1.\" Copyright (c) 1983, 1993 2.\" The Regents of the University of California. All rights reserved. 3.\" 4.\" Redistribution and use in source and binary forms, with or without 5.\" modification, are permitted provided that the following conditions 6.\" are met: 7.\" 1. Redistributions of source code must retain the above copyright 8.\" notice, this list of conditions and the following disclaimer. 9.\" 2. Redistributions in binary form must reproduce the above copyright 10.\" notice, this list of conditions and the following disclaimer in the 11.\" documentation and/or other materials provided with the distribution. 12.\" 3. All advertising materials mentioning features or use of this software 13.\" must display the following acknowledgement: 14.\" This product includes software developed by the University of 15.\" California, Berkeley and its contributors. 16.\" 4. Neither the name of the University nor the names of its contributors 17.\" may be used to endorse or promote products derived from this software 18.\" without specific prior written permission. 19.\" 20.\" THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND 21.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 22.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 23.\" ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE 24.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 25.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 26.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 27.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 28.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 29.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 30.\" SUCH DAMAGE. 31.\" 32.\" @(#)telnetd.8 8.4 (Berkeley) 6/1/94 33.\" 34.Dd June 1, 1994 35.Dt TELNETD 8 36.Os BSD 4.2 37.Sh NAME 38.Nm telnetd 39.Nd DARPA 40.Tn TELNET 41protocol server 42.Sh SYNOPSIS 43.Nm telnetd 44.Op Fl BUhkln 45.Op Fl D Ar debugmode 46.Op Fl S Ar tos 47.Op Fl X Ar authtype 48.Op Fl a Ar authmode 49.Op Fl r Ns Ar lowpty-highpty 50.Op Fl u Ar len 51.Op Fl debug 52.Op Fl L Ar /bin/login 53.Op Ar port 54.Sh DESCRIPTION 55The 56.Nm telnetd 57command is a server which supports the 58.Tn DARPA 59standard 60.Tn TELNET 61virtual terminal protocol. 62.Nm Telnetd 63is normally invoked by the internet server (see 64.Xr inetd 8 ) 65for requests to connect to the 66.Tn TELNET 67port as indicated by the 68.Pa /etc/services 69file (see 70.Xr services 5 ) . 71The 72.Fl debug 73option may be used to start up 74.Nm telnetd 75manually, instead of through 76.Xr inetd 8 . 77If started up this way, 78.Ar port 79may be specified to run 80.Nm telnetd 81on an alternate 82.Tn TCP 83port number. 84.Pp 85The 86.Nm telnetd 87command accepts the following options: 88.Bl -tag -width "-a authmode" 89.It Fl a Ar authmode 90This option may be used for specifying what mode should 91be used for authentication. 92Note that this option is only useful if 93.Nm telnetd 94has been compiled with support for the 95.Dv AUTHENTICATION 96option. 97There are several valid values for 98.Ar authmode: 99.Bl -tag -width debug 100.It debug 101Turns on authentication debugging code. 102.It user 103Only allow connections when the remote user 104can provide valid authentication information 105to identify the remote user, 106and is allowed access to the specified account 107without providing a password. 108.It valid 109Only allow connections when the remote user 110can provide valid authentication information 111to identify the remote user. 112The 113.Xr login 1 114command will provide any additional user verification 115needed if the remote user is not allowed automatic 116access to the specified account. 117.It other 118Only allow connections that supply some authentication information. 119This option is currently not supported 120by any of the existing authentication mechanisms, 121and is thus the same as specifying 122.Fl a 123.Cm valid . 124.It otp 125Only allow authenticated connections (as with 126.Fl a 127.Cm user ) 128and also logins with one-time passwords (OTPs). This option will call 129login with an option so that only OTPs are accepted. The user can of 130course still type secret information at the prompt. 131.It none 132This is the default state. 133Authentication information is not required. 134If no or insufficient authentication information 135is provided, then the 136.Xr login 1 137program will provide the necessary user 138verification. 139.It off 140This disables the authentication code. 141All user verification will happen through the 142.Xr login 1 143program. 144.El 145.It Fl B 146Ignored. 147.It Fl D Ar debugmode 148This option may be used for debugging purposes. 149This allows 150.Nm telnetd 151to print out debugging information 152to the connection, allowing the user to see what 153.Nm telnetd 154is doing. 