telnetd - The DARPA telnet protocol server daemon
telnetd [-debug | debug6 [port]] [-D modifier...] [-n]
[-x] [-K] [-d auth | enc]
Starts telnetd manually, rather than through inetd, on
alternate TCP port number port (if specified). It either
creates an IPv4 socket (-debug) or IPv6 socket (-debug6).
Prints out debugging information. This allows telnetd to
print out debugging information to the connection, allowing
the user to see what telnetd is doing. Valid values
for modifier are:
Prints information about negotiation of telnet
options. Prints the same information as options,
along with additional processing information. Displays
the data stream received by telnetd. Displays
data written to the pty. Not yet implemented.
Disables reverse lookups of remote host
names. This option can prevent login delays and
timeouts in an environment where host name resolution
is sluggish. Encrypts the data transmitted
between the local host and the remote host. This
option requires that the local and remote hosts be
configured to use Kerberos authentication in the
same or trusting Kerberos realms. Specifies that
only Kerberos authenticated connections will be
accepted. This option requires that the local and
remote hosts be configured to use Kerberos authentication
in the same or trusting Kerberos realms.
Enables authentication (auth) or encryption (enc)
debugging.
The telnetd daemon is a server that supports the DARPA
(Defense Advanced Research Projects Agency) standard telnet
virtual terminal protocol. The telnetd daemon is
invoked by the Internet server (see inetd(8)) normally for
requests to connect to the telnet port as indicated by the
/etc/services file (see services(4)). Either the -debug
option (for IPv4 sockets) or -debug6 option (for IPv6
sockets) may be used, to start up telnetd manually. If
the daemon is started up this way, port may be specified
to run telnetd on an alternate TCP port number.
The telnetd daemon operates by allocating a pseudoterminal
device (see pty(7)) for a client, then creating a login
process that has the slave side of the pseudoterminal as
stdin, stdout, and stderr. The telnetd daemon manipulates
the master side of the pseudo-terminal, implementing the
telnet protocol and passing characters between the remote
client and the login process.
When a telnet session is started up, telnetd sends telnet
options to the client side, indicating a willingness to do
remote echo of characters, to suppress go ahead, to do
remote flow control, and to receive terminal type information,
terminal speed information, and window size
information from the remote client. If the remote client
is willing, the remote terminal type is propagated in the
environment of the created login process. The pseudoterminal
allocated to the client is configured to operate in
cooked mode, and with XTABS and CRMOD enabled (see
tty(7)).
The telnetd daemon is willing to do: echo, binary, suppress
go ahead, and timing mark. The telnetd daemon is
willing to have the remote client do: line mode, binary,
terminal type, terminal speed, window size, toggle flow
control, environment, X display location, and suppress go
ahead.
The telnetd daemon never sends telnet go ahead commands.
Note that binary mode has no common interpretation except
between similar operating systems (Unix-compatible systems
in this case).
Note also that the terminal type name received from the
remote client is converted to lowercase.
The telnet command uses the default Type-of-Service value
recommended by RFC1060, which is as follows: Low delay
You can configure this value by specifying it in the
/etc/iptos file. For more information, see iptos(4).
By default, the telnetd daemon starts the login dialog
using the login string specified in the message field of
the /etc/gettydefs file. If you want to use a customized
banner, create an /etc/issue.net or /etc/issue file. The
telnetd daemon reads the file that exists and writes its
contents over a new telnet connection prior to starting
the login dialog. If both files exist, only the
/etc/issue.net file is used.
The telnetd daemon can use a secure connection. A secure
connection is one where the telnetd daemon authenticates a
user by using Kerberos. Kerberos is a client/server application
that authenticate the client, server, and user,
encrypt data, and ensure data integrity and nonrepudiation.
See your system administrator to determine if your
system is running Kerberos. See Security Administration
for more information about Kerberos.
Kerberos authenticates by using secret-key cryptography
and tickets between Kerberos clients and Kerberos server
in the same or trusting Kerberos realms. Once authenticated
by Kerberos, users receive a Kerberos Ticket Granting
Ticket (TGT). Users with a valid TGT are not prompted
for a username or password when the remote host is in the
same or trusting Kerberos realm.
Some telnet commands are only partially implemented.
Because of bugs in the original 4.2BSD telnet command,
telnetd performs some dubious protocol exchanges to try to
discover if the remote client is, in fact, a 4.2BSD telnet.
Specifies the command path. Specifies the path name for
the network issue identification file. Specifies the path
name for the issue identification file.
Commands: telnet(1)
Files: iptos(4), issue(4), issue.net(4)
Guides: Security Administration
telnetd(8)
[ Back ] |
