telnetd(8)telnetd(8)NAMEtelnetd - The DARPA telnet protocol server daemon
SYNOPSIStelnetd [-debug | debug6 [port]] [-D modifier...] [-n] [-x] [-K] [-d
auth | enc]
OPTIONS
Starts telnetd manually, rather than through inetd, on alternate TCP
port number port (if specified). It either creates an IPv4 socket
(-debug) or IPv6 socket (-debug6). Prints out debugging information.
This allows telnetd to print out debugging information to the connec‐
tion, allowing the user to see what telnetd is doing. Valid values for
modifier are:
Prints information about negotiation of telnet options. Prints
the same information as options, along with additional process‐
ing information. Displays the data stream received by telnetd.
Displays data written to the pty. Not yet implemented. Dis‐
ables reverse lookups of remote host names. This option can pre‐
vent login delays and timeouts in an environment where host name
resolution is sluggish. Encrypts the data transmitted between
the local host and the remote host. This option requires that
the local and remote hosts be configured to use Kerberos authen‐
tication in the same or trusting Kerberos realms. Specifies
that only Kerberos authenticated connections will be accepted.
This option requires that the local and remote hosts be config‐
ured to use Kerberos authentication in the same or trusting Ker‐
beros realms. Enables authentication (auth) or encryption (enc)
debugging.
DESCRIPTION
The telnetd daemon is a server that supports the DARPA (Defense
Advanced Research Projects Agency) standard telnet virtual terminal
protocol. The telnetd daemon is invoked by the Internet server (see
inetd(8)) normally for requests to connect to the telnet port as indi‐
cated by the /etc/services file (see services(4)). Either the -debug
option (for IPv4 sockets) or -debug6 option (for IPv6 sockets) may be
used, to start up telnetd manually. If the daemon is started up this
way, port may be specified to run telnetd on an alternate TCP port num‐
ber.
The telnetd daemon operates by allocating a pseudoterminal device (see
pty(7)) for a client, then creating a login process that has the slave
side of the pseudoterminal as stdin, stdout, and stderr. The telnetd
daemon manipulates the master side of the pseudo-terminal, implementing
the telnet protocol and passing characters between the remote client
and the login process.
When a telnet session is started up, telnetd sends telnet options to
the client side, indicating a willingness to do remote echo of charac‐
ters, to suppress go ahead, to do remote flow control, and to receive
terminal type information, terminal speed information, and window size
information from the remote client. If the remote client is willing,
the remote terminal type is propagated in the environment of the cre‐
ated login process. The pseudoterminal allocated to the client is con‐
figured to operate in cooked mode, and with XTABS and CRMOD enabled
(see tty(7)).
The telnetd daemon is willing to do: echo, binary, suppress go ahead,
and timing mark. The telnetd daemon is willing to have the remote
client do: line mode, binary, terminal type, terminal speed, window
size, toggle flow control, environment, X display location, and sup‐
press go ahead.
The telnetd daemon never sends telnet go ahead commands.
Note that binary mode has no common interpretation except between simi‐
lar operating systems (Unix-compatible systems in this case).
Note also that the terminal type name received from the remote client
is converted to lowercase.
The telnet command uses the default Type-of-Service value recommended
by RFC1060, which is as follows: Low delay
You can configure this value by specifying it in the /etc/iptos file.
For more information, see iptos(4).
By default, the telnetd daemon starts the login dialog using the login
string specified in the message field of the /etc/gettydefs file. If
you want to use a customized banner, create an /etc/issue.net or
/etc/issue file. The telnetd daemon reads the file that exists and
writes its contents over a new telnet connection prior to starting the
login dialog. If both files exist, only the /etc/issue.net file is
used.
SECURE CONNECTION
The telnetd daemon can use a secure connection. A secure connection is
one where the telnetd daemon authenticates a user by using Kerberos.
Kerberos is a client/server application that authenticate the client,
server, and user, encrypt data, and ensure data integrity and nonrepu‐
diation. See your system administrator to determine if your system is
running Kerberos. See Security Administration for more information
about Kerberos.
Kerberos authenticates by using secret-key cryptography and tickets
between Kerberos clients and Kerberos server in the same or trusting
Kerberos realms. Once authenticated by Kerberos, users receive a Ker‐
beros Ticket Granting Ticket (TGT). Users with a valid TGT are not
prompted for a username or password when the remote host is in the same
or trusting Kerberos realm.
CAUTIONS
Some telnet commands are only partially implemented.
Because of bugs in the original 4.2BSD telnet command, telnetd performs
some dubious protocol exchanges to try to discover if the remote client
is, in fact, a 4.2BSD telnet.
FILES
Specifies the command path. Specifies the path name for the network
issue identification file. Specifies the path name for the issue iden‐
tification file.
SEE ALSO
Commands: telnet(1)
Files: iptos(4), issue(4), issue.net(4)
Guides: Security Administration
telnetd(8)