1.\" $NetBSD: telnetd.8,v 1.24 2002/09/29 14:05:55 wiz Exp $ 2.\" 3.\" Copyright (c) 1983, 1993 4.\" The Regents of the University of California. All rights reserved. 5.\" 6.\" Redistribution and use in source and binary forms, with or without 7.\" modification, are permitted provided that the following conditions 8.\" are met: 9.\" 1. Redistributions of source code must retain the above copyright 10.\" notice, this list of conditions and the following disclaimer. 11.\" 2. Redistributions in binary form must reproduce the above copyright 12.\" notice, this list of conditions and the following disclaimer in the 13.\" documentation and/or other materials provided with the distribution. 14.\" 3. All advertising materials mentioning features or use of this software 15.\" must display the following acknowledgement: 16.\" This product includes software developed by the University of 17.\" California, Berkeley and its contributors. 18.\" 4. Neither the name of the University nor the names of its contributors 19.\" may be used to endorse or promote products derived from this software 20.\" without specific prior written permission. 21.\" 22.\" THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND 23.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 24.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 25.\" ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE 26.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 27.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 28.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 29.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 30.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 31.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 32.\" SUCH DAMAGE. 33.\" 34.\" from: @(#)telnetd.8 8.3 (Berkeley) 3/1/94 35.\" 36.Dd August 25, 2001 37.Dt TELNETD 8 38.Os 39.Sh NAME 40.Nm telnetd 41.Nd DARPA 42.Tn TELNET 43protocol server 44.Sh SYNOPSIS 45.Nm /usr/libexec/telnetd 46.Op Fl Uhlkns46 47.Op Fl D Ar debugmode 48.Op Fl S Ar tos 49.Op Fl X Ar authtype 50.Op Fl a Ar authmode 51.Op Fl edebug 52.Op Fl g Ar gettyent 53.Op Fl r Ns Ar lowpty-highpty 54.Op Fl u Ar len 55.Op Fl debug Op Ar port 56.Sh DESCRIPTION 57The 58.Nm 59command is a server which supports the 60.Tn DARPA 61standard 62.Tn TELNET 63virtual terminal protocol. 64.Nm 65is normally invoked by the internet server (see 66.Xr inetd 8 ) 67for requests to connect to the 68.Tn TELNET 69port as indicated by the 70.Pa /etc/services 71file (see 72.Xr services 5 ) . 73The 74.Fl debug 75option may be used to start up 76.Nm 77manually, instead of through 78.Xr inetd 8 . 79If started up this way, 80.Ar port 81may be specified to run 82.Nm 83on an alternate 84.Tn TCP 85port number. 86.Pp 87The 88.Nm 89command accepts the following options: 90.Bl -tag -width "-a authmode" 91.It Fl a Ar authmode 92This option may be used for specifying what mode should 93be used for authentication. 94Note that this option is only useful if 95.Nm 96has been compiled with support for the 97.Dv AUTHENTICATION 98option. 99There are several valid values for 100.Ar authmode : 101.Bl -tag -width debug 102.It debug 103Turns on authentication debugging code. 104.It user 105Only allow connections when the remote user 106can provide valid authentication information 107to identify the remote user, 108and is allowed access to the specified account 109without providing a password. 110.It valid 111Only allow connections when the remote user 112can provide valid authentication information 113to identify the remote user. 114The 115.Xr login 1 116command will provide any additional user verification 117needed if the remote user is not allowed automatic 118access to the specified account. 119.It other 120Only allow connections that supply some authentication information. 121This option is currently not supported 122by any of the existing authentication mechanisms, 123and is thus the same as specifying 124.Fl a 125.Cm valid . 126.It none 127This is the default state. 128Authentication information is not required. 129If no or insufficient authentication information 130is provided, then the 131.Xr login 1 132program will provide the necessary user 133verification. 