1.\" $NetBSD: telnetd.8,v 1.23 2002/01/15 02:28:22 wiz Exp $ 2.\" 3.\" Copyright (c) 1983, 1993 4.\" The Regents of the University of California. All rights reserved. 5.\" 6.\" Redistribution and use in source and binary forms, with or without 7.\" modification, are permitted provided that the following conditions 8.\" are met: 9.\" 1. Redistributions of source code must retain the above copyright 10.\" notice, this list of conditions and the following disclaimer. 11.\" 2. Redistributions in binary form must reproduce the above copyright 12.\" notice, this list of conditions and the following disclaimer in the 13.\" documentation and/or other materials provided with the distribution. 14.\" 3. All advertising materials mentioning features or use of this software 15.\" must display the following acknowledgement: 16.\" This product includes software developed by the University of 17.\" California, Berkeley and its contributors. 18.\" 4. Neither the name of the University nor the names of its contributors 19.\" may be used to endorse or promote products derived from this software 20.\" without specific prior written permission. 21.\" 22.\" THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND 23.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 24.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 25.\" ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE 26.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 27.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 28.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 29.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 30.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 31.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 32.\" SUCH DAMAGE. 33.\" 34.\" from: @(#)telnetd.8 8.3 (Berkeley) 3/1/94 35.\" 36.Dd August 25, 2001 37.Dt TELNETD 8 38.Os 39.Sh NAME 40.Nm telnetd 41.Nd DARPA 42.Tn TELNET 43protocol server 44.Sh SYNOPSIS 45.Nm /usr/libexec/telnetd 46.Op Fl Uhlkns46 47.Op Fl D Ar debugmode 48.Op Fl S Ar tos 49.Op Fl X Ar authtype 50.Op Fl a Ar authmode 51.Op Fl edebug 52.Op Fl g Ar gettyent 53.Op Fl r Ns Ar lowpty-highpty 54.Op Fl u Ar len 55.Op Fl debug Op Ar port 56.Sh DESCRIPTION 57The 58.Nm 59command is a server which supports the 60.Tn DARPA 61standard 62.Tn TELNET 63virtual terminal protocol. 64.Nm 65is normally invoked by the internet server (see 66.Xr inetd 8 ) 67for requests to connect to the 68.Tn TELNET 69port as indicated by the 70.Pa /etc/services 71file (see 72.Xr services 5 ) . 73The 74.Fl debug 75option may be used to start up 76.Nm 77manually, instead of through 78.Xr inetd 8 . 79If started up this way, 80.Ar port 81may be specified to run 82.Nm 83on an alternate 84.Tn TCP 85port number. 86.Pp 87The 88.Nm 89command accepts the following options: 90.Bl -tag -width "-a authmode" 91.It Fl a Ar authmode 92This option may be used for specifying what mode should 93be used for authentication. 94Note that this option is only useful if 95.Nm 96has been compiled with support for the 97.Dv AUTHENTICATION 98option. 99There are several valid values for 100.Ar authmode : 101.Bl -tag -width debug 102.It debug 103Turns on authentication debugging code. 104.It user 105Only allow connections when the remote user 106can provide valid authentication information 107to identify the remote user, 108and is allowed access to the specified account 109without providing a password. 110.It valid 111Only allow connections when the remote user 112can provide valid authentication information 113to identify the remote user. 114The 115.Xr login 1 116command will provide any additional user verification 117needed if the remote user is not allowed automatic 118access to the specified account. 119.It other 120Only allow connections that supply some authentication information. 121This option is currently not supported 122by any of the existing authentication mechanisms, 123and is thus the same as specifying 124.Fl a 125.Cm valid . 126.It none 127This is the default state. 128Authentication information is not required. 129If no or insufficient authentication information 130is provided, then the 131.Xr login 1 132program will provide the necessary user 133verification. 