 |
Index for
Section 1 |
|
 |
Alphabetical
listing for T |
|
 |
Bottom of
page |
|
telnet(1)
NAME
telnet - Logs into a remote host
SYNOPSIS
telnet [-dfx] [-l username] [-n trace_file] [host] [port]
OPTIONS
-d Turns debugging mode on.
-f Copies your Kerberos ticket from the local host to the remote host to
establish your Kerberos credentials on the remote host. This option
requires that the local and remote hosts be configured to use Kerberos
authentication in the same or trusting Kerberos realms. The Kerberos
ticket will remain on the remote host until it either expires or it is
explicitly destroyed. The -f option is ignored when used with the -l
option.
-l user
Sends user to the remote system as the value for the variable USER when
connecting to the remote system, if the remote system understands the
ENVIRON option. This option can also be used with the open command.
-n trace_file
Records network trace information in the file specified by trace_file.
-x Encrypts the data transmitted between the local host and the remote
host. This option requires that the local and remote hosts be
configured to use Kerberos authentication in the same or trusting
Kerberos realms.
DESCRIPTION
The telnet command is the interface to the TELNET protocol. The TELNET
protcol allows remote login to other hosts.
The telnet command uses the Transmission Control Protocol/Internet Protocol
(TCP/IP) to communicate with other hosts in the network.
The telnet command operates in two different modes: command mode and input
mode. When issued without arguments, telnet enters command mode, as
indicated by the telnet> prompt. Command mode can also be entered by
typing the telnet Escape character (initially ^]). When in command mode,
the normal terminal editing conventions are available.
In command mode, the subcommands listed in the SUBCOMMANDS section can be
entered. Some of these subcommands return you to the remote session upon
completion. For those that do not, pressing <Return> returns you to the
remote session.
If the telnet command is entered with arguments, it performs an open
subcommand with those arguments, then enters input mode. Once a connection
is opened, telnet attempts to enable the TELNET LINEMODE option. If this
fails, telnet reverts to one of two input modes: either character-at-a-time
or old line-by-line mode, depending on what the remote system supports.
When LINEMODE is enabled, character processing is done on the local system,
under the control of the remote system. When input editing or character
echoing is to be disabled, the remote system relays that information. The
remote system also relays changes to any special characters that happen on
the remote system, so that they can take effect on the local system.
In character-at-a-time mode, most text typed is immediately sent to the
remote host for processing.
In old line-by-line mode, all text is echoed locally, and (in most cases)
only completed lines are sent to the remote host. The local echo character
(initially ^E) can be used to turn off and on the local echo (this would
mostly be used to enter passwords without the password being echoed).
If the LINEMODE option is enabled, or if the localchars toggle is true (the
default for old line-by-line; see below), the user's quit, intr, and flush
characters are trapped locally, and sent as TELNET protocol sequences to
the remote side. If LINEMODE has ever been enabled, then the user's susp
and eof are also sent as TELNET protocol sequences, and quit is sent as a
TELNET ABORT instead of BRK. There are options (see toggle autoflush and
toggle autosynch below) that cause this action to flush subsequent output
to the terminal (until the remote host acknowledges the TELNET sequence)
and flush previous terminal input (in the case of quit and intr).
The telnet command uses the default Type-of-Service value recommended by
RFC 1060, which is as follows:
telnet Low delay
You can configure this value by specifying it in the /etc/iptos file. For
more information, see iptos(4).
The way in which the remote host authenticates a user and transmits data
depends on if the local and remote hosts are using a basic connection or a
secure connection (Kerberos or Secure Shell). Basic and secure connections
provide user authentication; however, a secure connection also provides
client and server authentication, data encryption, data integrity, and
nonrepudiation.
Basic Connection
A basic connection is one where the telnet command connects to the remote
host, then prompts for the username and password. The telnet command fails
if no password is defined at the remote host for the specified username.
Secure Connection
A secure connection is one where the telnet command connects to the remote
host by using either Kerberos or Secure Shell. Kerberos and Secure Shell
are client/server applications that authenticate the client, server, and
user; encrypt data; and ensure data integrity and nonrepudiation. See your
system administrator to determine if your system is running Kerberos or
Secure Shell software. See Security Administration for more information
about Kerberos and Secure Shell.
