1.\" $NetBSD: telnetd.8,v 1.31 2009/04/08 13:36:32 joerg Exp $ 2.\" 3.\" Copyright (c) 1983, 1993 4.\" The Regents of the University of California. All rights reserved. 5.\" 6.\" Redistribution and use in source and binary forms, with or without 7.\" modification, are permitted provided that the following conditions 8.\" are met: 9.\" 1. Redistributions of source code must retain the above copyright 10.\" notice, this list of conditions and the following disclaimer. 11.\" 2. Redistributions in binary form must reproduce the above copyright 12.\" notice, this list of conditions and the following disclaimer in the 13.\" documentation and/or other materials provided with the distribution. 14.\" 3. Neither the name of the University nor the names of its contributors 15.\" may be used to endorse or promote products derived from this software 16.\" without specific prior written permission. 17.\" 18.\" THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND 19.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 20.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 21.\" ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE 22.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 23.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 24.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 25.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 26.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 27.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 28.\" SUCH DAMAGE. 29.\" 30.\" from: @(#)telnetd.8 8.3 (Berkeley) 3/1/94 31.\" 32.Dd July 17, 2004 33.Dt TELNETD 8 34.Os 35.Sh NAME 36.Nm telnetd 37.Nd DARPA 38.Tn TELNET 39protocol server 40.Sh SYNOPSIS 41.Nm /usr/libexec/telnetd 42.Op Fl Uhlkns46 43.Op Fl D Ar debugmode 44.Op Fl S Ar tos 45.Op Fl X Ar authtype 46.Op Fl a Ar authmode 47.Op Fl edebug 48.Op Fl g Ar gettyent 49.Op Fl u Ar len 50.Op Fl debug Op Ar port 51.Sh DESCRIPTION 52The 53.Nm 54command is a server which supports the 55.Tn DARPA 56standard 57.Tn TELNET 58virtual terminal protocol. 59.Nm 60is normally invoked by the internet server (see 61.Xr inetd 8 ) 62for requests to connect to the 63.Tn TELNET 64port as indicated by the 65.Pa /etc/services 66file (see 67.Xr services 5 ) . 68The 69.Fl debug 70option may be used to start up 71.Nm 72manually, instead of through 73.Xr inetd 8 . 74If started up this way, 75.Ar port 76may be specified to run 77.Nm 78on an alternate 79.Tn TCP 80port number. 81.Pp 82The 83.Nm 84command accepts the following options: 85.Bl -tag -width "-a authmode" 86.It Fl a Ar authmode 87This option may be used for specifying what mode should 88be used for authentication. 89Note that this option is only useful if 90.Nm 91has been compiled with support for the 92.Dv AUTHENTICATION 93option. 94There are several valid values for 95.Ar authmode : 96.Bl -tag -width debug 97.It debug 98Turns on authentication debugging code. 99.It user 100Only allow connections when the remote user 101can provide valid authentication information 102to identify the remote user, 103and is allowed access to the specified account 104without providing a password. 105.It valid 106Only allow connections when the remote user 107can provide valid authentication information 108to identify the remote user. 109The 110.Xr login 1 111command will provide any additional user verification 112needed if the remote user is not allowed automatic 113access to the specified account. 114.It other 115Only allow connections that supply some authentication information. 116This option is currently not supported 117by any of the existing authentication mechanisms, 118and is thus the same as specifying 119.Fl a 120.Cm valid . 121.It none 122This is the default state. 123Authentication information is not required. 124If no or insufficient authentication information 125is provided, then the 126.Xr login 1 127program will provide the necessary user 128verification. 