134.It off 135This disables the authentication code. 136All user verification will happen through the 137.Xr login 1 138program. 139.El 140.It Fl D Ar debugmode 141This option may be used for debugging purposes. 142This allows 143.Nm 144to print out debugging information 145to the connection, allowing the user to see what 146.Nm 147is doing. 148There are several possible values for 149.Ar debugmode : 150.Bl -tag -width exercise 151.It Cm options 152Prints information about the negotiation of 153.Tn TELNET 154options. 155.It Cm report 156Prints the 157.Cm options 158information, plus some additional information 159about what processing is going on. 160.It Cm netdata 161Displays the data stream received by 162.Nm "" . 163.It Cm ptydata 164Displays data written to the pty. 165.It Cm exercise 166Has not been implemented yet. 167.El 168.It Fl debug 169Enables debugging on each socket created by 170.Nm 171(see 172.Dv SO_DEBUG 173in 174.Xr socket 2 ) . 175.It Fl edebug 176If 177.Nm 178has been compiled with support for data encryption, then the 179.Fl edebug 180option may be used to enable encryption debugging code. 181.It Fl g Ar gettyent 182Specifies which entry from 183.Pa /etc/gettytab 184should be used to get banner strings, login program and 185other information. The default entry is 186.Dv default . 187.It Fl h 188Disables the printing of host-specific information before 189login has been completed. 190.It Fl k 191This option is only useful if 192.Nm 193has been compiled with both linemode and kludge linemode 194support. If the 195.Fl k 196option is specified, then if the remote client does not 197support the 198.Dv LINEMODE 199option, then 200.Nm 201will operate in character at a time mode. 202It will still support kludge linemode, but will only 203go into kludge linemode if the remote client requests 204it. 205(This is done by by the client sending 206.Dv DONT SUPPRESS-GO-AHEAD 207and 208.Dv DONT ECHO . ) 209The 210.Fl k 211option is most useful when there are remote clients 212that do not support kludge linemode, but pass the heuristic 213(if they respond with 214.Dv WILL TIMING-MARK 215in response to a 216.Dv DO TIMING-MARK ) 217for kludge linemode support. 218.It Fl l 219Specifies line mode. Tries to force clients to use line- 220at-a-time mode. 221If the 222.Dv LINEMODE 223option is not supported, it will go 224into kludge linemode. 225.It Fl n 226Disable 227.Dv TCP 228keep-alives. Normally 229.Nm 230enables the 231.Tn TCP 232keep-alive mechanism to probe connections that 233have been idle for some period of time to determine 234if the client is still there, so that idle connections 235from machines that have crashed or can no longer 236be reached may be cleaned up. 237.It Fl r Ar lowpty-highpty 238This option is only enabled when 239.Nm 240is compiled for 241.Dv UNICOS . 242It specifies an inclusive range of pseudo-terminal devices to 243use. If the system has sysconf variable 244.Dv _SC_CRAY_NPTY 245configured, the default pty search range is 0 to 246.Dv _SC_CRAY_NPTY ; 247otherwise, the default range is 0 to 128. Either 248.Ar lowpty 249or 250.Ar highpty 251may be omitted to allow changing 252either end of the search range. If 253.Ar lowpty 254is omitted, the - character is still required so that 255.Nm 256can differentiate 257.Ar highpty 258from 259.Ar lowpty . 260.It Fl s 261This option is only enabled if 262.Nm 263is compiled with support for secure logins. 264It causes the 265.Fl s 266option to be passed on to 267.Xr login 1 , 268and thus is only useful if 269.Xr login 1 270supports the 271.Fl s 272flag to indicate that only 273Kerberos or S/Key 274validated logins are allowed, and is 275usually useful for controlling remote logins 276from outside of a firewall. 277.It Fl S Ar tos 278This option sets the IP Type-of Service (TOS) option 279on the connection to the value tos, which may be a 280numeric TOS value or a symbolic TOS name found in the 281.Pa /etc/iptos 282file. 283This option has no effect on 284.Nx . 285.\"The option has no effect on systems that do not 286.\"support 287.\".Xr parsetos 3 288.\"routine and the 289.\".Pa /etc/iptos 290.