Kerberos
Kerberos authenticates by using secret-key cryptography and tickets between
Kerberos clients and Kerberos server in the same or trusting Kerberos
realms. Once authenticated by Kerberos, users receive a Kerberos Ticket
Granting Ticket (TGT). Users with a valid TGT are not prompted for a
username or password when the remote host is in the same or trusting
Kerberos realm.
To use Kerberos to log in to a remote host, enter the telnet command with
the -f and -x options.
Secure Shell
Secure Shell authenticates by using passwords, host-based identification,
or public and private keys between Secure Shell clients and Secure Shell
servers.
By default, the telnet command will use Kerberos (with a valid TGT) when a
system is configured to use both Kerberos and Secure Shell.
To use Secure Shell to log into a remote host, enter the Secure Shell ssh2
(or ssh) command instead of the telnet command. The ssh2 command provides
the same functionality as the telnet command over a secure connection. See
ssh2(1) for more information on using the Secure Shell ssh2 command.
After it is determined that Secure Shell will be used, all authentication
and communication between the client and server will use the Secure Shell
connection. A connection is not established if a user cannot be
authenticated.
SUBCOMMANDS
For each of the subcommands in the following list, you only need to type
enough letters to uniquely identify the command. (For example, q is
sufficient for the quit subcommand.) This is also true for the arguments to
the mode, set, toggle, unset, slc, and display commands.
The subcommands for telnet are as follows:
? [subcommand]
Requests help on telnet. Without arguments, telnet prints a help
summary. If a subcommand is specified, telnet prints help information
for just that subcommand.
close
Closes the telnet connection and returns to command mode.
display [argument]
Displays all of the set and toggle values if no argument is specified;
otherwise, lists only those values that match argument.
environ argument ...
Manipulates the variables that can be sent through the telnet ENVIRON
option. The initial set of variables is taken from the user's
environment, with only the USER and DISPLAY variables being exported.
Valid arguments for the environ subcommand are as follows:
define variable value
Defines variable to have the specified value. Any variables
defined by this command are automatically exported. value can be
enclosed in single or double quotes so that tabs and spaces can be
included.
undefine variable
Removes variable from the list of environment variables.
export variable
Marks variable to be exported to the remote side.
unexport variable
Marks variable to not be exported unless explicitly asked for by
the remote side.
list
Lists the current set of environment variables. Those marked with
an * (asterisk) are sent automatically; other variables are sent
only if explicitly requested.
mode type
The type option is one of several options, depending on the state of
the TELNET session. The remote host is asked for permission to go into
the requested mode. If the remote host is capable of entering that
mode, the requested mode is entered.
? Prints out help information for the mode command.
character
Disables the LINEMODE option, or, if the remote side does not
understand the LINEMODE option, enters character-at-a-time mode.
line
Enables the LINEMODE option, or, if the remote side does not
understand the LINEMODE option, then attempts to enter old line-
by-line mode.
isig (-isig)
Attempts to enable (disable) the TRAPSIG mode of the LINEMODE
option. This requires that the LINEMODE option be enabled.
edit (-edit)
Attempts to enable (disable) the EDIT mode of the LINEMODE option.
This requires that the LINEMODE option be enabled.
softtabs (-softtabs)
Attempts to enable (disable) the SOFT_TAB mode of the LINEMODE
option. This requires that the LINEMODE option be enabled.
litecho (-litecho)
Attempts to enable (disable) the LIT_ECHO mode of the LINEMODE
option. This requires that the LINEMODE option be enabled.
open host [port]
Opens a connection to the specified host. The host specification can
be a hostname, an IPv4 address, an IPv6 address, or a source route.
See the SOURCE ROUTING section for information on source routing. If
no port is given, telnet attempts to contact a TELNET server at the
default port.
When connecting to a nonstandard port, telnet omits any automatic
initiation of TELNET options. When the port number is preceded by a -
(dash), the initial option negotiation is done. After establishing a
connection, the .telnetrc file in the user's home directory is opened.
