1TELNETD(8)                BSD System Manager's Manual               TELNETD(8)
2

NAME

4     telnetd — DARPA telnet protocol server
5

SYNOPSIS

7     /usr/sbin/in.telnetd [-hns] [-a authmode] [-D debugmode] [-L loginprg]
8                          [-S tos] [-X authtype] [-edebug] [-debug port]
9

DESCRIPTION

11     The telnetd program is a server which supports the DARPA telnet interac‐
12     tive communication protocol.  Telnetd is normally invoked by the internet
13     server (see inetd(8)) for requests to connect to the telnet port as indi‐
14     cated by the /etc/services file (see services(5)).  The -debug option may
15     be used to start up telnetd manually, instead of through inetd(8).  If
16     started up this way, port may be specified to run telnetd on an alternate
17     TCP port number.
18
19     The telnetd program accepts the following options:
20
21     -a authmode  This option may be used for specifying what mode should be
22                  used for authentication.  Note that this option is only use‐
23                  ful if telnetd has been compiled with support for authenti‐
24                  cation, which is not available in the current version.  The
25                  following values of authmode are understood:
26
27                  debug  Turns on authentication debugging code.
28
29                  user   Only allow connections when the remote user can pro‐
30                         vide valid authentication information to identify the
31                         remote user, and is allowed access to the specified
32                         account without providing a password.
33
34                  valid  Only allow connections when the remote user can pro‐
35                         vide valid authentication information to identify the
36                         remote user.  The login(1) command will provide any
37                         additional user verification needed if the remote
38                         user is not allowed automatic access to the specified
39                         account.
40
41                  other  Only allow connections that supply some authentica‐
42                         tion information.  This option is currently not sup‐
43                         ported by any of the existing authentication mecha‐
44                         nisms, and is thus the same as specifying valid.
45
46                  none   This is the default state.  Authentication informa‐
47                         tion is not required.  If no or insufficient authen‐
48                         tication information is provided, then the login(1)
49                         program will provide the necessary user verification.
50
51                  off    This disables the authentication code.  All user ver‐
52                         ification will happen through the login(1) program.
53
54     -c           This option disables reverse dns checking. Of course that
55                  security is lower with this option
56
57     -D debugmode
58                  This option may be used for debugging purposes.  This allows
59                  telnetd to print out debugging information to the connec‐
60                  tion, allowing the user to see what telnetd is doing.  There
61                  are several possible values for debugmode:
62
63                  options   Prints information about the negotiation of telnet
64                            options.
65
66                  report    Prints the options information, plus some addi‐
67                            tional information about what processing is going
68                            on.
69
70                  netdata   Displays the data stream received by telnetd.
71
72                  ptydata   Displays data written to the pty.
73
74                  exercise  Has not been implemented yet.
75
76     -edebug      If telnetd has been compiled with support for encryption,
77                  then the -edebug option may be used to enable encryption
78                  debugging code.
79
80     -h           Disables the printing of host-specific information before
81                  login has been completed.
82
83     -L loginprg  This option may be used to specify a different login pro‐
84                  gram.  By default, /bin/login is used.
85
86     -n           Disable TCP keep-alives.  Normally telnetd enables the TCP
87                  keep-alive mechanism to probe connections that have been
88                  idle for some period of time to determine if the client is
89                  still there, so that idle connections from machines that
90                  have crashed or can no longer be reached may be cleaned up.
91
92     -s           This option is only enabled if telnetd is compiled with sup‐
93                  port for SecurID cards.  It causes the -s option to be
94                  passed on to login(1), and thus is only useful if login(1)
95                  supports the -s flag to indicate that only SecurID validated
96                  logins are allowed. This is usually useful for controlling
97                  remote logins from outside of a firewall.
98
99     -S tos       Sets the IP type-of-service (TOS) option for the telnet con‐
100                  nection to the value tos.
101
102     -X authtype  This option is only valid if telnetd has been built with
103                  support for the authentication option.  It disables the use
104                  of authtype authentication, and can be used to temporarily
105                  disable a specific authentication type without having to
106                  recompile telnetd.
107
108     If the file /etc/issue.net is present, telnetd will display its contents
109     before the login prompt of a telnet session (see issue.net(5)).
110
111     Telnetd operates by allocating a pseudo-terminal device (see pty(4)) for
112     a client, then creating a login process which has the slave side of the
113     pseudo-terminal as stdin, stdout, and stderr.  Telnetd manipulates the
114     master side of the pseudo-terminal, implementing the telnet protocol and
115     passing characters between the remote client and the login process.
116
117     When a telnet session is started up, telnetd sends telnet options to the
118     client side indicating a willingness to do the following telnet options,
119     which are described in more detail below:
120
121           DO AUTHENTICATION
122           WILL ENCRYPT
123           DO TERMINAL TYPE
124           DO TSPEED
125           DO XDISPLOC
126           DO NEW-ENVIRON
127           DO ENVIRON
128           WILL SUPPRESS GO AHEAD
129           DO ECHO
130           DO LINEMODE
131           DO NAWS
132           WILL STATUS
133           DO LFLOW
134           DO TIMING-MARK
135
136     The pseudo-terminal allocated to the client is configured to operate in
137     cooked mode, and with XTABS CRMOD enabled (see tty(4)).
138
139     Telnetd has support for enabling locally the following telnet options:
140
141     WILL ECHO          When the LINEMODE option is enabled, a WILL ECHO or
142                        WONT ECHO will be sent to the client to indicate the
143                        current state of terminal echoing.  When terminal echo
144                        is not desired, a WILL ECHO is sent to indicate that
145                        telnetd will take care of echoing any data that needs
146                        to be echoed to the terminal, and then nothing is
147                        echoed.  When terminal echo is desired, a WONT ECHO is
148                        sent to indicate that telnetd will not be doing any
149                        terminal echoing, so the client should do any terminal
150                        echoing that is needed.
151
152     WILL BINARY        Indicates that the client is willing to send a 8 bits
153                        of data, rather than the normal 7 bits of the Network
154                        Virtual Terminal.
155
156     WILL SGA           Indicates that it will not be sending IAC GA, go
157                        ahead, commands.
158
159     WILL STATUS        Indicates a willingness to send the client, upon
160                        request, of the current status of all TELNET options.
161
162     WILL TIMING-MARK   Whenever a DO TIMING-MARK command is received, it is
163                        always responded to with a WILL TIMING-MARK
164
165     WILL LOGOUT        When a DO LOGOUT is received, a WILL LOGOUT is sent in
166                        response, and the TELNET session is shut down.
167
168     WILL ENCRYPT       Only sent if telnetd is compiled with support for data
169                        encryption, and indicates a willingness to decrypt the
170                        data stream.
171
172     Telnetd has support for enabling remotely the following TELNET options:
173
174     DO BINARY          Sent to indicate that telnetd is willing to receive an
175                        8 bit data stream.
176
177     DO LFLOW           Requests that the client handle flow control charac‐
178                        ters remotely.
179
180     DO ECHO            This is not really supported, but is sent to identify
181                        a 4.2BSD telnet(1) client, which will improperly
182                        respond with WILL ECHO. If a WILL ECHO is received, a
183                        DONT ECHO will be sent in response.
184
185     DO TERMINAL-TYPE   Indicates a desire to be able to request the name of
186                        the type of terminal that is attached to the client
187                        side of the connection.
188
189     DO SGA             Indicates that it does not need to receive IAC GA, the
190                        go ahead command.
191
192     DO NAWS            Requests that the client inform the server when the
193                        window (display) size changes.
194
195     DO TERMINAL-SPEED  Indicates a desire to be able to request information
196                        about the speed of the serial line to which the client
197                        is attached.
198
199     DO XDISPLOC        Indicates a desire to be able to request the name of
200                        the X windows display that is associated with the tel‐
201                        net client.
202
203     DO NEW-ENVIRON     Indicates a desire to be able to request environment
204                        variable information, as described in RFC 1572.
205
206     DO ENVIRON         Indicates a desire to be able to request environment
207                        variable information, as described in RFC 1408.
208
209     DO LINEMODE        Only sent if telnetd is compiled with support for
210                        linemode, and requests that the client do line by line
211                        processing.
212
213     DO TIMING-MARK     Only sent if telnetd is compiled with support for both
214                        linemode and kludge linemode, and the client responded
215                        with WONT LINEMODE. If the client responds with WILL
216                        TM, the it is assumed that the client supports kludge
217                        linemode.  Note that the [-k] option can be used to
218                        disable this.
219
220     DO AUTHENTICATION  Only sent if telnetd is compiled with support for
221                        authentication, and indicates a willingness to receive
222                        authentication information for automatic login.
223
224     DO ENCRYPT         Only sent if telnetd is compiled with support for data
225                        encryption, and indicates a willingness to decrypt the
226                        data stream.  issue.net(5)).
227

