still there, so that idle connections from machines that
91                  have crashed or can no longer be reached may be cleaned up.
92
93     -N           Do not use DNS to canonicalize the local hostname;
94                  gethostname(2) returns a fully qualified name.
95
96     -s           This option is only enabled if telnetd is compiled with sup‐
97                  port for SecurID cards.  It causes the -s option to be
98                  passed on to login(1), and thus is only useful if login(1)
99                  supports the -s flag to indicate that only SecurID validated
100                  logins are allowed. This is usually useful for controlling
101                  remote logins from outside of a firewall.
102
103     -S tos       Sets the IP type-of-service (TOS) option for the telnet con‐
104                  nection to the value tos.
105
106     -X authtype  This option is only valid if telnetd has been built with
107                  support for the authentication option.  It disables the use
108                  of authtype authentication, and can be used to temporarily
109                  disable a specific authentication type without having to
110                  recompile telnetd.
111
112     If the file /etc/issue.net is present, telnetd will display its contents
113     before the login prompt of a telnet session (see issue.net(5)).
114
115     Telnetd operates by allocating a pseudo-terminal device (see pty(4)) for
116     a client, then creating a login process which has the slave side of the
117     pseudo-terminal as stdin, stdout, and stderr.  Telnetd manipulates the
118     master side of the pseudo-terminal, implementing the telnet protocol and
119     passing characters between the remote client and the login process.
120
121     When a telnet session is started up, telnetd sends telnet options to the
122     client side indicating a willingness to do the following telnet options,
123     which are described in more detail below:
124
125           DO AUTHENTICATION
126           WILL ENCRYPT
127           DO TERMINAL TYPE
128           DO TSPEED
129           DO XDISPLOC
130           DO NEW-ENVIRON
131           DO ENVIRON
132           WILL SUPPRESS GO AHEAD
133           DO ECHO
134           DO LINEMODE
135           DO NAWS
136           WILL STATUS
137           DO LFLOW
138           DO TIMING-MARK
139
140     The pseudo-terminal allocated to the client is configured to operate in
141     cooked mode, and with XTABS CRMOD enabled (see tty(4)).
142
143     Telnetd has support for enabling locally the following telnet options:
144
145     WILL ECHO          When the LINEMODE option is enabled, a WILL ECHO or
146                        WONT ECHO will be sent to the client to indicate the
147                        current state of terminal echoing.  When terminal echo
148                        is not desired, a WILL ECHO is sent to indicate that
149                        telnetd will take care of echoing any data that needs
150                        to be echoed to the terminal, and then nothing is
151                        echoed.  When terminal echo is desired, a WONT ECHO is
152                        sent to indicate that telnetd will not be doing any
153                        terminal echoing, so the client should do any terminal
154                        echoing that is needed.
155
156     WILL BINARY        Indicates that the client is willing to send a 8 bits
157                        of data, rather than the normal 7 bits of the Network
158                        Virtual Terminal.
159
160     WILL SGA           Indicates that it will not be sending IAC GA, go
161                        ahead, commands.
162
163     WILL STATUS        Indicates a willingness to send the client, upon
164                        request, of the current status of all TELNET options.
165
166     WILL TIMING-MARK   Whenever a DO TIMING-MARK command is received, it is
167                        always responded to with a WILL TIMING-MARK
168
169     WILL LOGOUT        When a DO LOGOUT is received, a WILL LOGOUT is sent in
170                        response, and the TELNET session is shut down.
171
172     WILL ENCRYPT       Only sent if telnetd is compiled with support for data
173                        encryption, and indicates a willingness to decrypt the
174                        data stream.
175
176     Telnetd has support for enabling remotely the following TELNET options:
177
178     DO BINARY          Sent to indicate that telnetd is willing to receive an
179                        8 bit data stream.
180
181     DO LFLOW           Requests that the client handle flow control charac‐
182                        ters remotely.
183
184     DO ECHO            This is not really supported, but is sent to identify
185                        a 4.2BSD telnet(1) client, which will improperly
186                        respond with WILL ECHO. If a WILL ECHO is received, a
187                        DONT ECHO will be sent in response.
188
189     DO TERMINAL-TYPE   Indicates a desire to be able to request the name of
190                        the type of terminal that is attached to the client
191                        side of the connection.
192
193     DO SGA             Indicates that it does not need to receive IAC GA, the
194                        go ahead command.
195
196     DO NAWS            Requests that the client inform the server when the
197                        window (display) size changes.
198
199     DO TERMINAL-SPEED  Indicates a desire to be able to request information
200                        about the speed of the serial line to which the client
201                        is attached.
202
203     DO XDISPLOC        Indicates a desire to be able to request the name of
204                        the X windows display that is associated with the tel‐
205                        net client.
206
207     DO NEW-ENVIRON     Indicates a desire to be able to request environment
208                        variable information, as described in RFC 1572.
209
210     DO ENVIRON         Indicates a desire to be able to request environment
211                        variable information, as described in RFC 1408.
212
213     DO LINEMODE        Only sent if telnetd is compiled with support for
214                        linemode, and requests that the client do line by line
215                        processing.
216
217     DO TIMING-MARK     Only sent if telnetd is compiled with support for both
218                        linemode and kludge linemode, and the client responded
219                        with WONT LINEMODE. If the client responds with WILL
220                        TM, the it is assumed that the client supports kludge
221                        linemode.  Note that the [-k] option can be used to
222                        disable this.
223
224     DO AUTHENTICATION  Only sent if telnetd is compiled with support for
225                        authentication, and indicates a willingness to receive
226                        authentication information for automatic login.
227
228     DO ENCRYPT         Only sent if telnetd is compiled with support for data
229                        encryption, and indicates a willingness to decrypt the
230                        data stream.  issue.net(5)).
231

