network_cmds-176.4.1.tar.gz
[apple/network_cmds.git] / telnetd.tproj / telnetd.8
CommitLineData
b7080c8e
A
1.\" Copyright (c) 1983, 1993
2.\" The Regents of the University of California. All rights reserved.
3.\"
4.\" Redistribution and use in source and binary forms, with or without
5.\" modification, are permitted provided that the following conditions
6.\" are met:
7.\" 1. Redistributions of source code must retain the above copyright
8.\" notice, this list of conditions and the following disclaimer.
9.\" 2. Redistributions in binary form must reproduce the above copyright
10.\" notice, this list of conditions and the following disclaimer in the
11.\" documentation and/or other materials provided with the distribution.
12.\" 3. All advertising materials mentioning features or use of this software
13.\" must display the following acknowledgement:
14.\" This product includes software developed by the University of
15.\" California, Berkeley and its contributors.
16.\" 4. Neither the name of the University nor the names of its contributors
17.\" may be used to endorse or promote products derived from this software
18.\" without specific prior written permission.
19.\"
20.\" THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
21.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
22.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
23.\" ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
24.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
25.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
26.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
27.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
28.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
29.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
30.\" SUCH DAMAGE.
31.\"
8052502f
A
32.\" @(#)telnetd.8 8.3 (Berkeley) 3/1/94
33.\" $FreeBSD: src/libexec/telnetd/telnetd.8,v 1.23 2001/07/15 07:53:42 dd Exp $
b7080c8e 34.\"
8052502f 35.Dd March 1, 1994
b7080c8e 36.Dt TELNETD 8
8052502f 37.Os
b7080c8e
A
38.Sh NAME
39.Nm telnetd
40.Nd DARPA
41.Tn TELNET
42protocol server
43.Sh SYNOPSIS
44.Nm /usr/libexec/telnetd
8052502f 45.Op Fl Uhlkns
b7080c8e
A
46.Op Fl D Ar debugmode
47.Op Fl I Ns Ar initid
48.Op Fl S Ar tos
49.Op Fl X Ar authtype
50.Op Fl a Ar authmode
51.Op Fl edebug
8052502f 52.Op Fl p Ar loginprog
b7080c8e
A
53.Op Fl r Ns Ar lowpty-highpty
54.Op Fl u Ar len
55.Op Fl debug Op Ar port
56.Sh DESCRIPTION
57The
8052502f 58.Nm
b7080c8e
A
59command is a server which supports the
60.Tn DARPA
61standard
62.Tn TELNET
63virtual terminal protocol.
64.Nm Telnetd
65is normally invoked by the internet server (see
66.Xr inetd 8 )
67for requests to connect to the
68.Tn TELNET
69port as indicated by the
70.Pa /etc/services
71file (see
72.Xr services 5 ) .
73The
74.Fl debug
75option may be used to start up
8052502f 76.Nm
b7080c8e
A
77manually, instead of through
78.Xr inetd 8 .
8052502f 79If started up this way,
b7080c8e
A
80.Ar port
81may be specified to run
8052502f 82.Nm
b7080c8e
A
83on an alternate
84.Tn TCP
85port number.
86.Pp
87The
8052502f 88.Nm
b7080c8e 89command accepts the following options:
8052502f 90.Bl -tag -width indent
b7080c8e
A
91.It Fl a Ar authmode
92This option may be used for specifying what mode should
93be used for authentication.
94Note that this option is only useful if
8052502f 95.Nm
b7080c8e
A
96has been compiled with support for the
97.Dv AUTHENTICATION
98option.
99There are several valid values for
8052502f 100.Ar authmode :
b7080c8e 101.Bl -tag -width debug
8052502f
A
102.It Cm debug
103Turn on authentication debugging code.
104.It Cm user
b7080c8e
A
105Only allow connections when the remote user
106can provide valid authentication information
107to identify the remote user,
108and is allowed access to the specified account
109without providing a password.
8052502f 110.It Cm valid
b7080c8e
A
111Only allow connections when the remote user
112can provide valid authentication information
113to identify the remote user.
114The
115.Xr login 1
116command will provide any additional user verification
117needed if the remote user is not allowed automatic
118access to the specified account.
