telnet - Logs into a remote host
telnet [-dfx] [-l username] [-n trace_file] [host] [port]
Turns debugging mode on. Copies your Kerberos ticket from
the local host to the remote host to establish your Kerberos
credentials on the remote host. This option requires
that the local and remote hosts be configured to use Kerberos
authentication in the same or trusting Kerberos
realms. The Kerberos ticket will remain on the remote host
until it either expires or it is explicitly destroyed. The
-f option is ignored when used with the -l option. Sends
user to the remote system as the value for the variable
USER when connecting to the remote system, if the remote
system understands the ENVIRON option. This option can
also be used with the open command. Records network trace
information in the file specified by trace_file. Encrypts
the data transmitted between the local host and the remote
host. This option requires that the local and remote hosts
be configured to use Kerberos authentication in the same
or trusting Kerberos realms.
The telnet command is the interface to the TELNET protocol.
The TELNET protcol allows remote login to other
hosts.
The telnet command uses the Transmission Control Protocol/Internet
Protocol (TCP/IP) to communicate with other
hosts in the network.
The telnet command operates in two different modes: command
mode and input mode. When issued without arguments,
telnet enters command mode, as indicated by the telnet>
prompt. Command mode can also be entered by typing the
telnet Escape character (initially ^]). When in command
mode, the normal terminal editing conventions are available.
In command mode, the subcommands listed in the SUBCOMMANDS
section can be entered. Some of these subcommands return
you to the remote session upon completion. For those that
do not, pressing <Return> returns you to the remote session.
If the telnet command is entered with arguments, it performs
an open subcommand with those arguments, then enters
input mode. Once a connection is opened, telnet attempts
to enable the TELNET LINEMODE option. If this fails, telnet
reverts to one of two input modes: either characterat-a-time
or old line-by-line mode, depending on what the
remote system supports.
When LINEMODE is enabled, character processing is done on
the local system, under the control of the remote system.
When input editing or character echoing is to be disabled,
the remote system relays that information. The remote
system also relays changes to any special characters that
happen on the remote system, so that they can take effect
on the local system.
In character-at-a-time mode, most text typed is immediately
sent to the remote host for processing.
In old line-by-line mode, all text is echoed locally, and
(in most cases) only completed lines are sent to the
remote host. The local echo character (initially ^E) can
be used to turn off and on the local echo (this would
mostly be used to enter passwords without the password
being echoed).
If the LINEMODE option is enabled, or if the localchars
toggle is true (the default for old line-by-line; see
below), the user's quit, intr, and flush characters are
trapped locally, and sent as TELNET protocol sequences to
the remote side. If LINEMODE has ever been enabled, then
the user's susp and eof are also sent as TELNET protocol
sequences, and quit is sent as a TELNET ABORT instead of
BRK. There are options (see toggle autoflush and toggle
autosynch below) that cause this action to flush subsequent
output to the terminal (until the remote host
acknowledges the TELNET sequence) and flush previous terminal
input (in the case of quit and intr).
The telnet command uses the default Type-of-Service value
recommended by RFC 1060, which is as follows: telnet Low
delay
You can configure this value by specifying it in the
/etc/iptos file. For more information, see iptos(4).
The way in which the remote host authenticates a user and
transmits data depends on if the local and remote hosts
are using a basic connection or a secure connection (Kerberos
or Secure Shell). Basic and secure connections provide
user authentication; however, a secure connection
also provides client and server authentication, data
encryption, data integrity, and nonrepudiation.
Basic Connection [Toc] [Back]
A basic connection is one where the telnet command connects
to the remote host, then prompts for the username
and password. The telnet command fails if no password is
defined at the remote host for the specified username.
Secure Connection [Toc] [Back]
A secure connection is one where the telnet command connects
to the remote host by using either Kerberos or
Secure Shell. Kerberos and Secure Shell are client/server
applications that authenticate the client, server, and
user; encrypt data; and ensure data integrity and nonrepudiation.
See your system administrator to determine if
your system is running Kerberos or Secure Shell software.