134.It off 135This disables the authentication code. 136All user verification will happen through the 137.Xr login 1 138program. 139.El 140.It Fl D Ar debugmode 141This option may be used for debugging purposes. 142This allows 143.Nm 144to print out debugging information 145to the connection, allowing the user to see what 146.Nm 147is doing. 148There are several possible values for 149.Ar debugmode : 150.Bl -tag -width exercise 151.It Cm options 152Prints information about the negotiation of 153.Tn TELNET 154options. 155.It Cm report 156Prints the 157.Cm options 158information, plus some additional information 159about what processing is going on. 160.It Cm netdata 161Displays the data stream received by 162.Nm "" . 163.It Cm ptydata 164Displays data written to the pty. 165.It Cm exercise 166Has not been implemented yet. 167.El 168.It Fl debug 169Enables debugging on each socket created by 170.Nm 171(see 172.Dv SO_DEBUG 173in 174.Xr socket 2 ) . 175.It Fl edebug 176If 177.Nm 178has been compiled with support for data encryption, then the 179.Fl edebug 180option may be used to enable encryption debugging code. 181.It Fl g Ar gettyent 182Specifies which entry from 183.Pa /etc/gettytab 184should be used to get banner strings, login program and 185other information. 186The default entry is 187.Dv default . 188.It Fl h 189Disables the printing of host-specific information before 190login has been completed. 191.It Fl k 192This option is only useful if 193.Nm 194has been compiled with both linemode and kludge linemode support. 195If the 196.Fl k 197option is specified, 198then if the remote client does not support the 199.Dv LINEMODE 200option, then 201.Nm 202will operate in character at a time mode. 203It will still support kludge linemode, but will only 204go into kludge linemode if the remote client requests it. 205(This is done by by the client sending 206.Dv DONT SUPPRESS-GO-AHEAD 207and 208.Dv DONT ECHO . ) 209The 210.Fl k 211option is most useful when there are remote clients 212that do not support kludge linemode, but pass the heuristic 213(if they respond with 214.Dv WILL TIMING-MARK 215in response to a 216.Dv DO TIMING-MARK ) 217for kludge linemode support. 218.It Fl l 219Specifies line mode. 220Tries to force clients to use line-at-a-time mode. 221If the 222.Dv LINEMODE 223option is not supported, it will go 224into kludge linemode. 225.It Fl n 226Disable 227.Dv TCP 228keep-alives. 229Normally 230.Nm 231enables the 232.Tn TCP 233keep-alive mechanism to probe connections that 234have been idle for some period of time to determine 235if the client is still there, so that idle connections 236from machines that have crashed or can no longer 237be reached may be cleaned up. 238.It Fl r Ar lowpty-highpty 239This option is only enabled when 240.Nm 241is compiled for 242.Dv UNICOS . 243It specifies an inclusive range of pseudo-terminal devices to use. 244If the system has sysconf variable 245.Dv _SC_CRAY_NPTY 246configured, the default pty search range is 0 to 247.Dv _SC_CRAY_NPTY ; 248otherwise, the default range is 0 to 128. 249Either 250.Ar lowpty 251or 252.Ar highpty 253may be omitted to allow changing 254either end of the search range. 255If 256.Ar lowpty 257is omitted, the - character is still required so that 258.Nm 259can differentiate 260.Ar highpty 261from 262.Ar lowpty . 263.It Fl s 264This option is only enabled if 265.Nm 266is compiled with support for secure logins. 267It causes the 268.Fl s 269option to be passed on to 270.Xr login 1 , 271and thus is only useful if 272.Xr login 1 273supports the 274.Fl s 275flag to indicate that only Kerberos or S/Key 276validated logins are allowed, and is 277usually useful for controlling remote logins 278from outside of a firewall. 279.It Fl S Ar tos 280This option sets the IP Type-of Service (TOS) option 281on the connection to the value tos, which may be a 282numeric TOS value or a symbolic TOS name found in the 283.Pa /etc/iptos 284file. 285This option has no effect on 286.Nx . 287.\"The option has no effect on systems that do not 288.\"support 289.\".Xr parsetos 3 290.\"routine and the 291.\".Pa /etc/iptos 292.