1.\" Copyright (c) 1983, 1993 2.\" The Regents of the University of California. All rights reserved. 3.\" 4.\" Redistribution and use in source and binary forms, with or without 5.\" modification, are permitted provided that the following conditions 6.\" are met: 7.\" 1. Redistributions of source code must retain the above copyright 8.\" notice, this list of conditions and the following disclaimer. 9.\" 2. Redistributions in binary form must reproduce the above copyright 10.\" notice, this list of conditions and the following disclaimer in the 11.\" documentation and/or other materials provided with the distribution. 12.\" 3. All advertising materials mentioning features or use of this software 13.\" must display the following acknowledgement: 14.\" This product includes software developed by the University of 15.\" California, Berkeley and its contributors. 16.\" 4. Neither the name of the University nor the names of its contributors 17.\" may be used to endorse or promote products derived from this software 18.\" without specific prior written permission. 19.\" 20.\" THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND 21.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 22.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 23.\" ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE 24.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 25.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 26.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 27.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 28.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 29.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 30.\" SUCH DAMAGE. 31.\" 32.\" @(#)telnetd.8 8.4 (Berkeley) 6/1/94 33.\" 34.Dd June 1, 1994 35.Dt TELNETD 8 36.Os BSD 4.2 37.Sh NAME 38.Nm telnetd 39.Nd DARPA 40.Tn TELNET 41protocol server 42.Sh SYNOPSIS 43.Nm telnetd 44.Op Fl BUhkln 45.Op Fl D Ar debugmode 46.Op Fl S Ar tos 47.Op Fl X Ar authtype 48.Op Fl a Ar authmode 49.Op Fl r Ns Ar lowpty-highpty 50.Op Fl u Ar len 51.Op Fl debug 52.Op Fl L Ar /bin/login 53.Op Ar port 54.Sh DESCRIPTION 55The 56.Nm telnetd 57command is a server which supports the 58.Tn DARPA 59standard 60.Tn TELNET 61virtual terminal protocol. 62.Nm Telnetd 63is normally invoked by the internet server (see 64.Xr inetd 8 ) 65for requests to connect to the 66.Tn TELNET 67port as indicated by the 68.Pa /etc/services 69file (see 70.Xr services 5 ) . 71The 72.Fl debug 73option may be used to start up 74.Nm telnetd 75manually, instead of through 76.Xr inetd 8 . 77If started up this way, 78.Ar port 79may be specified to run 80.Nm telnetd 81on an alternate 82.Tn TCP 83port number. 84.Pp 85The 86.Nm telnetd 87command accepts the following options: 88.Bl -tag -width "-a authmode" 89.It Fl a Ar authmode 90This option may be used for specifying what mode should 91be used for authentication. 92Note that this option is only useful if 93.Nm telnetd 94has been compiled with support for the 95.Dv AUTHENTICATION 96option. 97There are several valid values for 98.Ar authmode : 99.Bl -tag -width debug 100.It debug 101Turns on authentication debugging code. 102.It user 103Only allow connections when the remote user 104can provide valid authentication information 105to identify the remote user, 106and is allowed access to the specified account 107without providing a password. 108.It valid 109Only allow connections when the remote user 110can provide valid authentication information 111to identify the remote user. 112The 113.Xr login 1 114command will provide any additional user verification 115needed if the remote user is not allowed automatic 116access to the specified account. 117.It other 118Only allow connections that supply some authentication information. 119This option is currently not supported 120by any of the existing authentication mechanisms, 121and is thus the same as specifying 122.Fl a 123.Cm valid . 124.It otp 125Only allow authenticated connections (as with 126.Fl a 127.Cm user ) 128and also logins with one-time passwords (OTPs). This option will call 129login with an option so that only OTPs are accepted. The user can of 130course still type secret information at the prompt. 131.It none 132This is the default state. 133Authentication information is not required. 134If no or insufficient authentication information 135is provided, then the 136.Xr login 1 137program will provide the necessary user 138verification. 139.It off 140This disables the authentication code. 141All user verification will happen through the 142.Xr login 1 143program. 144.El 145.It Fl B 146Ignored. 147.It Fl D Ar debugmode 148This option may be used for debugging purposes. 149This allows 150.Nm telnetd 151to print out debugging information 152to the connection, allowing the user to see what 153.Nm telnetd 154is doing. 