See Security Administration for more information about
Kerberos and Secure Shell.
Kerberos [Toc] [Back]
Kerberos authenticates by using secret-key cryptography
and tickets between Kerberos clients and Kerberos server
in the same or trusting Kerberos realms. Once authenticated
by Kerberos, users receive a Kerberos Ticket Granting
Ticket (TGT). Users with a valid TGT are not prompted
for a username or password when the remote host is in the
same or trusting Kerberos realm.
To use Kerberos to log in to a remote host, enter the telnet
command with the -f and -x options.
Secure Shell [Toc] [Back]
Secure Shell authenticates by using passwords, host-based
identification, or public and private keys between Secure
Shell clients and Secure Shell servers.
By default, the telnet command will use Kerberos (with a
valid TGT) when a system is configured to use both Kerberos
and Secure Shell.
To use Secure Shell to log into a remote host, enter the
Secure Shell ssh2 (or ssh) command instead of the telnet
command. The ssh2 command provides the same functionality
as the telnet command over a secure connection. See
ssh2(1) for more information on using the Secure Shell
ssh2 command.
After it is determined that Secure Shell will be used, all
authentication and communication between the client and
server will use the Secure Shell connection. A connection
is not established if a user cannot be authenticated.
For each of the subcommands in the following list, you
only need to type enough letters to uniquely identify the
command. (For example, q is sufficient for the quit subcommand.)
This is also true for the arguments to the mode,
set, toggle, unset, slc, and display commands.
The subcommands for telnet are as follows: Requests help
on telnet. Without arguments, telnet prints a help summary.
If a subcommand is specified, telnet prints help
information for just that subcommand. Closes the telnet
connection and returns to command mode. Displays all of
the set and toggle values if no argument is specified;
otherwise, lists only those values that match argument.
Manipulates the variables that can be sent through the
telnet ENVIRON option. The initial set of variables is
taken from the user's environment, with only the USER and
DISPLAY variables being exported.
Valid arguments for the environ subcommand are as
follows: Defines variable to have the specified
value. Any variables defined by this command are
automatically exported. value can be enclosed in
single or double quotes so that tabs and spaces can
be included. Removes variable from the list of
environment variables. Marks variable to be
exported to the remote side. Marks variable to not
be exported unless explicitly asked for by the
remote side. Lists the current set of environment
variables. Those marked with an * (asterisk) are
sent automatically; other variables are sent only
if explicitly requested. The type option is one of
several options, depending on the state of the TELNET
session. The remote host is asked for permission
to go into the requested mode. If the remote
host is capable of entering that mode, the
requested mode is entered. Prints out help information
for the mode command. Disables the LINEMODE
option, or, if the remote side does not understand
the LINEMODE option, enters character-at-a-time
mode. Enables the LINEMODE option, or, if the
remote side does not understand the LINEMODE
option, then attempts to enter old line-by-line
mode. Attempts to enable (disable) the TRAPSIG
mode of the LINEMODE option. This requires that the
LINEMODE option be enabled. Attempts to enable
(disable) the EDIT mode of the LINEMODE option.
This requires that the LINEMODE option be enabled.
Attempts to enable (disable) the SOFT_TAB mode of
the LINEMODE option. This requires that the
LINEMODE option be enabled. Attempts to enable
(disable) the LIT_ECHO mode of the LINEMODE option.
This requires that the LINEMODE option be enabled.
Opens a connection to the specified host. The host
specification can be a hostname, an IPv4 address,
an IPv6 address, or a source route. See the SOURCE
ROUTING section for information on source routing.
If no port is given, telnet attempts to contact a
TELNET server at the default port.
When connecting to a nonstandard port, telnet omits
any automatic initiation of TELNET options. When
the port number is preceded by a - (dash), the initial
option negotiation is done. After establishing
a connection, the file in the user's home directory
is opened.
