Copyright 1989 AT&T
Copyright (C) 2004, Sun Microsystems, Inc. All Rights Reserved
Copyright (c) 1983, 1990, 1993 The Regents of the University of California. All rights reserved.
telnet [-8EFKLacdfrx] [-X atype] [-e escape_char] [-k realm] [-l user] [-n file] [ [ [!] @hop1 [@hop2...] @] host [port]]
The telnet utility communicates with another host using the TELNET protocol. If telnet is invoked without arguments, it enters command mode, indicated by its prompt, telnet>. In this mode, it accepts and executes its associated commands. See USAGE. If it is invoked with arguments, it performs an open command with those arguments.
If, for example, a host is specified as @hop1@hop2@host, the connection goes through hosts hop1 and hop2, using loose source routing to end at host. If a leading ! is used, the connection follows strict source routing. Notice that when telnet uses IPv6, it can only use loose source routing, and the connection ignores the !.
Once a connection has been opened, telnet enters input mode. In this mode, text typed is sent to the remote host. The input mode entered will be either "line mode", "character at a time", or "old line by line", depending upon what the remote system supports.
In "line mode", character processing is done on the local system, under the control of the remote system. When input editing or character echoing is to be disabled, the remote system will relay that information. The remote system will also relay changes to any special characters that happen on the remote system, so that they can take effect on the local system.
In "character at a time" mode, most text typed is immediately sent to the remote host for processing.
In "old line by line" mode, all text is echoed locally, and (normally) only completed lines are sent to the remote host. The "local echo character" (initially ^E) may be used to turn off and on the local echo. (Use this mostly to enter passwords without the password being echoed.).
If the "line mode" option is enabled, or if the localchars toggle is TRUE (the default in "old line by line" mode), the user's quit, intr, and flush characters are trapped locally, and sent as TELNET protocol sequences to the remote side. If "line mode" has ever been enabled, then the user's susp and eof are also sent as TELNET protocol sequences. quit is then sent as a TELNET ABORT instead of BREAK. The options toggle autoflush and toggle autosynch cause this action to flush subsequent output to the terminal (until the remote host acknowledges the TELNET sequence); and to flush previous terminal input, in the case of quit and intr.
While connected to a remote host, the user can enter telnet command mode by typing the telnet escape character (initially ^]). When in command mode, the normal terminal editing conventions are available. Pressing RETURN at the telnet command prompt causes telnet to exit command mode.
The following options are supported:
-8
Specifies an 8-bit data path. Negotiating the TELNET BINARY option is attempted for both input and output.
-a
Attempts automatic login. This sends the user name by means of the USER variable of the ENVIRON option, if supported by the remote system. The name used is that of the current user as returned by getlogin(3C) if it agrees with the current user ID. Otherwise, it is the name associated with the user ID.
-c
Disables the reading of the user's telnetrc file. (See the toggle skiprc command on this reference page.)
-d
Sets the initial value of the debug toggle to TRUE.
-e escape_char
Sets the initial escape character to escape_char. escape_char may also be a two character sequence consisting of ^ (Control key) followed by one character. If the second character is ?, the DEL character is selected. Otherwise, the second character is converted to a control character and used as the escape character. If escape_char is defined as the null string (that is, -e ''), this is equivalent to -e '^@' (Control-@). To specify that no character can be the escape character, use the -E option.
-E
Stops any character from being recognized as an escape character.
-f
Forwards a copy of the local credentials to the remote system.
-F
Forwards a forwardable copy of the local credentials to the remote system.
-k realm
If Kerberos authentication is being used, requests that telnet obtain tickets for the remote host in realm instead of the remote host's default realm as determined inkrb5.conf(4).
-K
Specifies no automatic login to the remote system.
-l user
When connecting to a remote system that understands the ENVIRON option, then user will be sent to the remote system as the value for the ENVIRON variable USER.
-L
Specifies an 8-bit data path on output. This causes the BINARY option to be negotiated on output.
-n tracefile
Opens tracefile for recording trace information. See the set tracefile command below.