\"file. 293.It Fl u Ar len 294This option is used to specify the size of the field 295in the 296.Dv utmp 297structure that holds the remote host name. 298If the resolved host name is longer than 299.Ar len , 300the dotted decimal value will be used instead. 301This allows hosts with very long host names that 302overflow this field to still be uniquely identified. 303Specifying 304.Fl u0 305indicates that only dotted decimal addresses 306should be put into the 307.Pa utmp 308file. 309.It Fl U 310This option causes 311.Nm 312to refuse connections from addresses that 313cannot be mapped back into a symbolic name via the 314.Xr gethostbyaddr 3 315routine. 316.It Fl X Ar authtype 317This option is only valid if 318.Nm 319has been built with support for the authentication option. 320It disables the use of 321.Ar authtype 322authentication, and can be used to temporarily disable 323a specific authentication type without having to recompile 324.Nm "" . 325.It Fl 4 326.It Fl 6 327Specifies address family to be used on 328.Fl debug 329mode. 330During normal operation 331.Po 332called from 333.Xr inetd 8 334.Pc 335.Nm 336will use the file descriptor passed from 337.Xr inetd 8 . 338.El 339.Pp 340.Nm 341operates by allocating a pseudo-terminal device (see 342.Xr pty 4 ) 343for a client, then creating a login process which has 344the slave side of the pseudo-terminal as 345.Dv stdin , 346.Dv stdout 347and 348.Dv stderr . 349.Nm 350manipulates the master side of the pseudo-terminal, 351implementing the 352.Tn TELNET 353protocol and passing characters 354between the remote client and the login process. 355.Pp 356When a 357.Tn TELNET 358session is started up, 359.Nm 360sends 361.Tn TELNET 362options to the client side indicating 363a willingness to do the following 364.Tn TELNET 365options, which are described in more detail below: 366.Bd -literal -offset indent 367DO AUTHENTICATION 368WILL ENCRYPT 369DO TERMINAL TYPE 370DO TSPEED 371DO XDISPLOC 372DO NEW-ENVIRON 373DO ENVIRON 374WILL SUPPRESS GO AHEAD 375DO ECHO 376DO LINEMODE 377DO NAWS 378WILL STATUS 379DO LFLOW 380DO TIMING-MARK 381.Ed 382.Pp 383The pseudo-terminal allocated to the client is configured 384to operate in \*(lqcooked\*(rq mode, and with 385.Dv XTABS and 386.Dv CRMOD 387enabled (see 388.Xr tty 4 ) . 389.Pp 390.Nm 391has support for enabling locally the following 392.Tn TELNET 393options: 394.Bl -tag -width "DO AUTHENTICATION" 395.It "WILL ECHO" 396When the 397.Dv LINEMODE 398option is enabled, a 399.Dv WILL ECHO 400or 401.Dv WONT ECHO 402will be sent to the client to indicate the 403current state of terminal echoing. 404When terminal echo is not desired, a 405.Dv WILL ECHO 406is sent to indicate that 407.Tn telnetd 408will take care of echoing any data that needs to be 409echoed to the terminal, and then nothing is echoed. 410When terminal echo is desired, a 411.Dv WONT ECHO 412is sent to indicate that 413.Tn telnetd 414will not be doing any terminal echoing, so the 415client should do any terminal echoing that is needed. 416.It "WILL BINARY" 417Indicates that the client is willing to send a 4188 bits of data, rather than the normal 7 bits 419of the Network Virtual Terminal. 420.It "WILL SGA" 421Indicates that it will not be sending 422.Dv IAC GA , 423go ahead, commands. 424.It "WILL STATUS" 425Indicates a willingness to send the client, upon 426request, of the current status of all 427.Tn TELNET 428options. 429.It "WILL TIMING-MARK" 430Whenever a 431.Dv DO TIMING-MARK 432command is received, it is always responded 433to with a 434.Dv WILL TIMING-MARK 435.It "WILL LOGOUT" 436When a 437.Dv DO LOGOUT 438is received, a 439.Dv WILL LOGOUT 440is sent in response, and the 441.Tn TELNET 442session is shut down. 443.It "WILL ENCRYPT" 444Only sent if 445.Nm 446is compiled with support for data encryption, and 447indicates a willingness to decrypt the data stream. 448.El 449.Pp 450.Nm 451has support for enabling remotely the following 452.Tn TELNET 453options: 454.Bl -tag -width "DO AUTHENTICATION" 455.It "DO BINARY" 456Sent to indicate that 457.Tn telnetd 458is willing to receive an 8 bit data stream. 459.It "DO LFLOW" 460Requests that the client handle flow control 461characters remotely. 