155There are several possible values for 156.Ar debugmode : 157.Bl -tag -width exercise 158.It Cm options 159Prints information about the negotiation of 160.Tn TELNET 161options. 162.It Cm report 163Prints the 164.Cm options 165information, plus some additional information 166about what processing is going on. 167.It Cm netdata 168Displays the data stream received by 169.Nm telnetd . 170.It Cm ptydata 171Displays data written to the pty. 172.It Cm exercise 173Has not been implemented yet. 174.El 175.It Fl h 176Disables the printing of host-specific information before 177login has been completed. 178.It Fl k 179.It Fl l 180Ignored. 181.It Fl n 182Disable 183.Dv TCP 184keep-alives. Normally 185.Nm telnetd 186enables the 187.Tn TCP 188keep-alive mechanism to probe connections that 189have been idle for some period of time to determine 190if the client is still there, so that idle connections 191from machines that have crashed or can no longer 192be reached may be cleaned up. 193.It Fl r Ar lowpty-highpty 194This option is only enabled when 195.Nm telnetd 196is compiled for 197.Dv UNICOS . 198It specifies an inclusive range of pseudo-terminal devices to 199use. If the system has sysconf variable 200.Dv _SC_CRAY_NPTY 201configured, the default pty search range is 0 to 202.Dv _SC_CRAY_NPTY ; 203otherwise, the default range is 0 to 128. Either 204.Ar lowpty 205or 206.Ar highpty 207may be omitted to allow changing 208either end of the search range. If 209.Ar lowpty 210is omitted, the - character is still required so that 211.Nm telnetd 212can differentiate 213.Ar highpty 214from 215.Ar lowpty . 216.It Fl S Ar tos 217.It Fl u Ar len 218This option is used to specify the size of the field 219in the 220.Dv utmp 221structure that holds the remote host name. 222If the resolved host name is longer than 223.Ar len , 224the dotted decimal value will be used instead. 225This allows hosts with very long host names that 226overflow this field to still be uniquely identified. 227Specifying 228.Fl u0 229indicates that only dotted decimal addresses 230should be put into the 231.Pa utmp 232file. 233.It Fl U 234This option causes 235.Nm telnetd 236to refuse connections from addresses that 237cannot be mapped back into a symbolic name 238via the 239.Xr gethostbyaddr 3 240routine. 241.It Fl X Ar authtype 242This option is only valid if 243.Nm telnetd 244has been built with support for the authentication option. 245It disables the use of 246.Ar authtype 247authentication, and 248can be used to temporarily disable 249a specific authentication type without having to recompile 250.Nm telnetd . 251.It Fl L pathname 252Specify pathname to an alternative login program. 253.El 254.Pp 255.Nm Telnetd 256operates by allocating a pseudo-terminal device (see 257.Xr pty 4 ) 258for a client, then creating a login process which has 259the slave side of the pseudo-terminal as 260.Dv stdin , 261.Dv stdout 262and 263.Dv stderr . 264.Nm Telnetd 265manipulates the master side of the pseudo-terminal, 266implementing the 267.Tn TELNET 268protocol and passing characters 269between the remote client and the login process. 270.Pp 271When a 272.Tn TELNET 273session is started up, 274.Nm telnetd 275sends 276.Tn TELNET 277options to the client side indicating 278a willingness to do the 279following 280.Tn TELNET 281options, which are described in more detail below: 282.Bd -literal -offset indent 283DO AUTHENTICATION 284WILL ENCRYPT 285DO TERMINAL TYPE 286DO TSPEED 287DO XDISPLOC 288DO NEW-ENVIRON 289DO ENVIRON 290WILL SUPPRESS GO AHEAD 291DO ECHO 292DO LINEMODE 293DO NAWS 294WILL STATUS 295DO LFLOW 296DO TIMING-MARK 297.Ed 298.Pp 299The pseudo-terminal allocated to the client is configured 300to operate in 301.Dq cooked 302mode, and with 303.Dv XTABS and 304.Dv CRMOD 305enabled (see 306.Xr tty 4 ) . 307.Pp 308.Nm Telnetd 309has support for enabling locally the following 310.Tn TELNET 311options: 312.Bl -tag -width "DO AUTHENTICATION" 313.It "WILL ECHO" 314When the 315.Dv LINEMODE 316option is enabled, a 317.Dv WILL ECHO 318or 319.Dv WONT ECHO 320will be sent to the client to indicate the 321current state of terminal echoing. 322When terminal echo is not desired, a 323.Dv WILL ECHO 324is sent to indicate that 325.Tn telnetd 326will take care of echoing any data that needs to be 327echoed to the terminal, and then nothing is echoed. 328When terminal echo is desired, a 329.Dv WONT ECHO 330is sent to indicate that 331.Tn telnetd 332will not be doing any terminal echoing, so the 333client should do any terminal echoing that is needed. 334.It "WILL BINARY" 335Indicates that the client is willing to send a 3368 bits of data, rather than the normal 7 bits 337of the Network Virtual Terminal. 338.It "WILL SGA" 339Indicates that it will not be sending 340.Dv IAC GA , 341go ahead, commands. 342.It "WILL STATUS" 343Indicates a willingness to send the client, upon 344request, of the current status of all 345.Tn TELNET 346options. 