-r
Specifies a user interface similar to rlogin. In this mode, the escape character is set to the tilde (~) character, unless modified by the -e option. The rlogin escape character is only recognized when it is preceded by a carriage return. In this mode, the telnet escape character, normally '^]', must still precede a telnet command. The rlogin escape character can also be followed by '.\er' or '^Z', and, like rlogin(1), closes or suspends the connection, respectively. This option is an uncommitted interface and may change in the future.
-x
Turns on encryption of the data stream. When this option is turned on, telnet will exit with an error if authentication cannot be negotiated or if encryption cannot be turned on.
-X atype
Disables the atype type of authentication.
The commands described in this section are available with telnet. It is necessary to type only enough of each command to uniquely identify it. (This is also true for arguments to the mode, set, toggle, unset, environ, and display commands.)
auth argument ...
The auth command manipulates the information sent through the TELNET AUTHENTICATE option. Valid arguments for the auth command are as follows:
disable type
Disables the specified type of authentication. To obtain a list of available types, use the auth disable ? command.
enable type
Enables the specified type of authentication. To obtain a list of available types, use the auth enable ? command.
status
Lists the current status of the various types of authentication.
open [-l user ] [ [!] @hop1 [@hop2 ...]@host [ port ]
Open a connection to the named host. If no port number is specified, telnet will attempt to contact a TELNET server at the default port. The host specification may be either a host name (see hosts(4)) or an Internet address specified in the "dot notation" (see inet(7P) or inet6(7P)). If the host is specified as @hop1@hop2@host, the connection goes through hosts hop1 and hop2, using loose source routing to end at host. The @ symbol is required as a separator between the hosts specified. If a leading ! is used with IPv4, the connection follows strict source routing. The -l option passes the user as the value of the ENVIRON variable USER to the remote system.
close
Close any open TELNET session and exit telnet. An EOF (in command mode) will also close a session and exit.
encrypt
The encrypt command manipulates the information sent through the TELNET ENCRYPT option. Valid arguments for the encrypt command are as follows:
disable type [input|output]
Disables the specified type of encryption. If you omit the input and output, both input and output are disabled. To obtain a list of available types, use the encrypt disable ? command.
enable type [input|output]
Enables the specified type of encryption. If you omit input and output, both input and output are enabled. To obtain a list of available types, use the encrypt enable ? command.
input
This is the same as the encrypt start input command.
-input
This is the same as the encrypt stop input command.
output
This is the same as the encrypt start output command.
-output
This is the same as the encrypt stop output command.
start [input|output]
Attempts to start encryption. If you omit input and output, both input and output are enabled. To obtain a list of available types, use the encrypt enable ? command.
status
Lists the current status of encryption.
stop [input|output]
Stops encryption. If you omit input and output, encryption is on both input and output.
type type
Sets the default type of encryption to be used with later encrypt start or encrypt stop commands.
quit
Same as close.
z
Suspend telnet. This command only works when the user is using a shell that supports job control, such as sh(1).
mode type
The remote host is asked for permission to go into the requested mode. If the remote host is capable of entering that mode, the requested mode will be entered. The argument type is one of the following:
character
Disable the TELNET LINEMODE option, or, if the remote side does not understand the LINEMODE option, then enter "character at a time" mode.
line
Enable the TELNET LINEMODE option, or, if the remote side does not understand the LINEMODE option, then attempt to enter "old-line-by-line" mode.
isig (-isig)
Attempt to enable (disable) the TRAPSIG mode of the LINEMODE option. This requires that the LINEMODE option be enabled.
edit (-edit)
Attempt to enable (disable) the EDIT mode of the LINEMODE option. This requires that the LINEMODE option be enabled.
softtabs (-softtabs)
Attempt to enable (disable) the SOFT_TAB mode of the LINEMODE option. This requires that the LINEMODE option be enabled.
litecho (-litecho)
Attempt to enable (disable) the LIT_ECHO mode of the LINEMODE option. This requires that the LINEMODE option be enabled.
?
Prints out help information for the mode command.
status
Show the current status of telnet. This includes the peer one is connected to, as well as the current mode.
display
[argument\|.\|.\|.\|] Display all, or some, of the set and toggle values (see toggle argument.\|.\|.).
?