462.It "DO ECHO" 463This is not really supported, but is sent to identify a 464.Bx 4.2 465.Xr telnet 1 466client, which will improperly respond with 467.Dv WILL ECHO . 468If a 469.Dv WILL ECHO 470is received, a 471.Dv DONT ECHO 472will be sent in response. 473.It "DO TERMINAL-TYPE" 474Indicates a desire to be able to request the 475name of the type of terminal that is attached 476to the client side of the connection. 477.It "DO SGA" 478Indicates that it does not need to receive 479.Dv IAC GA , 480the go ahead command. 481.It "DO NAWS" 482Requests that the client inform the server when 483the window (display) size changes. 484.It "DO TERMINAL-SPEED" 485Indicates a desire to be able to request information 486about the speed of the serial line to which 487the client is attached. 488.It "DO XDISPLOC" 489Indicates a desire to be able to request the name 490of the X windows display that is associated with 491the telnet client. 492.It "DO NEW-ENVIRON" 493Indicates a desire to be able to request environment 494variable information, as described in RFC 1572. 495.It "DO ENVIRON" 496Indicates a desire to be able to request environment 497variable information, as described in RFC 1408. 498.It "DO LINEMODE" 499Only sent if 500.Nm 501is compiled with support for linemode, and 502requests that the client do line by line processing. 503.It "DO TIMING-MARK" 504Only sent if 505.Nm 506is compiled with support for both linemode and 507kludge linemode, and the client responded with 508.Dv WONT LINEMODE . 509If the client responds with 510.Dv WILL TM , 511the it is assumed that the client supports kludge linemode. 512Note that the 513.Op Fl k 514option can be used to disable this. 515.It "DO AUTHENTICATION" 516Only sent if 517.Nm 518is compiled with support for authentication, and 519indicates a willingness to receive authentication 520information for automatic login. 521.It "DO ENCRYPT" 522Only sent if 523.Nm 524is compiled with support for data encryption, and 525indicates a willingness to decrypt the data stream. 526.El 527.Pp 528At the end of a login session, 529.Nm 530invokes the 531.Xr ttyaction 3 532facility with an action of "telnetd" and user "root" 533to execute site-specific commands. 534.Sh FILES 535.Pa /etc/services 536.br 537.br 538.Pa /etc/iptos 539(if supported) 540.br 541.Sh SEE ALSO 542.Xr login 1 , 543.Xr skey 1 , 544.Xr telnet 1 , 545.Xr ttyaction 3 546.Sh STANDARDS 547.Bl -tag -compact -width RFC-1572 548.It Cm RFC-854 549.Tn TELNET 550PROTOCOL SPECIFICATION 551.It Cm RFC-855 552TELNET OPTION SPECIFICATIONS 553.It Cm RFC-856 554TELNET BINARY TRANSMISSION 555.It Cm RFC-857 556TELNET ECHO OPTION 557.It Cm RFC-858 558TELNET SUPPRESS GO AHEAD OPTION 559.It Cm RFC-859 560TELNET STATUS OPTION 561.It Cm RFC-860 562TELNET TIMING MARK OPTION 563.It Cm RFC-861 564TELNET EXTENDED OPTIONS - LIST OPTION 565.It Cm RFC-885 566TELNET END OF RECORD OPTION 567.It Cm RFC-1073 568Telnet Window Size Option 569.It Cm RFC-1079 570Telnet Terminal Speed Option 571.It Cm RFC-1091 572Telnet Terminal-Type Option 573.It Cm RFC-1096 574Telnet X Display Location Option 575.It Cm RFC-1123 576Requirements for Internet Hosts -- Application and Support 577.It Cm RFC-1184 578Telnet Linemode Option 579.It Cm RFC-1372 580Telnet Remote Flow Control Option 581.It Cm RFC-1416 582Telnet Authentication Option 583.It Cm RFC-1411 584Telnet Authentication: Kerberos Version 4 585.It Cm RFC-1412 586Telnet Authentication: SPX 587.It Cm RFC-1571 588Telnet Environment Option Interoperability Issues 589.It Cm RFC-1572 590Telnet Environment Option 591.El 592.Sh BUGS 593Some 594.Tn TELNET 595commands are only partially implemented. 596.Pp 597Because of bugs in the original 598.Bx 4.2 599.Xr telnet 1 , 600.Nm 601performs some dubious protocol exchanges to try to discover if the remote 602client is, in fact, a 603.Bx 4.2 604.Xr telnet 1 . 605.Pp 606Binary mode 607has no common interpretation except between similar operating systems 608.Po 609.Ux 610in this case 611.Pc . 612.Pp 613The terminal type name received from the remote client is converted to 614lower case. 615.Pp 616.Nm 617never sends 618.Tn TELNET 619.Dv IAC GA 620(go ahead) commands. 621