8052502f 119.It Cm other
b7080c8e
A
120Only allow connections that supply some authentication information.
121This option is currently not supported
122by any of the existing authentication mechanisms,
123and is thus the same as specifying
124.Fl a
125.Cm valid .
8052502f 126.It Cm none
b7080c8e
A
127This is the default state.
128Authentication information is not required.
129If no or insufficient authentication information
130is provided, then the
131.Xr login 1
132program will provide the necessary user
133verification.
8052502f
A
134.It Cm off
135Disable the authentication code.
b7080c8e
A
136All user verification will happen through the
137.Xr login 1
138program.
139.El
b7080c8e
A
140.It Fl D Ar debugmode
141This option may be used for debugging purposes.
142This allows
8052502f 143.Nm
b7080c8e
A
144to print out debugging information
145to the connection, allowing the user to see what
8052502f 146.Nm
b7080c8e 147is doing.
8052502f
A
148There are several possible values for
149.Ar debugmode :
b7080c8e
A
150.Bl -tag -width exercise
151.It Cm options
8052502f 152Print information about the negotiation of
b7080c8e
A
153.Tn TELNET
154options.
155.It Cm report
8052502f 156Print the
b7080c8e
A
157.Cm options
158information, plus some additional information
159about what processing is going on.
160.It Cm netdata
8052502f
A
161Display the data stream received by
162.Nm .
b7080c8e 163.It Cm ptydata
8052502f 164Display data written to the pty.
b7080c8e
A
165.It Cm exercise
166Has not been implemented yet.
167.El
168.It Fl debug
8052502f
A
169Enable debugging on each socket created by
170.Nm
b7080c8e
A
171(see
172.Dv SO_DEBUG
173in
174.Xr socket 2 ) .
175.It Fl edebug
176If
8052502f 177.Nm
b7080c8e
A
178has been compiled with support for data encryption, then the
179.Fl edebug
180option may be used to enable encryption debugging code.
8052502f
A
181.It Fl p Ar loginprog
182Specify an alternate
183.Xr login 1
184command to run to complete the login. The alternate command must
185understand the same command arguments as the standard login.
b7080c8e 186.It Fl h
8052502f 187Disable the printing of host-specific information before
b7080c8e
A
188login has been completed.
189.It Fl I Ar initid
190This option is only applicable to
191.Tn UNICOS
192systems prior to 7.0.
193It specifies the
194.Dv ID
195from
196.Pa /etc/inittab
197to use when init starts login sessions. The default
198.Dv ID
199is
8052502f 200.Dv fe .
b7080c8e
A
201.It Fl k
202This option is only useful if
8052502f 203.Nm
b7080c8e
A
204has been compiled with both linemode and kludge linemode
205support. If the
206.Fl k
207option is specified, then if the remote client does not
208support the
209.Dv LINEMODE
210option, then
8052502f 211.Nm
b7080c8e
A
212will operate in character at a time mode.
213It will still support kludge linemode, but will only
214go into kludge linemode if the remote client requests
215it.
8052502f 216(This is done by the client sending
b7080c8e
A
217.Dv DONT SUPPRESS-GO-AHEAD
218and
219.Dv DONT ECHO . )
220The
221.Fl k
222option is most useful when there are remote clients
223that do not support kludge linemode, but pass the heuristic
224(if they respond with
225.Dv WILL TIMING-MARK
226in response to a
8052502f 227.Dv DO TIMING-MARK )
b7080c8e
A
228for kludge linemode support.
229.It Fl l
8052502f 230Specify line mode. Try to force clients to use line-
b7080c8e
A
231at-a-time mode.
232If the
233.Dv LINEMODE
234option is not supported, it will go
235into kludge linemode.
236.It Fl n
237Disable
238.Dv TCP
239keep-alives. Normally
8052502f 240.Nm
b7080c8e
A
241enables the
242.Tn TCP
243keep-alive mechanism to probe connections that
244have been idle for some period of time to determine
245if the client is still there, so that idle connections
246from machines that have crashed or can no longer
247be reached may be cleaned up.
