1.\" Copyright (c) 1983, 1993 2.\" The Regents of the University of California. All rights reserved. 3.\" 4.\" %sccs.include.redist.man% 5.\" 6.\" @(#)telnetd.8 8.4 (Berkeley) 06/01/94 7.\" 8.Dd 9.Dt TELNETD 8 10.Os BSD 4.2 11.Sh NAME 12.Nm telnetd 13.Nd DARPA 14.Tn TELNET 15protocol server 16.Sh SYNOPSIS 17.Nm /usr/libexec/telnetd 18.Op Fl BUhlkns 19.Op Fl D Ar debugmode 20.Op Fl I Ns Ar initid 21.Op Fl S Ar tos 22.Op Fl X Ar authtype 23.Op Fl a Ar authmode 24.Op Fl edebug 25.Op Fl r Ns Ar lowpty-highpty 26.Op Fl u Ar len 27.Op Fl debug Op Ar port 28.Sh DESCRIPTION 29The 30.Nm telnetd 31command is a server which supports the 32.Tn DARPA 33standard 34.Tn TELNET 35virtual terminal protocol. 36.Nm Telnetd 37is normally invoked by the internet server (see 38.Xr inetd 8 ) 39for requests to connect to the 40.Tn TELNET 41port as indicated by the 42.Pa /etc/services 43file (see 44.Xr services 5 ) . 45The 46.Fl debug 47option may be used to start up 48.Nm telnetd 49manually, instead of through 50.Xr inetd 8 . 51If started up this way, 52.Ar port 53may be specified to run 54.Nm telnetd 55on an alternate 56.Tn TCP 57port number. 58.Pp 59The 60.Nm telnetd 61command accepts the following options: 62.Bl -tag -width "-a authmode" 63.It Fl a Ar authmode 64This option may be used for specifying what mode should 65be used for authentication. 66Note that this option is only useful if 67.Nm telnetd 68has been compiled with support for the 69.Dv AUTHENTICATION 70option. 71There are several valid values for 72.Ar authmode: 73.Bl -tag -width debug 74.It debug 75Turns on authentication debugging code. 76.It user 77Only allow connections when the remote user 78can provide valid authentication information 79to identify the remote user, 80and is allowed access to the specified account 81without providing a password. 82.It valid 83Only allow connections when the remote user 84can provide valid authentication information 85to identify the remote user. 86The 87.Xr login 1 88command will provide any additional user verification 89needed if the remote user is not allowed automatic 90access to the specified account. 91.It other 92Only allow connections that supply some authentication information. 93This option is currently not supported 94by any of the existing authentication mechanisms, 95and is thus the same as specifying 96.Fl a 97.Cm valid . 98.It none 99This is the default state. 100Authentication information is not required. 101If no or insufficient authentication information 102is provided, then the 103.Xr login 1 104program will provide the necessary user 105verification. 106.It off 107This disables the authentication code. 108All user verification will happen through the 109.Xr login 1 110program. 111.El 112.It Fl B 113Specifies bftp server mode. In this mode, 114.Nm telnetd 115causes login to start a 116.Xr bftp 1 117session rather than the user's 118normal shell. In bftp daemon mode normal 119logins are not supported, and it must be used 120on a port other than the normal 121.Tn TELNET 122port. 123.It Fl D Ar debugmode 124This option may be used for debugging purposes. 125This allows 126.Nm telnetd 127to print out debugging information 128to the connection, allowing the user to see what 129.Nm telnetd 130is doing. 131There are several possible values for 132.Ar debugmode: 133.Bl -tag -width exercise 134.It Cm options 135Prints information about the negotiation of 136.Tn TELNET 137options. 138.It Cm report 139Prints the 140.Cm options 141information, plus some additional information 142about what processing is going on. 143.It Cm netdata 144Displays the data stream received by 145.Nm telnetd. 