telnetd(8)


NAME

     telnetd — DARPA telnet protocol server

SYNOPSIS

     /usr/sbin/in.telnetd [-hnNs] [-a authmode] [-D debugmode] [-L loginprg]
                      [-S tos] [-X authtype] [-edebug] [-debug port]
                      [-z sslopt]

DESCRIPTION

     The telnetd program is a server which supports the DARPA telnet
     interactive communication protocol.  Telnetd is normally invoked by the
     internet server (see inetd(8)) for requests to connect to the telnet port
     as indicated by the /etc/services file (see services(5)).  The -debug
     option may be used to start up telnetd manually, instead of through
     inetd(8).  If started up this way, port may be specified to run telnetd
     on an alternate TCP port number.

     The telnetd program accepts the following options:

     -a authmode  This option may be used for specifying what mode should be
              used for authentication.  Note that this option is only
              useful if telnetd has been compiled with support for
              authentication, which is not available in the current
              version.  The following values of authmode are understood:

              debug  Turns on authentication debugging code.

              user   Only allow connections when the remote user can
                     provide valid authentication information to identify
                     the remote user, and is allowed access to the
                     specified account without providing a password.

              valid  Only allow connections when the remote user can
                     provide valid authentication information to identify
                     the remote user.  The login(1) command will provide
                     any additional user verification needed if the remote
                     user is not allowed automatic access to the specified
                     account.

              other  Only allow connections that supply some
                     authentication information.  This option is currently
                     not supported by any of the existing authentication
                     mechanisms, and is thus the same as specifying valid.

              none   This is the default state.  Authentication
                     information is not required.  If no or insufficient
                     authentication information is provided, then the
                     login(1) program will provide the necessary user
                     verification.

              off    This disables the authentication code.  All user
                     verification will happen through the login(1)
                     program.

     -D debugmode
              This option may be used for debugging purposes.  It allows
              telnetd to print out debugging information to the
              connection, allowing the user to see what telnetd is doing.
              Repeated use of the option arranges composite debug reports.
              There are several possible values for debugmode:

              options   Prints information about the negotiation of telnet
                        options.

              report    Prints the options information, plus some
                        additional information about what processing is
                        going on.

              netdata   Displays the data stream received by telnetd.

              ptydata   Displays data written to the pty.

              exercise  Has not been implemented yet.

     -edebug      If telnetd has been compiled with support for encryption,
              then the -edebug option may be used to enable encryption
              debugging code.

     -h           Disables the printing of host-specific information before
              login has been completed.

     -L loginprg  This option may be used to specify a different login
              program.  By default, /usr/lib/telnetlogin is used.

     -n           Disable TCP keep-alives.  Normally telnetd enables the TCP
              keep-alive mechanism to probe connections that have been
              idle for some period of time to determine if the client is
              still there, so that idle connections from machines that
              have crashed or can no longer be reached may be cleaned up.

     -N           Disable reverse DNS lookups and use the numeric IP address
              in logs and REMOTEHOST environment variable.

     -s           This option is only enabled if telnetd is compiled with
              support for SecurID cards.  It causes the -s option to be
              passed on to login(1), and thus is only useful if login(1)
              supports the -s flag to indicate that only SecurID validated
              logins are allowed. This is usually useful for controlling
              remote logins from outside of a firewall.

     -S tos       Sets the IP type-of-service (TOS) option for the telnet
              connection to the value tos.

     -X authtype  This option is only valid if telnetd has been built with
              support for the authentication option.  It disables the use
              of authtype authentication, and can be used to temporarily
              disable a specific authentication type without having to
              recompile telnetd.

     -z SSL-parameter
              This option is only valid if telnetd has been built with SSL
              (Secure Socket Layer) support.

              debug       Enable SSL related debugging.

              ssl         Negotiate SSL at first, then use telnet
                          protocol. In this mode telnetd only accepts
                          connections from SSL enhanced telnet with option
                          -z ssl

              nossl, !ssl
                          switch off SSL negotiation

              certsok     Look username up in /etc/ssl.users. The format
                          of this file is lines of this form:
                          user1,user2:/C=US/..... where user1 and user2
                          are usernames and /C=US/... is the subject name
                          of the certificate. Use openssl x509 -subject
                          -noout to extract the subject name.  If client
                          certificate is valid, authenticate without
                          password.

              certrequired
                          client certificate is mandatory

              secure      Don't switch back to unencrypted mode (no SSL)
                          if SSL is not available.

              verify=int  Set the SSL verify flags (SSL_VERIFY_* in
                          ssl/ssl.h ).

              cert=cert_file
                          Use the certificate(s) in cert_file.

              key=key_file
                          Use the key(s) in key_file.

              cipher=ciph_list
                          Set the preferred ciphers to ciph_list.  (See
                          ssl/ssl.h ).