248.It Fl r Ar lowpty-highpty
249This option is only enabled when
8052502f 250.Nm
b7080c8e 251is compiled for
8052502f 252.Dv UNICOS .
b7080c8e
A
253It specifies an inclusive range of pseudo-terminal devices to
254use. If the system has sysconf variable
255.Dv _SC_CRAY_NPTY
256configured, the default pty search range is 0 to
8052502f 257.Dv _SC_CRAY_NPTY ;
b7080c8e
A
258otherwise, the default range is 0 to 128. Either
259.Ar lowpty
260or
261.Ar highpty
262may be omitted to allow changing
263either end of the search range. If
264.Ar lowpty
265is omitted, the - character is still required so that
8052502f 266.Nm
b7080c8e
A
267can differentiate
268.Ar highpty
269from
270.Ar lowpty .
271.It Fl s
272This option is only enabled if
8052502f 273.Nm
b7080c8e
A
274is compiled with support for
275.Tn SecurID
276cards.
277It causes the
278.Fl s
279option to be passed on to
280.Xr login 1 ,
281and thus is only useful if
282.Xr login 1
283supports the
284.Fl s
285flag to indicate that only
286.Tn SecurID
287validated logins are allowed, and is
288usually useful for controlling remote logins
289from outside of a firewall.
290.It Fl S Ar tos
291.It Fl u Ar len
292This option is used to specify the size of the field
293in the
294.Dv utmp
295structure that holds the remote host name.
296If the resolved host name is longer than
297.Ar len ,
298the dotted decimal value will be used instead.
299This allows hosts with very long host names that
300overflow this field to still be uniquely identified.
301Specifying
302.Fl u0
303indicates that only dotted decimal addresses
304should be put into the
305.Pa utmp
306file.
b7080c8e
A
307.It Fl U
308This option causes
8052502f 309.Nm
b7080c8e
A
310to refuse connections from addresses that
311cannot be mapped back into a symbolic name
312via the
313.Xr gethostbyaddr 3
314routine.
315.It Fl X Ar authtype
316This option is only valid if
8052502f 317.Nm
b7080c8e
A
318has been built with support for the authentication option.
319It disables the use of
320.Ar authtype
321authentication, and
322can be used to temporarily disable
323a specific authentication type without having to recompile
8052502f 324.Nm .
b7080c8e
A
325.El
326.Pp
327.Nm Telnetd
328operates by allocating a pseudo-terminal device (see
329.Xr pty 4 )
330for a client, then creating a login process which has
8052502f 331the slave side of the pseudo-terminal as
b7080c8e
A
332.Dv stdin ,
333.Dv stdout
334and
335.Dv stderr .
336.Nm Telnetd
337manipulates the master side of the pseudo-terminal,
338implementing the
339.Tn TELNET
340protocol and passing characters
341between the remote client and the login process.
342.Pp
343When a
344.Tn TELNET
8052502f
A
345session is started up,
346.Nm
b7080c8e
A
347sends
348.Tn TELNET
349options to the client side indicating
350a willingness to do the
351following
352.Tn TELNET
353options, which are described in more detail below:
354.Bd -literal -offset indent
355DO AUTHENTICATION
356WILL ENCRYPT
357DO TERMINAL TYPE
358DO TSPEED
359DO XDISPLOC
360DO NEW-ENVIRON
361DO ENVIRON
362WILL SUPPRESS GO AHEAD
363DO ECHO
364DO LINEMODE
365DO NAWS
366WILL STATUS
367DO LFLOW
368DO TIMING-MARK
369.Ed
370.Pp
371The pseudo-terminal allocated to the client is configured
8052502f
A
372to operate in
373.Dq cooked
374mode, and with
b7080c8e
A
375.Dv XTABS and
376.Dv CRMOD
377enabled (see
378.Xr tty 4 ) .
379.Pp
380.Nm Telnetd
381has support for enabling locally the following
382.Tn TELNET
383options:
384.Bl -tag -width "DO AUTHENTICATION"
385.It "WILL ECHO"
386When the
387.Dv LINEMODE
388option is enabled, a
389.Dv WILL ECHO
390or
391.Dv WONT ECHO
392will be sent to the client to indicate the
393current state of terminal echoing.