\"file. 291.It Fl u Ar len 292This option is used to specify the size of the field 293in the 294.Dv utmp 295structure that holds the remote host name. 296If the resolved host name is longer than 297.Ar len , 298the dotted decimal value will be used instead. 299This allows hosts with very long host names that 300overflow this field to still be uniquely identified. 301Specifying 302.Fl u0 303indicates that only dotted decimal addresses 304should be put into the 305.Pa utmp 306file. 307.It Fl U 308This option causes 309.Nm 310to refuse connections from addresses that 311cannot be mapped back into a symbolic name 312via the 313.Xr gethostbyaddr 3 314routine. 315.It Fl X Ar authtype 316This option is only valid if 317.Nm 318has been built with support for the authentication option. 319It disables the use of 320.Ar authtype 321authentication, and 322can be used to temporarily disable 323a specific authentication type without having to recompile 324.Nm "" . 325.It Fl 4 326.It Fl 6 327Specifies address family to be used on 328.Fl debug 329mode. 330During normal operation 331.Po 332called from 333.Xr inetd 8 334.Pc 335.Nm 336will use the file descriptor passed from 337.Xr inetd 8 . 338.El 339.Pp 340.Nm 341operates by allocating a pseudo-terminal device (see 342.Xr pty 4 ) 343for a client, then creating a login process which has 344the slave side of the pseudo-terminal as 345.Dv stdin , 346.Dv stdout 347and 348.Dv stderr . 349.Nm 350manipulates the master side of the pseudo-terminal, 351implementing the 352.Tn TELNET 353protocol and passing characters 354between the remote client and the login process. 355.Pp 356When a 357.Tn TELNET 358session is started up, 359.Nm 360sends 361.Tn TELNET 362options to the client side indicating 363a willingness to do the 364following 365.Tn TELNET 366options, which are described in more detail below: 367.Bd -literal -offset indent 368DO AUTHENTICATION 369WILL ENCRYPT 370DO TERMINAL TYPE 371DO TSPEED 372DO XDISPLOC 373DO NEW-ENVIRON 374DO ENVIRON 375WILL SUPPRESS GO AHEAD 376DO ECHO 377DO LINEMODE 378DO NAWS 379WILL STATUS 380DO LFLOW 381DO TIMING-MARK 382.Ed 383.Pp 384The pseudo-terminal allocated to the client is configured 385to operate in \*(lqcooked\*(rq mode, and with 386.Dv XTABS and 387.Dv CRMOD 388enabled (see 389.Xr tty 4 ) . 390.Pp 391.Nm 392has support for enabling locally the following 393.Tn TELNET 394options: 395.Bl -tag -width "DO AUTHENTICATION" 396.It "WILL ECHO" 397When the 398.Dv LINEMODE 399option is enabled, a 400.Dv WILL ECHO 401or 402.Dv WONT ECHO 403will be sent to the client to indicate the 404current state of terminal echoing. 405When terminal echo is not desired, a 406.Dv WILL ECHO 407is sent to indicate that 408.Tn telnetd 409will take care of echoing any data that needs to be 410echoed to the terminal, and then nothing is echoed. 411When terminal echo is desired, a 412.Dv WONT ECHO 413is sent to indicate that 414.Tn telnetd 415will not be doing any terminal echoing, so the 416client should do any terminal echoing that is needed. 417.It "WILL BINARY" 418Indicates that the client is willing to send a 4198 bits of data, rather than the normal 7 bits 420of the Network Virtual Terminal. 421.It "WILL SGA" 422Indicates that it will not be sending 423.Dv IAC GA , 424go ahead, commands. 425.It "WILL STATUS" 426Indicates a willingness to send the client, upon 427request, of the current status of all 428.Tn TELNET 429options. 430.It "WILL TIMING-MARK" 431Whenever a 432.Dv DO TIMING-MARK 433command is received, it is always responded 434to with a 435.Dv WILL TIMING-MARK 436.It "WILL LOGOUT" 437When a 438.Dv DO LOGOUT 439is received, a 440.Dv WILL LOGOUT 441is sent in response, and the 442.Tn TELNET 443session is shut down. 444.It "WILL ENCRYPT" 445Only sent if 446.Nm 447is compiled with support for data encryption, and 448indicates a willingness to decrypt 449the data stream. 450.El 451.Pp 452.Nm 453has support for enabling remotely the following 454.Tn TELNET 455options: 456.Bl -tag -width "DO AUTHENTICATION" 457.It "DO BINARY" 458Sent to indicate that 459.Tn telnetd 460is willing to receive an 8 bit data stream. 461.It "DO LFLOW" 462Requests that the client handle flow control 463characters remotely. 