[command] Get help. With no arguments, telnet prints a help summary. If a command is specified, telnet will print the help information for just that command.
send argument\|.\|.\|.
Send one or more special character sequences to the remote host. The following are the arguments that can be specified (more than one argument may be specified at a time):
escape
Send the current telnet escape character (initially ^]).
synch
Send the TELNET SYNCH sequence. This sequence discards all previously typed, but not yet read, input on the remote system. This sequence is sent as TCP urgent data and may not work if the remote system is a 4.2 BSD system. If it does not work, a lowercase "r" may be echoed on the terminal.
brk or break
Send the TELNET BRK (Break) sequence, which may have significance to the remote system.
ip
Send the TELNET IP (Interrupt Process) sequence, which aborts the currently running process on the remote system.
abort
Send the TELNET ABORT (Abort Process) sequence.
ao
Send the TELNET AO (Abort Output) sequence, which flushes all output from the remote system to the user's terminal.
ayt
Send the TELNET AYT (Are You There) sequence, to which the remote system may or may not respond.
ec
Send the TELNET EC (Erase Character) sequence, which erases the last character entered.
el
Send the TELNET EL (Erase Line) sequence, which should cause the remote system to erase the line currently being entered.
eof
Send the TELNET EOF (End Of File) sequence.
eor
Send the TELNET EOR (End Of Record) sequence.
ga
Send the TELNET GA (Go Ahead) sequence, which probably has no significance for the remote system.
getstatus
If the remote side supports the TELNET STATUS command, getstatus will send the subnegotiation to request that the server send its current option status.
nop
Send the TELNET NOP (No Operation) sequence.
susp
Send the TELNET SUSP (Suspend Process) sequence.
do option
dont option
will option
wont option
Send the TELNET protocol option negotiation indicated. Option may be the text name of the protocol option, or the number corresponding to the option. The command will be silently ignored if the option negotiation indicated is not valid in the current state. If the option is given as help or ?, the list of option names known is listed. This command is mostly useful for unusual debugging situations.
?
Print out help information for the send command.
set argument [value]
unset argument
Set any one of a number of telnet variables to a specific value. The special value off turns off the function associated with the variable. The values of variables may be interrogated with the display command. If value is omitted, the value is taken to be true, or "on". If the unset form is used, the value is taken to be false, or off. The variables that may be specified are:
echo
This is the value (initially ^E) that, when in "line by line" mode, toggles between local echoing of entered characters for normal processing, and suppressing echoing of entered characters, for example, entering a password.
escape
This is the telnet escape character (initially ^]) that enters telnet command mode when connected to a remote system.
interrupt
If telnet is in localchars mode (see toggle, localchars) and the interrupt character is typed, a TELNET IP sequence (see send and ip) is sent to the remote host. The initial value for the interrupt character is taken to be the terminal's intr character.
quit
If telnet is in localchars mode and the quit character is typed, a TELNET BRK sequence (see send, brk) is sent to the remote host. The initial value for the quit character is taken to be the terminal's quit character.
flushoutput
If telnet is in localchars mode and the flushoutput character is typed, a TELNET AO sequence (see send, ao) is sent to the remote host. The initial value for the flush character is taken to be the terminal's flush character.
erase
If telnet is in localchars mode and operating in "character at a time" mode, then when the erase character is typed, a TELNET EC sequence (see send, ec) is sent to the remote system. The initial value for the erase character is taken to be the terminal's erase character.
kill
If telnet is in localchars mode and operating in "character at a time" mode, then when the kill character is typed, a TELNET EL sequence (see send, el) is sent to the remote system. The initial value for the kill character is taken to be the terminal's kill character.
eof
If telnet is operating in "line by line"/ mode, entering the eof character as the first character on a line sends this character to the remote system. The initial value of eof is taken to be the terminal's eof character.
ayt
If telnet is in localchars mode, or LINEMODE is enabled, and the status character is typed, a TELNET AYT ("Are You There") sequence is sent to the remote host. (See send, ayt above.) The initial value for ayt is the terminal's status character.