394When terminal echo is not desired, a
395.Dv WILL ECHO
396is sent to indicate that
8052502f 397.Nm
b7080c8e
A
398will take care of echoing any data that needs to be
399echoed to the terminal, and then nothing is echoed.
400When terminal echo is desired, a
401.Dv WONT ECHO
402is sent to indicate that
8052502f 403.Nm
b7080c8e
A
404will not be doing any terminal echoing, so the
405client should do any terminal echoing that is needed.
406.It "WILL BINARY"
8052502f 407Indicate that the client is willing to send a
b7080c8e
A
4088 bits of data, rather than the normal 7 bits
409of the Network Virtual Terminal.
410.It "WILL SGA"
8052502f
A
411Indicate that it will not be sending
412.Dv IAC GA ,
b7080c8e
A
413go ahead, commands.
414.It "WILL STATUS"
8052502f 415Indicate a willingness to send the client, upon
b7080c8e
A
416request, of the current status of all
417.Tn TELNET
418options.
419.It "WILL TIMING-MARK"
420Whenever a
421.Dv DO TIMING-MARK
422command is received, it is always responded
423to with a
8052502f 424.Dv WILL TIMING-MARK .
b7080c8e
A
425.It "WILL LOGOUT"
426When a
427.Dv DO LOGOUT
428is received, a
429.Dv WILL LOGOUT
430is sent in response, and the
431.Tn TELNET
432session is shut down.
433.It "WILL ENCRYPT"
434Only sent if
8052502f 435.Nm
b7080c8e
A
436is compiled with support for data encryption, and
437indicates a willingness to decrypt
438the data stream.
439.El
440.Pp
441.Nm Telnetd
442has support for enabling remotely the following
443.Tn TELNET
444options:
445.Bl -tag -width "DO AUTHENTICATION"
446.It "DO BINARY"
447Sent to indicate that
8052502f 448.Nm
b7080c8e
A
449is willing to receive an 8 bit data stream.
450.It "DO LFLOW"
451Requests that the client handle flow control
452characters remotely.
453.It "DO ECHO"
454This is not really supported, but is sent to identify a 4.2BSD
455.Xr telnet 1
456client, which will improperly respond with
8052502f 457.Dv WILL ECHO .
b7080c8e
A
458If a
459.Dv WILL ECHO
460is received, a
461.Dv DONT ECHO
462will be sent in response.
463.It "DO TERMINAL-TYPE"
8052502f 464Indicate a desire to be able to request the
b7080c8e
A
465name of the type of terminal that is attached
466to the client side of the connection.
467.It "DO SGA"
8052502f
A
468Indicate that it does not need to receive
469.Dv IAC GA ,
b7080c8e
A
470the go ahead command.
471.It "DO NAWS"
472Requests that the client inform the server when
473the window (display) size changes.
474.It "DO TERMINAL-SPEED"
8052502f 475Indicate a desire to be able to request information
b7080c8e
A
476about the speed of the serial line to which
477the client is attached.
478.It "DO XDISPLOC"
8052502f
A
479Indicate a desire to be able to request the name
480of the X Window System display that is associated with
b7080c8e
A
481the telnet client.
482.It "DO NEW-ENVIRON"
8052502f 483Indicate a desire to be able to request environment
b7080c8e
A
484variable information, as described in RFC 1572.
485.It "DO ENVIRON"
8052502f 486Indicate a desire to be able to request environment
b7080c8e
A
487variable information, as described in RFC 1408.
488.It "DO LINEMODE"
489Only sent if
8052502f 490.Nm
b7080c8e
A
491is compiled with support for linemode, and
492requests that the client do line by line processing.
493.It "DO TIMING-MARK"
494Only sent if
8052502f 495.Nm
b7080c8e
A
496is compiled with support for both linemode and
497kludge linemode, and the client responded with
8052502f 498.Dv WONT LINEMODE .
b7080c8e 499If the client responds with
8052502f 500.Dv WILL TM ,
b7080c8e
A
501the it is assumed that the client supports
502kludge linemode.
503Note that the
504.Op Fl k
505option can be used to disable this.