Lines beginning with a # (number sign) are comment
lines. Blank lines are ignored. Lines that begin
without empty spaces are the start of a machine
entry. The first thing on the line is the name of
the machine to which the user is connected. The
rest of the line and successive lines that begin
with empty spaces are assumed to be telnet commands
and are processed as if they were typed in manually
to the telnet> command prompt. Closes a TELNET
connection and exits telnet. An End-of-File in
command mode also closes the connection and exits.
Sends one or more arguments (special character
sequences) to the remote host. (Not all hosts will
respond to all of these sequences.) Multiple arguments
are separated by spaces. The following arguments
can be used: Prints help information for the
send subcommand. Sends the TELNET ABORT (Abort
Processes) sequence. Sends the TELNET AO (Abort
Output) sequence, which causes the remote host to
flush all output from the remote system to the
local terminal. Sends the TELNET AYT (Are You
There) sequence, to which the remote system can
respond. Sends the TELNET BRK (Break) sequence,
which might have significance to the remote system.
Sends the TELNET EC (Erase Character) sequence,
which causes the remote host to erase the last
character entered. Sends the TELNET EL (Erase
Line) sequence, which causes the remote system to
erase the line currently being entered. Sends the
TELNET EOF (End-of-File) sequence. Sends the TELNET
EOR (End-of-Record) sequence. Sends the current
TELNET Escape character (^] by default).
Sends the TELNET GA (Go Ahead) sequence, which provides
the remote system with a mechanism to signal
the local system to return control to the user. If
the remote side supports the TELNET STATUS command,
getstatus sends the subnegotiation to request that
the server send its current option status. Sends
the TELNET IP (Interrupt Process) sequence, which
causes the remote system to terminate the currently
running process. Sends the TELNET NOP (No Operation)
sequence. Sends the TELNET SUSP (Suspend
Process) sequence. Sends the TELNET SYNC sequence,
which causes the remote system to discard all previously
typed input that has not yet been read.
This sequence is sent as TCP urgent data. Sets a
telnet variable to the specified value or to true.
The off special value turns off the function associated
with the variable name entered; this is
equivalent to using the unset command. The unset
command disables or sets to false any of the specified
functions. The values of variables can be
queried with the display subcommand. The variables
that can be set or unset, but not toggled, are
listed here. In addition, any of the variables for
the toggle subcommand can be explicitly set or
unset by using the set and unset commands. Displays
the legal set (unset) commands. Toggles
between enabling and suppressing local echo of
entered characters. Local echo is used for normal
processing, while suppressing the echo is used for
entering text that should not appear on the display,
such as passwords. This variable is initially
^E, and can only be used in line-by-line
mode. Defines the End-of-File character for telnet.
When telnet is in line-by-line mode, entering
the eof character as the first character on a line
sends the character to the remote host. The initial
value for the eof character is the local terminal's
End-of-File character. Defines the erase
character for telnet. When telnet is in characterat-a-time
mode and localchars is true, typing the
erase character sends the TELNET EC sequence to the
remote host. The initial value for the erase character
is the local terminal's erase character.
Specifies the telnet escape character (initially
^]), which puts telnet into command mode when connected
to a remote host. Defines the flush character
for telnet. When localchars is true, typing
the flushoutput character sends the TELNET AO
sequence to the remote host. The initial value for
the flush character is the terminal's flush character.
Defines alternate end-of-line character.
Defines the interrupt character for telnet. When
localchars is true, typing the interrupt character
sends the TELNET IP sequence to the remote host.
The initial value for the interrupt character is
the local terminal's interrupt character. Defines
the kill character for telnet. When telnet is in
character-at-a-time mode and localchars is true,
typing the kill character sends the TELNET EL
sequence to the remote host. The initial value for
the kill character is the local terminal's kill
character. Defines the lnext (literal next) character
for telnet. If telnet is operating in old
line-by-line mode and localchars is true, this
character is taken to be the terminal's lnext character.
The initial value for the lnext character is
the local terminal's lnext character. Defines the
quit character for telnet. When localchars is
true, typing the quit character sends the TELNET
BRK sequence to the remote host. The initial value
for the quit character is the local terminal's quit
character. Defines the terminal's reprint
character, if telnet is operating in LINEMODE or
old line-by-line mode. The initial value for the
reprint character is the terminal's reprint character.