129.It off 130This disables the authentication code. 131All user verification will happen through the 132.Xr login 1 133program. 134.El 135.It Fl D Ar debugmode 136This option may be used for debugging purposes. 137This allows 138.Nm 139to print out debugging information 140to the connection, allowing the user to see what 141.Nm 142is doing. 143There are several possible values for 144.Ar debugmode : 145.Bl -tag -width exercise 146.It Cm options 147Prints information about the negotiation of 148.Tn TELNET 149options. 150.It Cm report 151Prints the 152.Cm options 153information, plus some additional information 154about what processing is going on. 155.It Cm netdata 156Displays the data stream received by 157.Nm . 158.It Cm ptydata 159Displays data written to the pty. 160.It Cm exercise 161Has not been implemented yet. 162.El 163.It Fl debug 164Enables debugging on each socket created by 165.Nm 166(see 167.Dv SO_DEBUG 168in 169.Xr socket 2 ) . 170.It Fl edebug 171If 172.Nm 173has been compiled with support for data encryption, then the 174.Fl edebug 175option may be used to enable encryption debugging code. 176.It Fl g Ar gettyent 177Specifies which entry from 178.Pa /etc/gettytab 179should be used to get banner strings, login program and 180other information. 181The default entry is 182.Dv default . 183.It Fl h 184Disables the printing of host-specific information before 185login has been completed. 186.It Fl k 187This option is only useful if 188.Nm 189has been compiled with both linemode and kludge linemode support. 190If the 191.Fl k 192option is specified, 193then if the remote client does not support the 194.Dv LINEMODE 195option, then 196.Nm 197will operate in character at a time mode. 198It will still support kludge linemode, but will only 199go into kludge linemode if the remote client requests it. 200(This is done by by the client sending 201.Dv DONT SUPPRESS-GO-AHEAD 202and 203.Dv DONT ECHO . ) 204The 205.Fl k 206option is most useful when there are remote clients 207that do not support kludge linemode, but pass the heuristic 208(if they respond with 209.Dv WILL TIMING-MARK 210in response to a 211.Dv DO TIMING-MARK ) 212for kludge linemode support. 213.It Fl l 214Specifies line mode. 215Tries to force clients to use line-at-a-time mode. 216If the 217.Dv LINEMODE 218option is not supported, it will go 219into kludge linemode. 220.It Fl n 221Disable 222.Dv TCP 223keep-alives. 224Normally 225.Nm 226enables the 227.Tn TCP 228keep-alive mechanism to probe connections that 229have been idle for some period of time to determine 230if the client is still there, so that idle connections 231from machines that have crashed or can no longer 232be reached may be cleaned up. 233.It Fl s 234This option is only enabled if 235.Nm 236is compiled with support for secure logins. 237It causes the 238.Fl s 239option to be passed on to 240.Xr login 1 , 241and thus is only useful if 242.Xr login 1 243supports the 244.Fl s 245flag to indicate that only Kerberos or S/Key 246validated logins are allowed, and is 247usually useful for controlling remote logins 248from outside of a firewall. 249.It Fl S Ar tos 250This option sets the IP Type-of Service (TOS) option 251on the connection to the value tos, which may be a 252numeric TOS value or a symbolic TOS name found in the 253.Pa /etc/iptos 254file. 255This option has no effect on 256.Nx . 257.\"The option has no effect on systems that do not 258.\"support 259.\".Xr parsetos 3 260.\"routine and the 261.\".Pa /etc/iptos 262.\"file. 263.It Fl u Ar len 264This option is used to specify the size of the field 265in the 266.Dv utmp 267structure that holds the remote host name. 268If the resolved host name is longer than 269.Ar len , 270the dotted decimal value will be used instead. 271This allows hosts with very long host names that 272overflow this field to still be uniquely identified. 