155There are several possible values for 156.Ar debugmode: 157.Bl -tag -width exercise 158.It Cm options 159Prints information about the negotiation of 160.Tn TELNET 161options. 162.It Cm report 163Prints the 164.Cm options 165information, plus some additional information 166about what processing is going on. 167.It Cm netdata 168Displays the data stream received by 169.Nm telnetd. 170.It Cm ptydata 171Displays data written to the pty. 172.It Cm exercise 173Has not been implemented yet. 174.El 175.It Fl h 176Disables the printing of host-specific information before 177login has been completed. 178.It Fl k 179.It Fl l 180Ignored. 181.It Fl n 182Disable 183.Dv TCP 184keep-alives. Normally 185.Nm telnetd 186enables the 187.Tn TCP 188keep-alive mechanism to probe connections that 189have been idle for some period of time to determine 190if the client is still there, so that idle connections 191from machines that have crashed or can no longer 192be reached may be cleaned up. 193.It Fl r Ar lowpty-highpty 194This option is only enabled when 195.Nm telnetd 196is compiled for 197.Dv UNICOS. 198It specifies an inclusive range of pseudo-terminal devices to 199use. If the system has sysconf variable 200.Dv _SC_CRAY_NPTY 201configured, the default pty search range is 0 to 202.Dv _SC_CRAY_NPTY; 203otherwise, the default range is 0 to 128. Either 204.Ar lowpty 205or 206.Ar highpty 207may be omitted to allow changing 208either end of the search range. If 209.Ar lowpty 210is omitted, the - character is still required so that 211.Nm telnetd 212can differentiate 213.Ar highpty 214from 215.Ar lowpty . 216.It Fl S Ar tos 217.It Fl u Ar len 218This option is used to specify the size of the field 219in the 220.Dv utmp 221structure that holds the remote host name. 222If the resolved host name is longer than 223.Ar len , 224the dotted decimal value will be used instead. 225This allows hosts with very long host names that 226overflow this field to still be uniquely identified. 227Specifying 228.Fl u0 229indicates that only dotted decimal addresses 230should be put into the 231.Pa utmp 232file. 233.ne 1i 234.It Fl U 235This option causes 236.Nm telnetd 237to refuse connections from addresses that 238cannot be mapped back into a symbolic name 239via the 240.Xr gethostbyaddr 3 241routine. 242.It Fl X Ar authtype 243This option is only valid if 244.Nm telnetd 245has been built with support for the authentication option. 246It disables the use of 247.Ar authtype 248authentication, and 249can be used to temporarily disable 250a specific authentication type without having to recompile 251.Nm telnetd . 252.It Fl L pathname 253Specify pathname to an alternative login program. 254.El 255.Pp 256.Nm Telnetd 257operates by allocating a pseudo-terminal device (see 258.Xr pty 4 ) 259for a client, then creating a login process which has 260the slave side of the pseudo-terminal as 261.Dv stdin , 262.Dv stdout 263and 264.Dv stderr . 265.Nm Telnetd 266manipulates the master side of the pseudo-terminal, 267implementing the 268.Tn TELNET 269protocol and passing characters 270between the remote client and the login process. 271.Pp 272When a 273.Tn TELNET 274session is started up, 275.Nm telnetd 276sends 277.Tn TELNET 278options to the client side indicating 279a willingness to do the 280following 281.Tn TELNET 282options, which are described in more detail below: 283.Bd -literal -offset indent 284DO AUTHENTICATION 285WILL ENCRYPT 286DO TERMINAL TYPE 287DO TSPEED 288DO XDISPLOC 289DO NEW-ENVIRON 290DO ENVIRON 291WILL SUPPRESS GO AHEAD 292DO ECHO 293DO LINEMODE 294DO NAWS 295WILL STATUS 296DO LFLOW 297DO TIMING-MARK 298.Ed 299.Pp 300The pseudo-terminal allocated to the client is configured 301to operate in \*(lqcooked\*(rq mode, and with 302.Dv XTABS and 303.Dv CRMOD 304enabled (see 305.Xr tty 4 ) . 306.Pp 307.Nm Telnetd 308has support for enabling locally the following 309.Tn TELNET 310options: 311.Bl -tag -width "DO AUTHENTICATION" 312.It "WILL ECHO" 313When the 314.Dv LINEMODE 315option is enabled, a 316.Dv WILL ECHO 317or 318.Dv WONT ECHO 319will be sent to the client to indicate the 320current state of terminal echoing. 321When terminal echo is not desired, a 322.Dv WILL ECHO 323is sent to indicate that 324.Tn telnetd 325will take care of echoing any data that needs to be 326echoed to the terminal, and then nothing is echoed. 327When terminal echo is desired, a 328.Dv WONT ECHO 329is sent to indicate that 330.Tn telnetd 331will not be doing any terminal echoing, so the 332client should do any terminal echoing that is needed. 333.It "WILL BINARY" 334Indicates that the client is willing to send a 3358 bits of data, rather than the normal 7 bits 336of the Network Virtual Terminal. 337.It "WILL SGA" 338Indicates that it will not be sending 339.Dv IAC GA, 340go ahead, commands. 341.It "WILL STATUS" 342Indicates a willingness to send the client, upon 343request, of the current status of all 344.Tn TELNET 345options. 