     If the file /etc/issue.net is present, telnetd will display its contents
     before the login prompt of a telnet session (see issue.net(5)).

     Telnetd operates by allocating a pseudo-terminal device (see pty(4)) for
     a client, then creating a login process which has the slave side of the
     pseudo-terminal as stdin, stdout, and stderr.  Telnetd manipulates the
     master side of the pseudo-terminal, implementing the telnet protocol and
     passing characters between the remote client and the login process.

     When a telnet session is started up, telnetd sends telnet options to the
     client side indicating a willingness to do the following telnet options,
     which are described in more detail below:

       DO AUTHENTICATION
       WILL ENCRYPT
       DO TERMINAL TYPE
       DO TSPEED
       DO XDISPLOC
       DO NEW-ENVIRON
       WILL SUPPRESS GO AHEAD
       DO ECHO
       DO LINEMODE
       DO NAWS
       WILL STATUS
       DO LFLOW
       DO TIMING-MARK

     The pseudo-terminal allocated to the client is configured to operate in
     “cooked” mode, and with XTABS CRMOD enabled (see tty(4)).

     Telnetd has support for enabling locally the following telnet options:

     WILL ECHO          When the LINEMODE option is enabled, a WILL ECHO or
                    WONT ECHO will be sent to the client to indicate the
                    current state of terminal echoing.  When terminal echo
                    is not desired, a WILL ECHO is sent to indicate that
                    telnetd will take care of echoing any data that needs
                    to be echoed to the terminal, and then nothing is
                    echoed.  When terminal echo is desired, a WONT ECHO is
                    sent to indicate that telnetd will not be doing any
                    terminal echoing, so the client should do any terminal
                    echoing that is needed.

     WILL BINARY        Indicates that the client is willing to send a 8 bits
                    of data, rather than the normal 7 bits of the Network
                    Virtual Terminal.

     WILL SGA           Indicates that it will not be sending IAC GA, go
                    ahead, commands.

     WILL STATUS        Indicates a willingness to send the client, upon
                    request, of the current status of all TELNET options.

     WILL TIMING-MARK   Whenever a DO TIMING-MARK command is received, it is
                    always responded to with a WILL TIMING-MARK

     WILL LOGOUT        When a DO LOGOUT is received, a WILL LOGOUT is sent in
                    response, and the TELNET session is shut down.

     WILL ENCRYPT       Only sent if telnetd is compiled with support for data
                    encryption, and indicates a willingness to decrypt the
                    data stream.

     Telnetd has support for enabling remotely the following TELNET options:

     DO BINARY          Sent to indicate that telnetd is willing to receive an
                    8 bit data stream.

     DO LFLOW           Requests that the client handle flow control
                    characters remotely.

     DO ECHO            This is not really supported, but is sent to identify
                    a 4.2BSD telnet(1) client, which will improperly
                    respond with WILL ECHO. If a WILL ECHO is received, a
                    DONT ECHO will be sent in response.

     DO TERMINAL-TYPE   Indicates a desire to be able to request the name of
                    the type of terminal that is attached to the client
                    side of the connection.

     DO SGA             Indicates that it does not need to receive IAC GA, the
                    go ahead command.

     DO NAWS            Requests that the client inform the server when the
                    window (display) size changes.

     DO TERMINAL-SPEED  Indicates a desire to be able to request information
                    about the speed of the serial line to which the client
                    is attached.

     DO XDISPLOC        Indicates a desire to be able to request the name of
                    the X windows display that is associated with the
                    telnet client.

     DO NEW-ENVIRON     Indicates a desire to be able to request environment
                    variable information, as described in RFC 1572.

     DO LINEMODE        Only sent if telnetd is compiled with support for
                    linemode, and requests that the client do line by line
                    processing.