forw1
forw2
If telnet is operating in LINEMODE, and the forw1 or forw2 characters are typed, this causes the forwarding of partial lines to the remote system. The initial values for the forwarding characters come from the terminal's eol and eol2 characters.
lnext
If telnet is operating in LINEMODE or "old line by line" mode, then the lnext character is assumed to be the terminal's lnext character. The initial value for the lnext character is taken to be the terminal's lnext character.
reprint
If telnet is operating in LINEMODE or "old line by line" mode, then the reprint character is assumed to be the terminal's reprint character. The initial value for reprint is taken to be the terminal's reprint character.
rlogin
This is the rlogin escape character. If set, the normal telnet escape character is ignored, unless it is preceded by this character at the beginning of a line. The rlogin character, at the beginning of a line followed by a "." closes the connection. When followed by a ^Z, the rlogin command suspends the telnet command. The initial state is to disable the rlogin escape character.
start
If the TELNET TOGGLE-FLOW-CONTROL option has been enabled, then the start character is taken to be the terminal's start character. The initial value for the kill character is taken to be the terminal's start character.
stop
If the TELNET TOGGLE-FLOW-CONTROL option has been enabled, then the stop character is taken to be the terminal's stop character. The initial value for the kill character is taken to be the terminal's stop character.
susp
If telnet is in localchars mode, or LINEMODE is enabled, and the suspend character is typed, a TELNET SUSP sequence (see send, susp above) is sent to the remote host. The initial value for the suspend character is taken to be the terminal's suspend character.
tracefile
This is the file to which the output, generated when the netdata or the debug option is TRUE, will be written. If tracefile is set to "-", then tracing information will be written to standard output (the default).
worderase
If telnet is operating in LINEMODE or "old line by line" mode, then this character is taken to be the terminal's worderase character. The initial value for the worderase character is taken to be the terminal's worderase character.
?
Displays the legal set and unset commands.
slc state
The slc (Set Local Characters) command is used to set or change the state of special characters when the TELNET LINEMODE option has been enabled. Special characters are characters that get mapped to TELNET commands sequences (like ip or quit) or line editing characters (like erase and kill). By default, the local special characters are exported. The following values for state are valid:
check
Verifies the settings for the current special characters. The remote side is requested to send all the current special character settings. If there are any discrepancies with the local side, the local settings will switch to the remote values.
export
Switches to the local defaults for the special characters. The local default characters are those of the local terminal at the time when telnet was started.
import
Switches to the remote defaults for the special characters. The remote default characters are those of the remote system at the time when the TELNET connection was established.
?
Prints out help information for the slc command.
toggle argument...
Toggle between TRUE and FALSE the various flags that control how telnet responds to events. More than one argument may be specified. The state of these flags may be interrogated with the display command. Valid arguments are:
authdebug
Turns on debugging information for the authentication code.
autodecrypt
When the TELNET ENCRYPT option is negotiated, by default the actual encryption (decryption) of the data stream does not start automatically. The autoencrypt (autodecrypt) command states that encryption of the output (input) stream should be enabled as soon as possible.
autologin
If the remote side supports the TELNET AUTHENTICATION option, telnet attempts to use it to perform automatic authentication. If the AUTHENTICATION option is not supported, the user's login name is propagated through the TELNET ENVIRON option. This command is the same as specifying the -a option on the open command.
autoflush
If autoflush and localchars are both TRUE, then when the ao, intr, or quit characters are recognized (and transformed into TELNET sequences; see set for details), telnet refuses to display any data on the user's terminal until the remote system acknowledges (using a TELNET Timing Mark option) that it has processed those TELNET sequences. The initial value for this toggle is TRUE if the terminal user has not done an "stty noflsh". Otherwise, the value is FALSE (see stty(1)).
autosynch
If autosynch and localchars are both TRUE, then when either the interrupt or quit characters are typed (see set for descriptions of interrupt and quit), the resulting TELNET sequence sent is followed by the TELNET SYNCH sequence. This procedure should cause the remote system to begin throwing away all previously typed input until both of the TELNET sequences have been read and acted upon. The initial value of this toggle is FALSE.
binary
Enable or disable the TELNET BINARY option on both input and output.
inbinary
Enable or disable the TELNET BINARY option on input.