346.It "WILL TIMING-MARK" 347Whenever a 348.Dv DO TIMING-MARK 349command is received, it is always responded 350to with a 351.Dv WILL TIMING-MARK 352.ne 1i 353.It "WILL LOGOUT" 354When a 355.Dv DO LOGOUT 356is received, a 357.Dv WILL LOGOUT 358is sent in response, and the 359.Tn TELNET 360session is shut down. 361.It "WILL ENCRYPT" 362Only sent if 363.Nm telnetd 364is compiled with support for data encryption, and 365indicates a willingness to decrypt 366the data stream. 367.El 368.Pp 369.Nm Telnetd 370has support for enabling remotely the following 371.Tn TELNET 372options: 373.Bl -tag -width "DO AUTHENTICATION" 374.It "DO BINARY" 375Sent to indicate that 376.Tn telnetd 377is willing to receive an 8 bit data stream. 378.It "DO LFLOW" 379Requests that the client handle flow control 380characters remotely. 381.It "DO ECHO" 382This is not really supported, but is sent to identify a 4.2BSD 383.Xr telnet 1 384client, which will improperly respond with 385.Dv WILL ECHO. 386If a 387.Dv WILL ECHO 388is received, a 389.Dv DONT ECHO 390will be sent in response. 391.It "DO TERMINAL-TYPE" 392Indicates a desire to be able to request the 393name of the type of terminal that is attached 394to the client side of the connection. 395.It "DO SGA" 396Indicates that it does not need to receive 397.Dv IAC GA, 398the go ahead command. 399.It "DO NAWS" 400Requests that the client inform the server when 401the window (display) size changes. 402.It "DO TERMINAL-SPEED" 403Indicates a desire to be able to request information 404about the speed of the serial line to which 405the client is attached. 406.It "DO XDISPLOC" 407Indicates a desire to be able to request the name 408of the X windows display that is associated with 409the telnet client. 410.It "DO NEW-ENVIRON" 411Indicates a desire to be able to request environment 412variable information, as described in RFC 1572. 413.It "DO ENVIRON" 414Indicates a desire to be able to request environment 415variable information, as described in RFC 1408. 416.It "DO LINEMODE" 417Only sent if 418.Nm telnetd 419is compiled with support for linemode, and 420requests that the client do line by line processing. 421.It "DO TIMING-MARK" 422Only sent if 423.Nm telnetd 424is compiled with support for both linemode and 425kludge linemode, and the client responded with 426.Dv WONT LINEMODE. 427If the client responds with 428.Dv WILL TM, 429the it is assumed that the client supports 430kludge linemode. 431Note that the 432.Op Fl k 433option can be used to disable this. 434.It "DO AUTHENTICATION" 435Only sent if 436.Nm telnetd 437is compiled with support for authentication, and 438indicates a willingness to receive authentication 439information for automatic login. 440.It "DO ENCRYPT" 441Only sent if 442.Nm telnetd 443is compiled with support for data encryption, and 444indicates a willingness to decrypt 445the data stream. 446.El 447.Sh ENVIRONMENT 448.Sh FILES 449.Pa /etc/services 450.br 451.Pa /etc/inittab 452(UNICOS systems only) 453.br 454.Pa /etc/iptos 455(if supported) 456.br 457.Sh "SEE ALSO" 458.Xr telnet 1 , 459.Xr login 1 460.Sh STANDARDS 461.Bl -tag -compact -width RFC-1572 462.It Cm RFC-854 463.Tn TELNET 464PROTOCOL SPECIFICATION 465.It Cm RFC-855 466TELNET OPTION SPECIFICATIONS 467.It Cm RFC-856 468TELNET BINARY TRANSMISSION 469.It Cm RFC-857 470TELNET ECHO OPTION 471.It Cm RFC-858 472TELNET SUPPRESS GO AHEAD OPTION 473.It Cm RFC-859 474TELNET STATUS OPTION 475.It Cm RFC-860 476TELNET TIMING MARK OPTION 477.It Cm RFC-861 478TELNET EXTENDED OPTIONS - LIST OPTION 479.It Cm RFC-885 480TELNET END OF RECORD OPTION 481.It Cm RFC-1073 482Telnet Window Size Option 483.It Cm RFC-1079 484Telnet Terminal Speed Option 485.It Cm RFC-1091 486Telnet Terminal-Type Option 487.It Cm RFC-1096 488Telnet X Display Location Option 489.It Cm RFC-1123 490Requirements for Internet Hosts -- Application and Support 491.It Cm RFC-1184 492Telnet Linemode Option 493.It Cm RFC-1372 494Telnet Remote Flow Control Option 495.It Cm RFC-1416 496Telnet Authentication Option 497.It Cm RFC-1411 498Telnet Authentication: Kerberos Version 4 499.It Cm RFC-1412 500Telnet Authentication: SPX 501.It Cm RFC-1571 502Telnet Environment Option Interoperability Issues 503.It Cm RFC-1572 504Telnet Environment Option 505.El 506.Sh BUGS 507Some 508.Tn TELNET 509commands are only partially implemented. 510.Pp 511Because of bugs in the original 4.2 BSD 512.Xr telnet 1 , 513.Nm telnetd 514performs some dubious protocol exchanges to try to discover if the remote 515client is, in fact, a 4.2 BSD 516.Xr telnet 1 . 517.Pp 518Binary mode 519has no common interpretation except between similar operating systems 520(Unix in this case). 521.Pp 522The terminal type name received from the remote client is converted to 523lower case. 524.Pp 525.Nm Telnetd 526never sends 527.Tn TELNET 528.Dv IAC GA 529(go ahead) commands. 530