     DO TIMING-MARK     Only sent if telnetd is compiled with support for both
                    linemode and kludge linemode, and the client responded
                    with WONT LINEMODE. If the client responds with WILL
                    TM, the it is assumed that the client supports kludge
                    linemode.  Note that the [-k] option can be used to
                    disable this.

     DO AUTHENTICATION  Only sent if telnetd is compiled with support for
                    authentication, and indicates a willingness to receive
                    authentication information for automatic login.

     DO ENCRYPT         Only sent if telnetd is compiled with support for data
                    encryption, and indicates a willingness to decrypt the
                    data stream.

FILES

     /etc/services, /etc/issue.net

SEE ALSO

     telnet(1), login(1), issue.net(5),

STANDARDS

     RFC-854   TELNET PROTOCOL SPECIFICATION
     RFC-855   TELNET OPTION SPECIFICATIONS
     RFC-856   TELNET BINARY TRANSMISSION
     RFC-857   TELNET ECHO OPTION
     RFC-858   TELNET SUPPRESS GO AHEAD OPTION
     RFC-859   TELNET STATUS OPTION
     RFC-860   TELNET TIMING MARK OPTION
     RFC-861   TELNET EXTENDED OPTIONS - LIST OPTION
     RFC-885   TELNET END OF RECORD OPTION
     RFC-1073  Telnet Window Size Option
     RFC-1079  Telnet Terminal Speed Option
     RFC-1091  Telnet Terminal-Type Option
     RFC-1096  Telnet X Display Location Option
     RFC-1123  Requirements for Internet Hosts -- Application and Support
     RFC-1184  Telnet Linemode Option
     RFC-1372  Telnet Remote Flow Control Option
     RFC-1416  Telnet Authentication Option
     RFC-1411  Telnet Authentication: Kerberos Version 4
     RFC-1412  Telnet Authentication: SPX
     RFC-1571  Telnet Environment Option Interoperability Issues
     RFC-1572  Telnet Environment Option

BUGS

     Some TELNET commands are only partially implemented.

     Because of bugs in the original 4.2 BSD telnet(1), telnetd performs some
     dubious protocol exchanges to try to discover if the remote client is, in
     fact, a 4.2 BSD telnet(1).

     Binary mode has no common interpretation except between similar operating
     systems (Unix in this case).

     The terminal type name received from the remote client is converted to
     lower case.

     Telnetd never sends TELNET IAC GA (go ahead) commands.

     The source code is not comprehensible.





Opportunity


Personal Opportunity - Free software gives you access to billions of dollars of software at no cost. Use this software for your business, personal use or to develop a profitable skill. Access to source code provides access to a level of capabilities/information that companies protect though copyrights. Open source is a core component of the Internet and it is available to you. Leverage the billions of dollars in resources and capabilities to build a career, establish a business or change the world. The potential is endless for those who understand the opportunity.

Business Opportunity - Goldman Sachs, IBM and countless large corporations are leveraging open source to reduce costs, develop products and increase their bottom lines. Learn what these companies know about open source and how open source can give you the advantage.





Free Software


Free Software provides computer programs and capabilities at no cost but more importantly, it provides the freedom to run, edit, contribute to, and share the software. The importance of free software is a matter of access, not price. Software at no cost is a benefit but ownership rights to the software and source code is far more significant.


Free Office Software - The Libre Office suite provides top desktop productivity tools for free. This includes, a word processor, spreadsheet, presentation engine, drawing and flowcharting, database and math applications. Libre Office is available for Linux or Windows.





Free Books


The Free Books Library is a collection of thousands of the most popular public domain books in an online readable format. The collection includes great classical literature and more recent works where the U.S. copyright has expired. These books are yours to read and use without restrictions.


Source Code - Want to change a program or know how it works? Open Source provides the source code for its programs so that anyone can use, modify or learn how to write those programs themselves. Visit the GNU source code repositories to download the source.





Education


Study at Harvard, Stanford or MIT - Open edX provides free online courses from Harvard, MIT, Columbia, UC Berkeley and other top Universities. Hundreds of courses for almost all major subjects and course levels. Open edx also offers some paid courses and selected certifications.


Linux Manual Pages - A man or manual page is a form of software documentation found on Linux/Unix operating systems. Topics covered include computer programs (including library and system calls), formal standards and conventions, and even abstract concepts.