FILES

233     /etc/services, /etc/issue.net
234

SEE ALSO

236     telnet(1), login(1), issue.net(5),
237

STANDARDS

239     RFC-854   TELNET PROTOCOL SPECIFICATION
240     RFC-855   TELNET OPTION SPECIFICATIONS
241     RFC-856   TELNET BINARY TRANSMISSION
242     RFC-857   TELNET ECHO OPTION
243     RFC-858   TELNET SUPPRESS GO AHEAD OPTION
244     RFC-859   TELNET STATUS OPTION
245     RFC-860   TELNET TIMING MARK OPTION
246     RFC-861   TELNET EXTENDED OPTIONS - LIST OPTION
247     RFC-885   TELNET END OF RECORD OPTION
248     RFC-1073  Telnet Window Size Option
249     RFC-1079  Telnet Terminal Speed Option
250     RFC-1091  Telnet Terminal-Type Option
251     RFC-1096  Telnet X Display Location Option
252     RFC-1123  Requirements for Internet Hosts -- Application and Support
253     RFC-1184  Telnet Linemode Option
254     RFC-1372  Telnet Remote Flow Control Option
255     RFC-1416  Telnet Authentication Option
256     RFC-1411  Telnet Authentication: Kerberos Version 4
257     RFC-1412  Telnet Authentication: SPX
258     RFC-1571  Telnet Environment Option Interoperability Issues
259     RFC-1572  Telnet Environment Option
260

BUGS

262     Some TELNET commands are only partially implemented.
263
264     Because of bugs in the original 4.2 BSD telnet(1), telnetd performs some
265     dubious protocol exchanges to try to discover if the remote client is, in
266     fact, a 4.2 BSD telnet(1).
267
268     Binary mode has no common interpretation except between similar operating
269     systems (Unix in this case).
270
271     The terminal type name received from the remote client is converted to
272     lower case.
273
274     Telnetd never sends TELNET IAC GA (go ahead) commands.
275
276     The source code is not comprehensible.
277
278Linux NetKit (0.17)            December 29, 1996           Linux NetKit (0.17)
Impressum