outbinary
Enable or disable the TELNET BINARY option on output.
crlf
Determines how carriage returns are sent. If the value is TRUE, then carriage returns will be sent as <CR><LF>. If the value is FALSE, then carriage returns will be send as <CR><NUL>. The initial value for this toggle is FALSE.
crmod
Toggle RETURN mode. When this mode is enabled, most RETURN characters received from the remote host will be mapped into a RETURN followed by a line feed. This mode does not affect those characters typed by the user, only those received from the remote host. This mode is useful only for remote hosts that send RETURN but never send LINEFEED. The initial value for this toggle is FALSE.
debug
Toggle socket level debugging (only available to the super-user). The initial value for this toggle is FALSE.
encdebug
Turns on debugging information for the encryption code.
localchars
If this toggle is TRUE, then the flush, interrupt, quit, erase, and kill characters (see set) are recognized locally, and transformed into appropriate TELNET control sequences, respectively ao, ip, brk, ec, and el (see send). The initial value for this toggle is TRUE in "line by line" mode, and FALSE in "character at a time" mode. When the LINEMODE option is enabled, the value of localchars is ignored, and assumed always to be TRUE. If LINEMODE has ever been enabled, then quit is sent as abort, and eof and suspend are sent as eof and susp (see send above).
netdata
Toggle the display of all network data (in hexadecimal format). The initial value for this toggle is FALSE.
options
Toggle the display of some internal TELNET protocol processing (having to do with telnet options). The initial value for this toggle is FALSE.
prettydump
When the netdata toggle is enabled, if prettydump is enabled, the output from the netdata command will be formatted in a more user readable format. Spaces are put between each character in the output. The beginning of any TELNET escape sequence is preceded by an asterisk (*) to aid in locating them.
skiprc
When the skiprc toggle is TRUE, TELNET skips the reading of the .telnetrc file in the user's home directory when connections are opened. The initial value for this toggle is FALSE.
termdata
Toggles the display of all terminal data (in hexadecimal format). The initial value for this toggle is FALSE.
verbose_encrypt
When the verbose_encrypt flag is TRUE, TELNET prints out a message each time encryption is enabled or disabled. The initial value for this toggle is FALSE.
?
Display the legal toggle commands.
environ argument\|.\|.\|.
The environ command is used to manipulate variables that may be sent through the TELNET ENVIRON option. The initial set of variables is taken from the users environment. Only the DISPLAY and PRINTER variables are exported by default. Valid arguments for the environ command are:
define variable value
Define variable to have a value of value. Any variables defined by this command are automatically exported. The value may be enclosed in single or double quotes, so that tabs and spaces may be included.
undefine variable
Remove variable from the list of environment variables.
export variable
Mark the variable to be exported to the remote side.
unexport variable
Mark the variable to not be exported unless explicitly requested by the remote side.
list
List the current set of environment variables. Those marked with an asterisk (*) will be sent automatically. Other variables will be sent only if explicitly requested.
?
Prints out help information for the environ command.
logout
Sends the telnet logout option to the remote side. This command is similar to a close command. However, if the remote side does not support the logout option, nothing happens. If, however, the remote side does support the logout option, this command should cause the remote side to close the TELNET connection. If the remote side also supports the concept of suspending a user's session for later reattachment, the logout argument indicates that the remote side should terminate the session immediately.
$HOME/.telnetrc
file that contains commands to be executed before initiating a telnet session
rlogin(1), sh(1), stty(1), getlogin(3C), hosts(4), krb5.conf(4), nologin(4), telnetrc(4), attributes(5), inet(7P), inet6(7P)
NO LOGINS: System going down in N minutes
The machine is in the process of being shut down and logins have been disabled.
On some remote systems, echo has to be turned off manually when in "line by line" mode.
In "old line by line" mode, or LINEMODE, the terminal's EOF character is only recognized (and sent to the remote system) when it is the first character on a line.
The telnet protocol only uses single DES for session protection\(emclients request service tickets with single DES session keys. The KDC must know that host service principals that offer the telnet service support single DES, which, in practice, means that such principals must have single DES keys in the KDC database.