1 .\" Copyright (c) 1983, 1993
2 .\" The Regents of the University of California. All rights reserved.
4 .\" Redistribution and use in source and binary forms, with or without
5 .\" modification, are permitted provided that the following conditions
7 .\" 1. Redistributions of source code must retain the above copyright
8 .\" notice, this list of conditions and the following disclaimer.
9 .\" 2. Redistributions in binary form must reproduce the above copyright
10 .\" notice, this list of conditions and the following disclaimer in the
11 .\" documentation and/or other materials provided with the distribution.
12 .\" 3. All advertising materials mentioning features or use of this software
13 .\" must display the following acknowledgement:
14 .\" This product includes software developed by the University of
15 .\" California, Berkeley and its contributors.
16 .\" 4. Neither the name of the University nor the names of its contributors
17 .\" may be used to endorse or promote products derived from this software
18 .\" without specific prior written permission.
20 .\" THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
21 .\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
22 .\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
23 .\" ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
24 .\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
25 .\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
26 .\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
27 .\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
28 .\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
29 .\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
32 .\" @(#)telnetd.8 8.4 (Berkeley) 6/1/94
43 .Nm /usr/libexec/telnetd
51 .Op Fl r Ns Ar lowpty-highpty
53 .Op Fl debug Op Ar port
57 command is a server which supports the
61 virtual terminal protocol.
63 is normally invoked by the internet server (see
65 for requests to connect to the
67 port as indicated by the
73 option may be used to start up
75 manually, instead of through
77 If started up this way,
79 may be specified to run
87 command accepts the following options:
88 .Bl -tag -width "-a authmode"
90 This option may be used for specifying what mode should
91 be used for authentication.
92 Note that this option is only useful if
94 has been compiled with support for the
97 There are several valid values for
101 Turns on authentication debugging code.
103 Only allow connections when the remote user
104 can provide valid authentication information
105 to identify the remote user,
106 and is allowed access to the specified account
107 without providing a password.
109 Only allow connections when the remote user
110 can provide valid authentication information
111 to identify the remote user.
114 command will provide any additional user verification
115 needed if the remote user is not allowed automatic
116 access to the specified account.
118 Only allow connections that supply some authentication information.
119 This option is currently not supported
120 by any of the existing authentication mechanisms,
121 and is thus the same as specifying
125 This is the default state.
126 Authentication information is not required.
127 If no or insufficient authentication information
128 is provided, then the
130 program will provide the necessary user
133 This disables the authentication code.
134 All user verification will happen through the
139 Specifies bftp server mode. In this mode,
141 causes login to start a
143 session rather than the user's
144 normal shell. In bftp daemon mode normal
145 logins are not supported, and it must be used
146 on a port other than the normal
149 .It Fl D Ar debugmode
150 This option may be used for debugging purposes.
153 to print out debugging information
154 to the connection, allowing the user to see what
157 There are several possible values for
159 .Bl -tag -width exercise
161 Prints information about the negotiation of
167 information, plus some additional information
168 about what processing is going on.
170 Displays the data stream received by
173 Displays data written to the pty.
175 Has not been implemented yet.
178 Enables debugging on each socket created by
187 has been compiled with support for data encryption, then the
189 option may be used to enable encryption debugging code.
191 Disables the printing of host-specific information before
192 login has been completed.
194 This option is only applicable to
196 systems prior to 7.0.
201 to use when init starts login sessions. The default
206 This option is only useful if
208 has been compiled with both linemode and kludge linemode
211 option is specified, then if the remote client does not
216 will operate in character at a time mode.
217 It will still support kludge linemode, but will only
218 go into kludge linemode if the remote client requests
220 (This is done by by the client sending
221 .Dv DONT SUPPRESS-GO-AHEAD
226 option is most useful when there are remote clients
227 that do not support kludge linemode, but pass the heuristic
228 (if they respond with
232 for kludge linemode support.
234 Specifies line mode. Tries to force clients to use line-
238 option is not supported, it will go
239 into kludge linemode.
243 keep-alives. Normally
247 keep-alive mechanism to probe connections that
248 have been idle for some period of time to determine
249 if the client is still there, so that idle connections
250 from machines that have crashed or can no longer
251 be reached may be cleaned up.
252 .It Fl r Ar lowpty-highpty
253 This option is only enabled when
257 It specifies an inclusive range of pseudo-terminal devices to
258 use. If the system has sysconf variable
260 configured, the default pty search range is 0 to
262 otherwise, the default range is 0 to 128. Either
266 may be omitted to allow changing
267 either end of the search range. If
269 is omitted, the - character is still required so that
276 This option is only enabled if
278 is compiled with support for
283 option to be passed on to
285 and thus is only useful if
289 flag to indicate that only
291 validated logins are allowed, and is
292 usually useful for controlling remote logins
293 from outside of a firewall.