Defines the terminal's start character, if
the TELNET TOGGLE-FLOW-CONTROL option was enabled.
The initial value for the start character is the
terminal's start character. Defines the terminal's
stop character, if the TELNET TOGGLE-FLOW-CONTROL
option was enabled. The initial value for the stop
character is the terminal's stop character. Sends
a TELNET SUSP sequence (see send susp) to the
remote host, if telnet is in localchars mode, or
LINEMODE is enabled, and the suspend character is
typed. The initial value for the suspend character
is the terminal's suspend character. Specifies the
file to which the output, caused by netdata or
option tracing being true, is written. If it is
set to a - (dash), then tracing information is
written to standard output (the default). Defines
the terminal's worderase character, if telnet is
operating in LINEMODE or old line-by-line mode.
The initial value for the worderase character is
taken to be the terminal's worderase character.
Sets or changes the state of the special characters
when the TELNET LINEMODE option is enabled (Set
Local Characters). Special characters are characters
that get mapped to TELNET commands sequences
(like ip or quit) or line editing characters (like
erase and kill). By default, the local special
characters are exported. Switches to the local
defaults for the special characters. The local
default characters are those of the local terminal
at the time when telnet was started. Switches to
the remote defaults for the special characters. The
remote default characters are those of the remote
system at the time when the TELNET connection was
established. Verifies the current settings for the
current special characters. The remote side is
requested to send all the current special character
settings, and if there are any discrepancies with
the local side, the local side switches to the
remote value. Prints out help information for the
slc command. Shows the current status of telnet.
This includes the host to which you are connected,
as well as the current mode. Toggles one or more
arguments that control how telnet responds to
events. Possible values are true and false. These
options can be explicitly set to true or false with
the set and unset subcommands. Multiple arguments
are separated by spaces. The display subcommand
can be used to query the current setting of each
argument.
The following arguments can be used: Displays valid
arguments to toggle. If autoflush and localchars
are both true and the AO, interrupt, and quit characters
are recognized and transformed into TELNET
sequences, telnet does not display any data on the
user's terminal until the remote system acknowledges
(with a TELNET timing mark option) that it
has processed those TELNET sequences. The initial
value of autoflush is true if the terminal has not
done an stty noflsh, and false if it has. If
autosynch and localchars are both true, then typing
the interrupt or quit character sends that character's
TELNET sequence, followed by the TELNET SYNC
sequence. This procedure causes the remote host to
discard all previously typed input until both of
the telnet sequences are read and acted upon. The
initial value of this toggle is false. Enables or
disables the TELNET BINARY option on both input and
output. Enables or disables the TELNET BINARY
option on input. Enables or disables the TELNET
BINARY option on output. Toggles carriage-return
feature. When true, carriage-returns are sent as
carriage-return/linefeed. When false, carriagereturns
are sent as carriage-return/NULL. The initial
value for this toggle is false. Toggles carriage-return
mode. When set to true, most carriage-return
characters received from the remote
host are mapped into a carriage-return followed by
a linefeed. This mode does not affect the characters
typed by the user, only those received from
the remote host. This mode is useful when the
remote host sends only a carriage-return and not a
linefeed. The initial value of this toggle is
false. Toggles debugging at the socket level.
This argument can only be entered by a user with
superuser privileges. The initial value of this
toggle is false. Determines the handling of telnet
special characters. When this value is true, the
erase, flush, interrupt, kill, and quit characters
are recognized locally and transformed into the
appropriate TELNET control sequences (EC, AO, IP,
BRK, and EL, respectively). When this value is
false, these special characters are sent to the
remote host as literal characters. The initial
value of localchars is true in line-by-line mode
and false in character-at-a-time mode.
When the LINEMODE option is enabled, the value of
localchars is ignored, and assumed to always be
true. If LINEMODE has ever been enabled, quit is
sent as abort, and eof and suspend are sent as eof
and susp (see the send subcommand). Toggles the
display of all network data (in hexadecimal format).