146.It Cm ptydata 147Displays data written to the pty. 148.It Cm exercise 149Has not been implemented yet. 150.El 151.It Fl debug 152Enables debugging on each socket created by 153.Nm telnetd 154(see 155.Dv SO_DEBUG 156in 157.Xr socket 2 ) . 158.It Fl edebug 159If 160.Nm telnetd 161has been compiled with support for data encryption, then the 162.Fl edebug 163option may be used to enable encryption debugging code. 164.It Fl h 165Disables the printing of host-specific information before 166login has been completed. 167.It Fl I Ar initid 168This option is only applicable to 169.Tn UNICOS 170systems prior to 7.0. 171It specifies the 172.Dv ID 173from 174.Pa /etc/inittab 175to use when init starts login sessions. The default 176.Dv ID 177is 178.Dv fe. 179.It Fl k 180This option is only useful if 181.Nm telnetd 182has been compiled with both linemode and kludge linemode 183support. If the 184.Fl k 185option is specified, then if the remote client does not 186support the 187.Dv LINEMODE 188option, then 189.Nm telnetd 190will operate in character at a time mode. 191It will still support kludge linemode, but will only 192go into kludge linemode if the remote client requests 193it. 194(This is done by by the client sending 195.Dv DONT SUPPRESS-GO-AHEAD 196and 197.Dv DONT ECHO . ) 198The 199.Fl k 200option is most useful when there are remote clients 201that do not support kludge linemode, but pass the heuristic 202(if they respond with 203.Dv WILL TIMING-MARK 204in response to a 205.Dv DO TIMING-MARK) 206for kludge linemode support. 207.It Fl l 208Specifies line mode. Tries to force clients to use line- 209at-a-time mode. 210If the 211.Dv LINEMODE 212option is not supported, it will go 213into kludge linemode. 214.It Fl n 215Disable 216.Dv TCP 217keep-alives. Normally 218.Nm telnetd 219enables the 220.Tn TCP 221keep-alive mechanism to probe connections that 222have been idle for some period of time to determine 223if the client is still there, so that idle connections 224from machines that have crashed or can no longer 225be reached may be cleaned up. 226.It Fl r Ar lowpty-highpty 227This option is only enabled when 228.Nm telnetd 229is compiled for 230.Dv UNICOS. 231It specifies an inclusive range of pseudo-terminal devices to 232use. If the system has sysconf variable 233.Dv _SC_CRAY_NPTY 234configured, the default pty search range is 0 to 235.Dv _SC_CRAY_NPTY; 236otherwise, the default range is 0 to 128. Either 237.Ar lowpty 238or 239.Ar highpty 240may be omitted to allow changing 241either end of the search range. If 242.Ar lowpty 243is omitted, the - character is still required so that 244.Nm telnetd 245can differentiate 246.Ar highpty 247from 248.Ar lowpty . 249.It Fl s 250This option is only enabled if 251.Nm telnetd 252is compiled with support for 253.Tn SecurID 254cards. 255It causes the 256.Fl s 257option to be passed on to 258.Xr login 1 , 259and thus is only useful if 260.Xr login 1 261supports the 262.Fl s 263flag to indicate that only 264.Tn SecurID 265validated logins are allowed, and is 266usually useful for controlling remote logins 267from outside of a firewall. 268.It Fl S Ar tos 269.It Fl u Ar len 270This option is used to specify the size of the field 271in the 272.Dv utmp 273structure that holds the remote host name. 274If the resolved host name is longer than 275.Ar len , 276the dotted decimal value will be used instead. 277This allows hosts with very long host names that 278overflow this field to still be uniquely identified. 279Specifying 280.Fl u0 281indicates that only dotted decimal addresses 282should be put into the 283.Pa utmp 284file. 285.ne 1i 286.It Fl U 287This option causes 288.Nm telnetd 289to refuse connections from addresses that 290cannot be mapped back into a symbolic name 291via the 292.Xr gethostbyaddr 3 293routine. 