1 .\" Copyright (c) 1983, 1993
2 .\" The Regents of the University of California. All rights reserved.
4 .\" Redistribution and use in source and binary forms, with or without
5 .\" modification, are permitted provided that the following conditions
7 .\" 1. Redistributions of source code must retain the above copyright
8 .\" notice, this list of conditions and the following disclaimer.
9 .\" 2. Redistributions in binary form must reproduce the above copyright
10 .\" notice, this list of conditions and the following disclaimer in the
11 .\" documentation and/or other materials provided with the distribution.
12 .\" 3. All advertising materials mentioning features or use of this software
13 .\" must display the following acknowledgement:
14 .\" This product includes software developed by the University of
15 .\" California, Berkeley and its contributors.
16 .\" 4. Neither the name of the University nor the names of its contributors
17 .\" may be used to endorse or promote products derived from this software
18 .\" without specific prior written permission.
20 .\" THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
21 .\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
22 .\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
23 .\" ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
24 .\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
25 .\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
26 .\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
27 .\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
28 .\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
29 .\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
32 .\" @(#)telnetd.8 8.3 (Berkeley) 3/1/94
33 .\" $FreeBSD: src/libexec/telnetd/telnetd.8,v 1.23 2001/07/15 07:53:42 dd Exp $
44 .Nm /usr/libexec/telnetd
53 .Op Fl r Ns Ar lowpty-highpty
55 .Op Fl debug Op Ar port
59 command is a server which supports the
63 virtual terminal protocol.
65 is normally invoked by the internet server (see
67 for requests to connect to the
69 port as indicated by the
75 option may be used to start up
77 manually, instead of through
79 If started up this way,
81 may be specified to run
89 command accepts the following options:
90 .Bl -tag -width indent
92 This option may be used for specifying what mode should
93 be used for authentication.
94 Note that this option is only useful if
96 has been compiled with support for the
99 There are several valid values for
101 .Bl -tag -width debug
103 Turn on authentication debugging code.
105 Only allow connections when the remote user
106 can provide valid authentication information
107 to identify the remote user,
108 and is allowed access to the specified account
109 without providing a password.
111 Only allow connections when the remote user
112 can provide valid authentication information
113 to identify the remote user.
116 command will provide any additional user verification
117 needed if the remote user is not allowed automatic
118 access to the specified account.
120 Only allow connections that supply some authentication information.
121 This option is currently not supported
122 by any of the existing authentication mechanisms,
123 and is thus the same as specifying
127 This is the default state.
128 Authentication information is not required.
129 If no or insufficient authentication information
130 is provided, then the
132 program will provide the necessary user
135 Disable the authentication code.
136 All user verification will happen through the
140 .It Fl D Ar debugmode
141 This option may be used for debugging purposes.
144 to print out debugging information
145 to the connection, allowing the user to see what
148 There are several possible values for
150 .Bl -tag -width exercise
152 Print information about the negotiation of
158 information, plus some additional information
159 about what processing is going on.
161 Display the data stream received by
164 Display data written to the pty.
166 Has not been implemented yet.
169 Enable debugging on each socket created by
178 has been compiled with support for data encryption, then the
180 option may be used to enable encryption debugging code.
181 .It Fl p Ar loginprog
184 command to run to complete the login. The alternate command must
185 understand the same command arguments as the standard login.
187 Disable the printing of host-specific information before
188 login has been completed.
190 This option is only applicable to
192 systems prior to 7.0.
197 to use when init starts login sessions. The default
202 This option is only useful if
204 has been compiled with both linemode and kludge linemode
207 option is specified, then if the remote client does not
212 will operate in character at a time mode.
213 It will still support kludge linemode, but will only
214 go into kludge linemode if the remote client requests
216 (This is done by the client sending
217 .Dv DONT SUPPRESS-GO-AHEAD
222 option is most useful when there are remote clients
223 that do not support kludge linemode, but pass the heuristic
224 (if they respond with
228 for kludge linemode support.
230 Specify line mode. Try to force clients to use line-
234 option is not supported, it will go
235 into kludge linemode.
239 keep-alives. Normally
243 keep-alive mechanism to probe connections that
244 have been idle for some period of time to determine
245 if the client is still there, so that idle connections
246 from machines that have crashed or can no longer
247 be reached may be cleaned up.
248 .It Fl r Ar lowpty-highpty
249 This option is only enabled when
253 It specifies an inclusive range of pseudo-terminal devices to
254 use. If the system has sysconf variable
256 configured, the default pty search range is 0 to
258 otherwise, the default range is 0 to 128. Either
262 may be omitted to allow changing
263 either end of the search range. If
265 is omitted, the - character is still required so that
272 This option is only enabled if
274 is compiled with support for
279 option to be passed on to
281 and thus is only useful if
285 flag to indicate that only
287 validated logins are allowed, and is
288 usually useful for controlling remote logins
289 from outside of a firewall.
292 This option is used to specify the size of the field
295 structure that holds the remote host name.