The data is written to standard output unless
a trace_file is specified with the -n option on the
telnet command line. The initial value of this toggle
is false. Toggles the display of internal TELNET
protocol processing options, such as terminal
negotiation and local or remote echo of characters.
The initial value of this toggle is false, indicating
that the current options are not displayed.
When the netdata toggle is enabled and prettydump
is also enabled, the output from the netdata toggle
appears in a more readable format. Spaces are
placed between the characters in the output, and
the beginning of any TELNET escape sequence is preceded
by an * (asterisk) to aid in locating it.
Toggles printing of hexadecimal terminal data (used
for debugging). Suspends TELNET execution and
returns you to your original login shell. This subcommand
works only when you are using csh or ksh.
You can specify a source route to a destination system in
either command mode or input mode by using the following
syntax for host:
[!]@hop@hop@hop...@host [-V {4|6}]
Each hop can be an IPv4 address, IPv6 address, or host
name. If you use addresses, you must use the same address
type for each hop (either all IPv4 addresses or all IPv6
addresses).
There are two type of source routes: strict and loose. A
strict source route is one that does not do any other
lookups, and uses only the specified hosts as routes. The
optional exclamation (!) character preceding a source
route indicates a strict source route. Strict source
routes are not supported in IPv6.
Loose source routes (those specified without ! character),
try to use the specified route as best as it can.
However, in some instances an intermediate gateway may be
used.
The following is an example of a strict source route. In
this example, packets are sent to host1, which will then
forward them to host2. Both host1 and host2 must have a
direct link, otherwise the connection will be refused.
!@host1@host2
The following is an example of a loose source route. In
this example, host1 and host2 do not have to have a direct
link, and may have a gateway or a router between them.
@host1@host2
If the user specifies actual host names, telnet decides
which protocol to use as follows:
-----------------------------------------------
If any host has: telnet uses this protocol:
-----------------------------------------------
IPv6 address only IPv6
IPv4 address only IPv4
-----------------------------------------------
If all hosts have both IPv4 and IPv6 address, telnet will
use IPv6.
You can also modify which protocol is used with the -V
option. The -V option is only used in conjunction with a
source route and must follow the source route.
If you use the -V option and the option contradicts the
outcome of the telnet protocol selection, telnet prints an
error. If all hosts have both IPv4 and IPv6 addresses, and
you specify -V4, telnet will use IPv4.
On some remote systems, echo has to be turned off manually
when in old line-by-line mode. In old line-by-line mode
or LINEMODE, the terminal's End-of-File character is only
recognized (and sent to the remote system) when it is the
first character on a line.
To log in to host1 and do terminal type negotiation,
enter: telnet host1
Information similar to the following is displayed
on your screen: Trying ... Connected to host1
Escape character is ^]
login: _ To log in to remote host host3 and then
check the status of the telnet program, enter: $
telnet host3
Trying ... Connected to host3 Escape character is
^]
login: _
Enter your login ID and password when you are
prompted to do so. Press ^] to receive the telnet>
prompt. Enter the status subcommand at the prompt.
Information similar to the following is then displayed
on your screen: Connected to host3. Operating
in single character mode. Escape character is
'^]'. _ Press <Return> $_
Upon completion of the status subcommand, you must
press <Return> to return to the remote prompt.
The following examples use Kerberos. The local host and
the remote host host2 are in the same Kerberos realm. To
log into the remote host over an encrypted connection,
enter: $ telnet -x host2
You are not prompted for a password if both hosts
are in the same or trusting realm and you have a
valid TGT. To log in and forward your Kerberos
ticket to the remote host, enter: $ telnet -f host2
You are not prompted for a password if both hosts
are in the same or trusting realm and you have a
valid TGT.
User-customized telnet startup values.
Commands: env(1), kdestroy(1), kinit(1), klist(1), printenv(1), rexecd(8), rlogin(1), rsh(1), ssh2(1), telnetd(8)
Files: iptos(4)
Guides: Security Administration
telnet(1)
[ Back ] |