294.It Fl X Ar authtype 295This option is only valid if 296.Nm telnetd 297has been built with support for the authentication option. 298It disables the use of 299.Ar authtype 300authentication, and 301can be used to temporarily disable 302a specific authentication type without having to recompile 303.Nm telnetd . 304.El 305.Pp 306.Nm Telnetd 307operates by allocating a pseudo-terminal device (see 308.Xr pty 4 ) 309for a client, then creating a login process which has 310the slave side of the pseudo-terminal as 311.Dv stdin , 312.Dv stdout 313and 314.Dv stderr . 315.Nm Telnetd 316manipulates the master side of the pseudo-terminal, 317implementing the 318.Tn TELNET 319protocol and passing characters 320between the remote client and the login process. 321.Pp 322When a 323.Tn TELNET 324session is started up, 325.Nm telnetd 326sends 327.Tn TELNET 328options to the client side indicating 329a willingness to do the 330following 331.Tn TELNET 332options, which are described in more detail below: 333.Bd -literal -offset indent 334DO AUTHENTICATION 335WILL ENCRYPT 336DO TERMINAL TYPE 337DO TSPEED 338DO XDISPLOC 339DO NEW-ENVIRON 340DO ENVIRON 341WILL SUPPRESS GO AHEAD 342DO ECHO 343DO LINEMODE 344DO NAWS 345WILL STATUS 346DO LFLOW 347DO TIMING-MARK 348.Ed 349.Pp 350The pseudo-terminal allocated to the client is configured 351to operate in \*(lqcooked\*(rq mode, and with 352.Dv XTABS and 353.Dv CRMOD 354enabled (see 355.Xr tty 4 ) . 356.Pp 357.Nm Telnetd 358has support for enabling locally the following 359.Tn TELNET 360options: 361.Bl -tag -width "DO AUTHENTICATION" 362.It "WILL ECHO" 363When the 364.Dv LINEMODE 365option is enabled, a 366.Dv WILL ECHO 367or 368.Dv WONT ECHO 369will be sent to the client to indicate the 370current state of terminal echoing. 371When terminal echo is not desired, a 372.Dv WILL ECHO 373is sent to indicate that 374.Tn telnetd 375will take care of echoing any data that needs to be 376echoed to the terminal, and then nothing is echoed. 377When terminal echo is desired, a 378.Dv WONT ECHO 379is sent to indicate that 380.Tn telnetd 381will not be doing any terminal echoing, so the 382client should do any terminal echoing that is needed. 383.It "WILL BINARY" 384Indicates that the client is willing to send a 3858 bits of data, rather than the normal 7 bits 386of the Network Virtual Terminal. 387.It "WILL SGA" 388Indicates that it will not be sending 389.Dv IAC GA, 390go ahead, commands. 391.It "WILL STATUS" 392Indicates a willingness to send the client, upon 393request, of the current status of all 394.Tn TELNET 395options. 396.It "WILL TIMING-MARK" 397Whenever a 398.Dv DO TIMING-MARK 399command is received, it is always responded 400to with a 401.Dv WILL TIMING-MARK 402.ne 1i 403.It "WILL LOGOUT" 404When a 405.Dv DO LOGOUT 406is received, a 407.Dv WILL LOGOUT 408is sent in response, and the 409.Tn TELNET 410session is shut down. 411.It "WILL ENCRYPT" 412Only sent if 413.Nm telnetd 414is compiled with support for data encryption, and 415indicates a willingness to decrypt 416the data stream. 417.El 418.Pp 419.Nm Telnetd 420has support for enabling remotely the following 421.Tn TELNET 422options: 423.Bl -tag -width "DO AUTHENTICATION" 424.It "DO BINARY" 425Sent to indicate that 426.Tn telnetd 427is willing to receive an 8 bit data stream. 428.It "DO LFLOW" 429Requests that the client handle flow control 430characters remotely. 431.It "DO ECHO" 432This is not really supported, but is sent to identify a 4.2BSD 433.Xr telnet 1 434client, which will improperly respond with 435.Dv WILL ECHO. 436If a 437.Dv WILL ECHO 438is received, a 439.Dv DONT ECHO 440will be sent in response. 441.It "DO TERMINAL-TYPE" 442Indicates a desire to be able to request the 443name of the type of terminal that is attached 444to the client side of the connection. 