296 If the resolved host name is longer than
298 the dotted decimal value will be used instead.
299 This allows hosts with very long host names that
300 overflow this field to still be uniquely identified.
303 indicates that only dotted decimal addresses
304 should be put into the
310 to refuse connections from addresses that
311 cannot be mapped back into a symbolic name
316 This option is only valid if
318 has been built with support for the authentication option.
319 It disables the use of
322 can be used to temporarily disable
323 a specific authentication type without having to recompile
328 operates by allocating a pseudo-terminal device (see
330 for a client, then creating a login process which has
331 the slave side of the pseudo-terminal as
337 manipulates the master side of the pseudo-terminal,
340 protocol and passing characters
341 between the remote client and the login process.
345 session is started up,
349 options to the client side indicating
350 a willingness to do the
353 options, which are described in more detail below:
354 .Bd -literal -offset indent
362 WILL SUPPRESS GO AHEAD
371 The pseudo-terminal allocated to the client is configured
381 has support for enabling locally the following
384 .Bl -tag -width "DO AUTHENTICATION"
392 will be sent to the client to indicate the
393 current state of terminal echoing.
394 When terminal echo is not desired, a
396 is sent to indicate that
398 will take care of echoing any data that needs to be
399 echoed to the terminal, and then nothing is echoed.
400 When terminal echo is desired, a
402 is sent to indicate that
404 will not be doing any terminal echoing, so the
405 client should do any terminal echoing that is needed.
407 Indicate that the client is willing to send a
408 8 bits of data, rather than the normal 7 bits
409 of the Network Virtual Terminal.
411 Indicate that it will not be sending
415 Indicate a willingness to send the client, upon
416 request, of the current status of all
419 .It "WILL TIMING-MARK"
422 command is received, it is always responded
424 .Dv WILL TIMING-MARK .
430 is sent in response, and the
432 session is shut down.
436 is compiled with support for data encryption, and
437 indicates a willingness to decrypt
442 has support for enabling remotely the following
445 .Bl -tag -width "DO AUTHENTICATION"
447 Sent to indicate that
449 is willing to receive an 8 bit data stream.
451 Requests that the client handle flow control
454 This is not really supported, but is sent to identify a 4.2BSD
456 client, which will improperly respond with
462 will be sent in response.
463 .It "DO TERMINAL-TYPE"
464 Indicate a desire to be able to request the
465 name of the type of terminal that is attached
466 to the client side of the connection.
468 Indicate that it does not need to receive
470 the go ahead command.
472 Requests that the client inform the server when
473 the window (display) size changes.
474 .It "DO TERMINAL-SPEED"
475 Indicate a desire to be able to request information
476 about the speed of the serial line to which
477 the client is attached.
479 Indicate a desire to be able to request the name
480 of the X Window System display that is associated with
483 Indicate a desire to be able to request environment
484 variable information, as described in RFC 1572.
486 Indicate a desire to be able to request environment
487 variable information, as described in RFC 1408.
491 is compiled with support for linemode, and
492 requests that the client do line by line processing.
496 is compiled with support for both linemode and
497 kludge linemode, and the client responded with
499 If the client responds with
501 the it is assumed that the client supports
505 option can be used to disable this.
506 .It "DO AUTHENTICATION"
509 is compiled with support for authentication, and
510 indicates a willingness to receive authentication
511 information for automatic login.
515 is compiled with support for data encryption, and
516 indicates a willingness to decrypt
529 and use that information (if present) to determine
530 what to display before the login: prompt. You can
531 also use a System V style
535 capability, which will override
537 The information specified in either
541 will be displayed to both console and remote logins.
544 .Bl -tag -width /usr/ucb/bftp -compact
548 (UNICOS systems only)
561 .Bl -tag -compact -width RFC-1572
564 PROTOCOL SPECIFICATION
566 TELNET OPTION SPECIFICATIONS
568 TELNET BINARY TRANSMISSION
572 TELNET SUPPRESS GO AHEAD OPTION
576 TELNET TIMING MARK OPTION
578 TELNET EXTENDED OPTIONS - LIST OPTION
580 TELNET END OF RECORD OPTION
582 Telnet Window Size Option
584 Telnet Terminal Speed Option
586 Telnet Terminal-Type Option
588 Telnet X Display Location Option
590 Requirements for Internet Hosts -- Application and Support
592 Telnet Linemode Option
594 Telnet Remote Flow Control Option
596 Telnet Authentication Option
598 Telnet Authentication: Kerberos Version 4
600 Telnet Authentication: SPX
602 Telnet Environment Option Interoperability Issues
604 Telnet Environment Option
609 commands are only partially implemented.
611 Because of bugs in the original 4.2 BSD
614 performs some dubious protocol exchanges to try to discover if the remote
615 client is, in fact, a 4.2 BSD
619 has no common interpretation except between similar operating systems
622 The terminal type name received from the remote client is converted to
631 IPv6 support was added by WIDE/KAME project.
projects / apple / network_cmds.git / blob