464.It "DO ECHO" 465This is not really supported, but is sent to identify a 466.Bx 4.2 467.Xr telnet 1 468client, which will improperly respond with 469.Dv WILL ECHO . 470If a 471.Dv WILL ECHO 472is received, a 473.Dv DONT ECHO 474will be sent in response. 475.It "DO TERMINAL-TYPE" 476Indicates a desire to be able to request the 477name of the type of terminal that is attached 478to the client side of the connection. 479.It "DO SGA" 480Indicates that it does not need to receive 481.Dv IAC GA , 482the go ahead command. 483.It "DO NAWS" 484Requests that the client inform the server when 485the window (display) size changes. 486.It "DO TERMINAL-SPEED" 487Indicates a desire to be able to request information 488about the speed of the serial line to which 489the client is attached. 490.It "DO XDISPLOC" 491Indicates a desire to be able to request the name 492of the X windows display that is associated with 493the telnet client. 494.It "DO NEW-ENVIRON" 495Indicates a desire to be able to request environment 496variable information, as described in RFC 1572. 497.It "DO ENVIRON" 498Indicates a desire to be able to request environment 499variable information, as described in RFC 1408. 500.It "DO LINEMODE" 501Only sent if 502.Nm 503is compiled with support for linemode, and 504requests that the client do line by line processing. 505.It "DO TIMING-MARK" 506Only sent if 507.Nm 508is compiled with support for both linemode and 509kludge linemode, and the client responded with 510.Dv WONT LINEMODE . 511If the client responds with 512.Dv WILL TM , 513the it is assumed that the client supports 514kludge linemode. 515Note that the 516.Op Fl k 517option can be used to disable this. 518.It "DO AUTHENTICATION" 519Only sent if 520.Nm 521is compiled with support for authentication, and 522indicates a willingness to receive authentication 523information for automatic login. 524.It "DO ENCRYPT" 525Only sent if 526.Nm 527is compiled with support for data encryption, and 528indicates a willingness to decrypt 529the data stream. 530.El 531.Pp 532At the end of a login session, 533.Nm 534invokes the 535.Xr ttyaction 3 536facility with an action of "telnetd" and user "root" 537to execute site-specific commands. 538.Sh FILES 539.Pa /etc/services 540.br 541.br 542.Pa /etc/iptos 543(if supported) 544.br 545.Sh SEE ALSO 546.Xr login 1 , 547.Xr skey 1 , 548.Xr telnet 1 , 549.Xr ttyaction 3 550.Sh STANDARDS 551.Bl -tag -compact -width RFC-1572 552.It Cm RFC-854 553.Tn TELNET 554PROTOCOL SPECIFICATION 555.It Cm RFC-855 556TELNET OPTION SPECIFICATIONS 557.It Cm RFC-856 558TELNET BINARY TRANSMISSION 559.It Cm RFC-857 560TELNET ECHO OPTION 561.It Cm RFC-858 562TELNET SUPPRESS GO AHEAD OPTION 563.It Cm RFC-859 564TELNET STATUS OPTION 565.It Cm RFC-860 566TELNET TIMING MARK OPTION 567.It Cm RFC-861 568TELNET EXTENDED OPTIONS - LIST OPTION 569.It Cm RFC-885 570TELNET END OF RECORD OPTION 571.It Cm RFC-1073 572Telnet Window Size Option 573.It Cm RFC-1079 574Telnet Terminal Speed Option 575.It Cm RFC-1091 576Telnet Terminal-Type Option 577.It Cm RFC-1096 578Telnet X Display Location Option 579.It Cm RFC-1123 580Requirements for Internet Hosts -- Application and Support 581.It Cm RFC-1184 582Telnet Linemode Option 583.It Cm RFC-1372 584Telnet Remote Flow Control Option 585.It Cm RFC-1416 586Telnet Authentication Option 587.It Cm RFC-1411 588Telnet Authentication: Kerberos Version 4 589.It Cm RFC-1412 590Telnet Authentication: SPX 591.It Cm RFC-1571 592Telnet Environment Option Interoperability Issues 593.It Cm RFC-1572 594Telnet Environment Option 595.El 596.Sh BUGS 597Some 598.Tn TELNET 599commands are only partially implemented. 600.Pp 601Because of bugs in the original 602.Bx 4.2 603.Xr telnet 1 , 604.Nm 605performs some dubious protocol exchanges to try to discover if the remote 606client is, in fact, a 607.Bx 4.2 608.Xr telnet 1 . 609.Pp 610Binary mode 611has no common interpretation except between similar operating systems 612.Po 613.Ux 614in this case 615.Pc . 616.Pp 617The terminal type name received from the remote client is converted to 618lower case. 619.Pp 620.Nm 621never sends 622.Tn TELNET 623.Dv IAC GA 624(go ahead) commands. 625