347.It "WILL TIMING-MARK" 348Whenever a 349.Dv DO TIMING-MARK 350command is received, it is always responded 351to with a 352.Dv WILL TIMING-MARK 353.It "WILL LOGOUT" 354When a 355.Dv DO LOGOUT 356is received, a 357.Dv WILL LOGOUT 358is sent in response, and the 359.Tn TELNET 360session is shut down. 361.It "WILL ENCRYPT" 362Only sent if 363.Nm telnetd 364is compiled with support for data encryption, and 365indicates a willingness to decrypt 366the data stream. 367.El 368.Pp 369.Nm Telnetd 370has support for enabling remotely the following 371.Tn TELNET 372options: 373.Bl -tag -width "DO AUTHENTICATION" 374.It "DO BINARY" 375Sent to indicate that 376.Tn telnetd 377is willing to receive an 8 bit data stream. 378.It "DO LFLOW" 379Requests that the client handle flow control 380characters remotely. 381.It "DO ECHO" 382This is not really supported, but is sent to identify a 4.2BSD 383.Xr telnet 1 384client, which will improperly respond with 385.Dv WILL ECHO . 386If a 387.Dv WILL ECHO 388is received, a 389.Dv DONT ECHO 390will be sent in response. 391.It "DO TERMINAL-TYPE" 392Indicates a desire to be able to request the 393name of the type of terminal that is attached 394to the client side of the connection. 395.It "DO SGA" 396Indicates that it does not need to receive 397.Dv IAC GA , 398the go ahead command. 399.It "DO NAWS" 400Requests that the client inform the server when 401the window (display) size changes. 402.It "DO TERMINAL-SPEED" 403Indicates a desire to be able to request information 404about the speed of the serial line to which 405the client is attached. 406.It "DO XDISPLOC" 407Indicates a desire to be able to request the name 408of the X windows display that is associated with 409the telnet client. 410.It "DO NEW-ENVIRON" 411Indicates a desire to be able to request environment 412variable information, as described in RFC 1572. 413.It "DO ENVIRON" 414Indicates a desire to be able to request environment 415variable information, as described in RFC 1408. 416.It "DO LINEMODE" 417Only sent if 418.Nm telnetd 419is compiled with support for linemode, and 420requests that the client do line by line processing. 421.It "DO TIMING-MARK" 422Only sent if 423.Nm telnetd 424is compiled with support for both linemode and 425kludge linemode, and the client responded with 426.Dv WONT LINEMODE . 427If the client responds with 428.Dv WILL TM , 429the it is assumed that the client supports 430kludge linemode. 431Note that the 432.Op Fl k 433option can be used to disable this. 434.It "DO AUTHENTICATION" 435Only sent if 436.Nm telnetd 437is compiled with support for authentication, and 438indicates a willingness to receive authentication 439information for automatic login. 440.It "DO ENCRYPT" 441Only sent if 442.Nm telnetd 443is compiled with support for data encryption, and 444indicates a willingness to decrypt 445the data stream. 446.El 447.Sh ENVIRONMENT 448.Sh FILES 449.Bl -tag -width /etc/services -compact 450.It Pa /etc/services 451.It Pa /etc/inittab 452(UNICOS systems only) 453.It Pa /etc/iptos 454(if supported) 455.El 456.Sh "SEE ALSO" 457.Xr telnet 1 , 458.Xr login 1 459.Sh STANDARDS 460.Bl -tag -compact -width RFC-1572 461.It Cm RFC-854 462.Tn TELNET 463PROTOCOL SPECIFICATION 464.It Cm RFC-855 465TELNET OPTION SPECIFICATIONS 466.It Cm RFC-856 467TELNET BINARY TRANSMISSION 468.It Cm RFC-857 469TELNET ECHO OPTION 470.It Cm RFC-858 471TELNET SUPPRESS GO AHEAD OPTION 472.It Cm RFC-859 473TELNET STATUS OPTION 474.It Cm RFC-860 475TELNET TIMING MARK OPTION 476.It Cm RFC-861 477TELNET EXTENDED OPTIONS - LIST OPTION 478.It Cm RFC-885 479TELNET END OF RECORD OPTION 480.It Cm RFC-1073 481Telnet Window Size Option 482.It Cm RFC-1079 483Telnet Terminal Speed Option 484.It Cm RFC-1091 485Telnet Terminal-Type Option 486.It Cm RFC-1096 487Telnet X Display Location Option 488.It Cm RFC-1123 489Requirements for Internet Hosts -- Application and Support 490.It Cm RFC-1184 491Telnet Linemode Option 492.It Cm RFC-1372 493Telnet Remote Flow Control Option 494.It Cm RFC-1416 495Telnet Authentication Option 496.It Cm RFC-1411 497Telnet Authentication: Kerberos Version 4 498.It Cm RFC-1412 499Telnet Authentication: SPX 500.It Cm RFC-1571 501Telnet Environment Option Interoperability Issues 502.It Cm RFC-1572 503Telnet Environment Option 504.El 505.Sh BUGS 506Some 507.Tn TELNET 508commands are only partially implemented. 509.Pp 510Because of bugs in the original 4.2 BSD 511.Xr telnet 1 , 512.Nm telnetd 513performs some dubious protocol exchanges to try to discover if the remote 514client is, in fact, a 4.2 BSD 515.Xr telnet 1 . 516.Pp 517Binary mode 518has no common interpretation except between similar operating systems 519(Unix in this case). 520.Pp 521The terminal type name received from the remote client is converted to 522lower case. 523.Pp 524.Nm Telnetd 525never sends 526.Tn TELNET 527.Dv IAC GA 528(go ahead) commands. 529