445.It "DO SGA" 446Indicates that it does not need to receive 447.Dv IAC GA, 448the go ahead command. 449.It "DO NAWS" 450Requests that the client inform the server when 451the window (display) size changes. 452.It "DO TERMINAL-SPEED" 453Indicates a desire to be able to request information 454about the speed of the serial line to which 455the client is attached. 456.It "DO XDISPLOC" 457Indicates a desire to be able to request the name 458of the X windows display that is associated with 459the telnet client. 460.It "DO NEW-ENVIRON" 461Indicates a desire to be able to request environment 462variable information, as described in RFC 1572. 463.It "DO ENVIRON" 464Indicates a desire to be able to request environment 465variable information, as described in RFC 1408. 466.It "DO LINEMODE" 467Only sent if 468.Nm telnetd 469is compiled with support for linemode, and 470requests that the client do line by line processing. 471.It "DO TIMING-MARK" 472Only sent if 473.Nm telnetd 474is compiled with support for both linemode and 475kludge linemode, and the client responded with 476.Dv WONT LINEMODE. 477If the client responds with 478.Dv WILL TM, 479the it is assumed that the client supports 480kludge linemode. 481Note that the 482.Op Fl k 483option can be used to disable this. 484.It "DO AUTHENTICATION" 485Only sent if 486.Nm telnetd 487is compiled with support for authentication, and 488indicates a willingness to receive authentication 489information for automatic login. 490.It "DO ENCRYPT" 491Only sent if 492.Nm telnetd 493is compiled with support for data encryption, and 494indicates a willingness to decrypt 495the data stream. 496.Sh ENVIRONMENT 497.Sh FILES 498.Pa /etc/services 499.br 500.Pa /etc/inittab 501(UNICOS systems only) 502.br 503.Pa /etc/iptos 504(if supported) 505.br 506.Pa /usr/ucb/bftp 507(if supported) 508.Sh "SEE ALSO" 509.Xr telnet 1 , 510.Xr login 1 , 511.Xr bftp 1 512(if supported) 513.Sh STANDARDS 514.Bl -tag -compact -width RFC-1572 515.It Cm RFC-854 516.Tn TELNET 517PROTOCOL SPECIFICATION 518.It Cm RFC-855 519TELNET OPTION SPECIFICATIONS 520.It Cm RFC-856 521TELNET BINARY TRANSMISSION 522.It Cm RFC-857 523TELNET ECHO OPTION 524.It Cm RFC-858 525TELNET SUPPRESS GO AHEAD OPTION 526.It Cm RFC-859 527TELNET STATUS OPTION 528.It Cm RFC-860 529TELNET TIMING MARK OPTION 530.It Cm RFC-861 531TELNET EXTENDED OPTIONS - LIST OPTION 532.It Cm RFC-885 533TELNET END OF RECORD OPTION 534.It Cm RFC-1073 535Telnet Window Size Option 536.It Cm RFC-1079 537Telnet Terminal Speed Option 538.It Cm RFC-1091 539Telnet Terminal-Type Option 540.It Cm RFC-1096 541Telnet X Display Location Option 542.It Cm RFC-1123 543Requirements for Internet Hosts -- Application and Support 544.It Cm RFC-1184 545Telnet Linemode Option 546.It Cm RFC-1372 547Telnet Remote Flow Control Option 548.It Cm RFC-1416 549Telnet Authentication Option 550.It Cm RFC-1411 551Telnet Authentication: Kerberos Version 4 552.It Cm RFC-1412 553Telnet Authentication: SPX 554.It Cm RFC-1571 555Telnet Environment Option Interoperability Issues 556.It Cm RFC-1572 557Telnet Environment Option 558.Sh BUGS 559Some 560.Tn TELNET 561commands are only partially implemented. 562.Pp 563Because of bugs in the original 4.2 BSD 564.Xr telnet 1 , 565.Nm telnetd 566performs some dubious protocol exchanges to try to discover if the remote 567client is, in fact, a 4.2 BSD 568.Xr telnet 1 . 569.Pp 570Binary mode 571has no common interpretation except between similar operating systems 572(Unix in this case). 573.Pp 574The terminal type name received from the remote client is converted to 575lower case. 576.Pp 577.Nm Telnetd 578never sends 579.Tn TELNET 580.Dv IAC GA 581(go ahead) commands. 582