273Specifying 274.Fl u0 275indicates that only dotted decimal addresses 276should be put into the 277.Pa utmp 278file. 279.It Fl U 280This option causes 281.Nm 282to refuse connections from addresses that 283cannot be mapped back into a symbolic name via the 284.Xr getnameinfo 3 285routine. 286.It Fl X Ar authtype 287This option is only valid if 288.Nm 289has been built with support for the authentication option. 290It disables the use of 291.Ar authtype 292authentication, and can be used to temporarily disable 293a specific authentication type without having to recompile 294.Nm . 295.It Fl 4 296.It Fl 6 297Specifies address family to be used on 298.Fl debug 299mode. 300During normal operation 301.Po 302called from 303.Xr inetd 8 304.Pc 305.Nm 306will use the file descriptor passed from 307.Xr inetd 8 . 308.El 309.Pp 310.Nm 311operates by allocating a pseudo-terminal device (see 312.Xr pty 4 ) 313for a client, then creating a login process which has 314the slave side of the pseudo-terminal as 315.Dv stdin , 316.Dv stdout 317and 318.Dv stderr . 319.Nm 320manipulates the master side of the pseudo-terminal, 321implementing the 322.Tn TELNET 323protocol and passing characters 324between the remote client and the login process. 325.Pp 326When a 327.Tn TELNET 328session is started up, 329.Nm 330sends 331.Tn TELNET 332options to the client side indicating 333a willingness to do the following 334.Tn TELNET 335options, which are described in more detail below: 336.Bd -literal -offset indent 337DO AUTHENTICATION 338WILL ENCRYPT 339DO TERMINAL TYPE 340DO TSPEED 341DO XDISPLOC 342DO NEW-ENVIRON 343DO ENVIRON 344WILL SUPPRESS GO AHEAD 345DO ECHO 346DO LINEMODE 347DO NAWS 348WILL STATUS 349DO LFLOW 350DO TIMING-MARK 351.Ed 352.Pp 353The pseudo-terminal allocated to the client is configured 354to operate in \*(lqcooked\*(rq mode, and with 355.Dv XTABS and 356.Dv CRMOD 357enabled (see 358.Xr tty 4 ) . 359.Pp 360.Nm 361has support for enabling locally the following 362.Tn TELNET 363options: 364.Bl -tag -width "DO AUTHENTICATION" 365.It "WILL ECHO" 366When the 367.Dv LINEMODE 368option is enabled, a 369.Dv WILL ECHO 370or 371.Dv WONT ECHO 372will be sent to the client to indicate the 373current state of terminal echoing. 374When terminal echo is not desired, a 375.Dv WILL ECHO 376is sent to indicate that 377.Tn telnetd 378will take care of echoing any data that needs to be 379echoed to the terminal, and then nothing is echoed. 380When terminal echo is desired, a 381.Dv WONT ECHO 382is sent to indicate that 383.Tn telnetd 384will not be doing any terminal echoing, so the 385client should do any terminal echoing that is needed. 386.It "WILL BINARY" 387Indicates that the client is willing to send a 3888 bits of data, rather than the normal 7 bits 389of the Network Virtual Terminal. 390.It "WILL SGA" 391Indicates that it will not be sending 392.Dv IAC GA , 393go ahead, commands. 394.It "WILL STATUS" 395Indicates a willingness to send the client, upon 396request, of the current status of all 397.Tn TELNET 398options. 399.It "WILL TIMING-MARK" 400Whenever a 401.Dv DO TIMING-MARK 402command is received, it is always responded 403to with a 404.Dv WILL TIMING-MARK 405.It "WILL LOGOUT" 406When a 407.Dv DO LOGOUT 408is received, a 409.Dv WILL LOGOUT 410is sent in response, and the 411.Tn TELNET 412session is shut down. 413.It "WILL ENCRYPT" 414Only sent if 415.Nm 416is compiled with support for data encryption, and 417indicates a willingness to decrypt the data stream. 418.El 419.Pp 420.Nm 421has support for enabling remotely the following 422.Tn TELNET 423options: 424.Bl -tag -width "DO AUTHENTICATION" 425.It "DO BINARY" 426Sent to indicate that 427.Tn telnetd 428is willing to receive an 8 bit data stream. 429.It "DO LFLOW" 430Requests that the client handle flow control 431characters remotely. 432.It "DO ECHO" 433This is not really supported, but is sent to identify a 434.Bx 4.2 435.Xr telnet 1 436client, which will improperly respond with 437.Dv WILL ECHO . 