FILES

229     /etc/services, /etc/issue.net
230

SEE ALSO

232     telnet(1), login(1), issue.net(5),
233

STANDARDS

235     RFC-854   TELNET PROTOCOL SPECIFICATION
236     RFC-855   TELNET OPTION SPECIFICATIONS
237     RFC-856   TELNET BINARY TRANSMISSION
238     RFC-857   TELNET ECHO OPTION
239     RFC-858   TELNET SUPPRESS GO AHEAD OPTION
240     RFC-859   TELNET STATUS OPTION
241     RFC-860   TELNET TIMING MARK OPTION
242     RFC-861   TELNET EXTENDED OPTIONS - LIST OPTION
243     RFC-885   TELNET END OF RECORD OPTION
244     RFC-1073  Telnet Window Size Option
245     RFC-1079  Telnet Terminal Speed Option
246     RFC-1091  Telnet Terminal-Type Option
247     RFC-1096  Telnet X Display Location Option
248     RFC-1123  Requirements for Internet Hosts -- Application and Support
249     RFC-1184  Telnet Linemode Option
250     RFC-1372  Telnet Remote Flow Control Option
251     RFC-1416  Telnet Authentication Option
252     RFC-1411  Telnet Authentication: Kerberos Version 4
253     RFC-1412  Telnet Authentication: SPX
254     RFC-1571  Telnet Environment Option Interoperability Issues
255     RFC-1572  Telnet Environment Option
256

BUGS

258     Some TELNET commands are only partially implemented.
259
260     Because of bugs in the original 4.2 BSD telnet(1), telnetd performs some
261     dubious protocol exchanges to try to discover if the remote client is, in
262     fact, a 4.2 BSD telnet(1).
263
264     Binary mode has no common interpretation except between similar operating
265     systems (Unix in this case).
266
267     The terminal type name received from the remote client is converted to
268     lower case.
269
270     Telnetd never sends TELNET IAC GA (go ahead) commands.
271
272     The source code is not comprehensible.
273
274Linux NetKit (0.17)            December 29, 1996           Linux NetKit (0.17)
Impressum