506.It "DO AUTHENTICATION"
507Only sent if
8052502f 508.Nm
b7080c8e
A
509is compiled with support for authentication, and
510indicates a willingness to receive authentication
511information for automatic login.
512.It "DO ENCRYPT"
513Only sent if
8052502f 514.Nm
b7080c8e
A
515is compiled with support for data encryption, and
516indicates a willingness to decrypt
517the data stream.
8052502f
A
518.El
519.Sh NOTES
520By default
521.Nm
522will read the
523.Em \&he ,
524.Em \&hn ,
525and
526.Em \&im
527capabilities from
528.Pa /etc/gettytab
529and use that information (if present) to determine
530what to display before the login: prompt. You can
531also use a System V style
532.Pa /etc/issue
533file by using the
534.Em \&if
535capability, which will override
536.Em \&im .
537The information specified in either
538.Em \&im
539or
540.Em \&if
541will be displayed to both console and remote logins.
542.\" .Sh ENVIRONMENT
b7080c8e 543.Sh FILES
8052502f
A
544.Bl -tag -width /usr/ucb/bftp -compact
545.It Pa /etc/services
546.It Pa /etc/gettytab
547.It Pa /etc/inittab
b7080c8e 548(UNICOS systems only)
8052502f 549.It Pa /etc/iptos
b7080c8e 550(if supported)
8052502f 551.It Pa /usr/ucb/bftp
b7080c8e 552(if supported)
8052502f 553.El
b7080c8e 554.Sh "SEE ALSO"
8052502f 555.Xr bftp 1 ,
b7080c8e 556.Xr login 1 ,
8052502f
A
557.Xr gettytab 5 ,
558.Xr telnet 1
b7080c8e
A
559(if supported)
560.Sh STANDARDS
561.Bl -tag -compact -width RFC-1572
562.It Cm RFC-854
563.Tn TELNET
564PROTOCOL SPECIFICATION
565.It Cm RFC-855
566TELNET OPTION SPECIFICATIONS
567.It Cm RFC-856
568TELNET BINARY TRANSMISSION
569.It Cm RFC-857
570TELNET ECHO OPTION
571.It Cm RFC-858
572TELNET SUPPRESS GO AHEAD OPTION
573.It Cm RFC-859
574TELNET STATUS OPTION
575.It Cm RFC-860
576TELNET TIMING MARK OPTION
577.It Cm RFC-861
578TELNET EXTENDED OPTIONS - LIST OPTION
579.It Cm RFC-885
580TELNET END OF RECORD OPTION
581.It Cm RFC-1073
582Telnet Window Size Option
583.It Cm RFC-1079
584Telnet Terminal Speed Option
585.It Cm RFC-1091
586Telnet Terminal-Type Option
587.It Cm RFC-1096
588Telnet X Display Location Option
589.It Cm RFC-1123
590Requirements for Internet Hosts -- Application and Support
591.It Cm RFC-1184
592Telnet Linemode Option
593.It Cm RFC-1372
594Telnet Remote Flow Control Option
595.It Cm RFC-1416
596Telnet Authentication Option
597.It Cm RFC-1411
598Telnet Authentication: Kerberos Version 4
599.It Cm RFC-1412
600Telnet Authentication: SPX
601.It Cm RFC-1571
602Telnet Environment Option Interoperability Issues
603.It Cm RFC-1572
604Telnet Environment Option
8052502f 605.El
b7080c8e
A
606.Sh BUGS
607Some
608.Tn TELNET
609commands are only partially implemented.
610.Pp
611Because of bugs in the original 4.2 BSD
612.Xr telnet 1 ,
8052502f 613.Nm
b7080c8e
A
614performs some dubious protocol exchanges to try to discover if the remote
615client is, in fact, a 4.2 BSD
616.Xr telnet 1 .
617.Pp
618Binary mode
619has no common interpretation except between similar operating systems
620(Unix in this case).
621.Pp
622The terminal type name received from the remote client is converted to
623lower case.
624.Pp
625.Nm Telnetd
626never sends
627.Tn TELNET
628.Dv IAC GA
629(go ahead) commands.
8052502f
A
630.Sh HISTORY
631IPv6 support was added by WIDE/KAME project.