438If a 439.Dv WILL ECHO 440is received, a 441.Dv DONT ECHO 442will be sent in response. 443.It "DO TERMINAL-TYPE" 444Indicates a desire to be able to request the 445name of the type of terminal that is attached 446to the client side of the connection. 447.It "DO SGA" 448Indicates that it does not need to receive 449.Dv IAC GA , 450the go ahead command. 451.It "DO NAWS" 452Requests that the client inform the server when 453the window (display) size changes. 454.It "DO TERMINAL-SPEED" 455Indicates a desire to be able to request information 456about the speed of the serial line to which 457the client is attached. 458.It "DO XDISPLOC" 459Indicates a desire to be able to request the name 460of the X windows display that is associated with 461the telnet client. 462.It "DO NEW-ENVIRON" 463Indicates a desire to be able to request environment 464variable information, as described in RFC 1572. 465.It "DO ENVIRON" 466Indicates a desire to be able to request environment 467variable information, as described in RFC 1408. 468.It "DO LINEMODE" 469Only sent if 470.Nm 471is compiled with support for linemode, and 472requests that the client do line by line processing. 473.It "DO TIMING-MARK" 474Only sent if 475.Nm 476is compiled with support for both linemode and 477kludge linemode, and the client responded with 478.Dv WONT LINEMODE . 479If the client responds with 480.Dv WILL TM , 481the it is assumed that the client supports kludge linemode. 482Note that the 483.Op Fl k 484option can be used to disable this. 485.It "DO AUTHENTICATION" 486Only sent if 487.Nm 488is compiled with support for authentication, and 489indicates a willingness to receive authentication 490information for automatic login. 491.It "DO ENCRYPT" 492Only sent if 493.Nm 494is compiled with support for data encryption, and 495indicates a willingness to decrypt the data stream. 496.El 497.Pp 498At the end of a login session, 499.Nm 500invokes the 501.Xr ttyaction 3 502facility with an action of "telnetd" and user "root" 503to execute site-specific commands. 504.Sh FILES 505.Bl -item -compact 506.It 507.Pa /etc/services 508.It 509.Pa /etc/iptos 510(if supported) 511.El 512.Sh SEE ALSO 513.Xr login 1 , 514.Xr skey 1 , 515.Xr telnet 1 , 516.Xr ttyaction 3 517.Sh STANDARDS 518.Bl -tag -compact -width "RFC 1572 " 519.It RFC 854 520.Tn TELNET 521PROTOCOL SPECIFICATION 522.It RFC 855 523TELNET OPTION SPECIFICATIONS 524.It RFC 856 525TELNET BINARY TRANSMISSION 526.It RFC 857 527TELNET ECHO OPTION 528.It RFC 858 529TELNET SUPPRESS GO AHEAD OPTION 530.It RFC 859 531TELNET STATUS OPTION 532.It RFC 860 533TELNET TIMING MARK OPTION 534.It RFC 861 535TELNET EXTENDED OPTIONS - LIST OPTION 536.It RFC 885 537TELNET END OF RECORD OPTION 538.It RFC 1073 539Telnet Window Size Option 540.It RFC 1079 541Telnet Terminal Speed Option 542.It RFC 1091 543Telnet Terminal-Type Option 544.It RFC 1096 545Telnet X Display Location Option 546.It RFC 1123 547Requirements for Internet Hosts -- Application and Support 548.It RFC 1184 549Telnet Linemode Option 550.It RFC 1372 551Telnet Remote Flow Control Option 552.It RFC 1416 553Telnet Authentication Option 554.It RFC 1411 555Telnet Authentication: Kerberos Version 4 556.It RFC 1412 557Telnet Authentication: SPX 558.It RFC 1571 559Telnet Environment Option Interoperability Issues 560.It RFC 1572 561Telnet Environment Option 562.El 563.Sh BUGS 564Some 565.Tn TELNET 566commands are only partially implemented. 567.Pp 568Because of bugs in the original 569.Bx 4.2 570.Xr telnet 1 , 571.Nm 572performs some dubious protocol exchanges to try to discover if the remote 573client is, in fact, a 574.Bx 4.2 575.Xr telnet 1 . 576.Pp 577Binary mode 578has no common interpretation except between similar operating systems 579.Po 580.Ux 581in this case 582.Pc . 583.Pp 584The terminal type name received from the remote client is converted to 585lower case. 586.Pp 587.Nm 588never sends 589.Tn TELNET 590.Dv IAC GA 591(go ahead) commands. 592