296 This option is used to specify the size of the field
299 structure that holds the remote host name.
300 If the resolved host name is longer than
302 the dotted decimal value will be used instead.
303 This allows hosts with very long host names that
304 overflow this field to still be uniquely identified.
307 indicates that only dotted decimal addresses
308 should be put into the
315 to refuse connections from addresses that
316 cannot be mapped back into a symbolic name
321 This option is only valid if
323 has been built with support for the authentication option.
324 It disables the use of
327 can be used to temporarily disable
328 a specific authentication type without having to recompile
333 operates by allocating a pseudo-terminal device (see
335 for a client, then creating a login process which has
336 the slave side of the pseudo-terminal as
342 manipulates the master side of the pseudo-terminal,
345 protocol and passing characters
346 between the remote client and the login process.
350 session is started up,
354 options to the client side indicating
355 a willingness to do the
358 options, which are described in more detail below:
359 .Bd -literal -offset indent
367 WILL SUPPRESS GO AHEAD
376 The pseudo-terminal allocated to the client is configured
377 to operate in \*(lqcooked\*(rq mode, and with
384 has support for enabling locally the following
387 .Bl -tag -width "DO AUTHENTICATION"
395 will be sent to the client to indicate the
396 current state of terminal echoing.
397 When terminal echo is not desired, a
399 is sent to indicate that
401 will take care of echoing any data that needs to be
402 echoed to the terminal, and then nothing is echoed.
403 When terminal echo is desired, a
405 is sent to indicate that
407 will not be doing any terminal echoing, so the
408 client should do any terminal echoing that is needed.
410 Indicates that the client is willing to send a
411 8 bits of data, rather than the normal 7 bits
412 of the Network Virtual Terminal.
414 Indicates that it will not be sending
418 Indicates a willingness to send the client, upon
419 request, of the current status of all
422 .It "WILL TIMING-MARK"
425 command is received, it is always responded
434 is sent in response, and the
436 session is shut down.
440 is compiled with support for data encryption, and
441 indicates a willingness to decrypt
446 has support for enabling remotely the following
449 .Bl -tag -width "DO AUTHENTICATION"
451 Sent to indicate that
453 is willing to receive an 8 bit data stream.
455 Requests that the client handle flow control
458 This is not really supported, but is sent to identify a 4.2BSD
460 client, which will improperly respond with
466 will be sent in response.
467 .It "DO TERMINAL-TYPE"
468 Indicates a desire to be able to request the
469 name of the type of terminal that is attached
470 to the client side of the connection.
472 Indicates that it does not need to receive
474 the go ahead command.
476 Requests that the client inform the server when
477 the window (display) size changes.
478 .It "DO TERMINAL-SPEED"
479 Indicates a desire to be able to request information
480 about the speed of the serial line to which
481 the client is attached.
483 Indicates a desire to be able to request the name
484 of the X windows display that is associated with
487 Indicates a desire to be able to request environment
488 variable information, as described in RFC 1572.
490 Indicates a desire to be able to request environment
491 variable information, as described in RFC 1408.
495 is compiled with support for linemode, and
496 requests that the client do line by line processing.
500 is compiled with support for both linemode and
501 kludge linemode, and the client responded with
503 If the client responds with
505 the it is assumed that the client supports
509 option can be used to disable this.
510 .It "DO AUTHENTICATION"
513 is compiled with support for authentication, and
514 indicates a willingness to receive authentication
515 information for automatic login.
519 is compiled with support for data encryption, and
520 indicates a willingness to decrypt
527 (UNICOS systems only)
540 .Bl -tag -compact -width RFC-1572
543 PROTOCOL SPECIFICATION
545 TELNET OPTION SPECIFICATIONS
547 TELNET BINARY TRANSMISSION
551 TELNET SUPPRESS GO AHEAD OPTION
555 TELNET TIMING MARK OPTION
557 TELNET EXTENDED OPTIONS - LIST OPTION
559 TELNET END OF RECORD OPTION
561 Telnet Window Size Option
563 Telnet Terminal Speed Option
565 Telnet Terminal-Type Option
567 Telnet X Display Location Option
569 Requirements for Internet Hosts -- Application and Support
571 Telnet Linemode Option
573 Telnet Remote Flow Control Option
575 Telnet Authentication Option
577 Telnet Authentication: Kerberos Version 4
579 Telnet Authentication: SPX
581 Telnet Environment Option Interoperability Issues
583 Telnet Environment Option
587 commands are only partially implemented.
589 Because of bugs in the original 4.2 BSD
592 performs some dubious protocol exchanges to try to discover if the remote
593 client is, in fact, a 4.2 BSD
597 has no common interpretation except between similar operating systems
600 The terminal type name received from the remote client is converted to
projects / apple / network_cmds.git / blob