Lines beginning with a # (number sign) are comment lines. Blank lines
are ignored. Lines that begin without empty spaces are the start of a
machine entry. The first thing on the line is the name of the machine
to which the user is connected. The rest of the line and successive
lines that begin with empty spaces are assumed to be telnet commands
and are processed as if they were typed in manually to the telnet>
command prompt.
quit
Closes a TELNET connection and exits telnet. An End-of-File in command
mode also closes the connection and exits.
send argument ...
Sends one or more arguments (special character sequences) to the remote
host. (Not all hosts will respond to all of these sequences.) Multiple
arguments are separated by spaces. The following arguments can be
used:
? Prints help information for the send subcommand.
abort
Sends the TELNET ABORT (Abort Processes) sequence.
ao Sends the TELNET AO (Abort Output) sequence, which causes the
remote host to flush all output from the remote system to the local
terminal.
ayt Sends the TELNET AYT (Are You There) sequence, to which the remote
system can respond.
brk Sends the TELNET BRK (Break) sequence, which might have
significance to the remote system.
ec Sends the TELNET EC (Erase Character) sequence, which causes the
remote host to erase the last character entered.
el Sends the TELNET EL (Erase Line) sequence, which causes the remote
system to erase the line currently being entered.
eof Sends the TELNET EOF (End-of-File) sequence.
eor Sends the TELNET EOR (End-of-Record) sequence.
escape
Sends the current TELNET Escape character (^] by default).
ga Sends the TELNET GA (Go Ahead) sequence, which provides the remote
system with a mechanism to signal the local system to return
control to the user.
getstatus
If the remote side supports the TELNET STATUS command, getstatus
sends the subnegotiation to request that the server send its
current option status.
ip Sends the TELNET IP (Interrupt Process) sequence, which causes the
remote system to terminate the currently running process.
nop Sends the TELNET NOP (No Operation) sequence.
susp
Sends the TELNET SUSP (Suspend Process) sequence.
synch
Sends the TELNET SYNC sequence, which causes the remote system to
discard all previously typed input that has not yet been read.
This sequence is sent as TCP urgent data.
set variable value
Sets a telnet variable to the specified value or to true. The off
special value turns off the function associated with the variable name
entered; this is equivalent to using the unset command. The unset
command disables or sets to false any of the specified functions. The
values of variables can be queried with the display subcommand. The
variables that can be set or unset, but not toggled, are listed here.
In addition, any of the variables for the toggle subcommand can be
explicitly set or unset by using the set and unset commands.
? Displays the legal set (unset) commands.
echo
Toggles between enabling and suppressing local echo of entered
characters. Local echo is used for normal processing, while
suppressing the echo is used for entering text that should not
appear on the display, such as passwords. This variable is
initially ^E, and can only be used in line-by-line mode.
eof Defines the End-of-File character for telnet. When telnet is in
line-by-line mode, entering the eof character as the first
character on a line sends the character to the remote host. The
initial value for the eof character is the local terminal's End-
of-File character.
erase
Defines the erase character for telnet. When telnet is in
character-at-a-time mode and localchars is true, typing the erase
character sends the TELNET EC sequence to the remote host. The
initial value for the erase character is the local terminal's erase
character.
escape
Specifies the telnet escape character (initially ^]), which puts
telnet into command mode when connected to a remote host.
flushoutput
Defines the flush character for telnet. When localchars is true,
typing the flushoutput character sends the TELNET AO sequence to
the remote host. The initial value for the flush character is the
terminal's flush character.
forw1
forw2
Defines alternate end-of-line character.
interrupt
Defines the interrupt character for telnet. When localchars is
true, typing the interrupt character sends the TELNET IP sequence
to the remote host. The initial value for the interrupt character
is the local terminal's interrupt character.
kill
Defines the kill character for telnet. When telnet is in
character-at-a-time mode and localchars is true, typing the kill
character sends the TELNET EL sequence to the remote host. The
initial value for the kill character is the local terminal's kill
character.
lnext
Defines the lnext (literal next) character for telnet. If telnet is
operating in old line-by-line mode and localchars is true, this
character is taken to be the terminal's lnext character. The
initial value for the lnext character is the local terminal's lnext
character.
quit
Defines the quit character for telnet. When localchars is true,
typing the quit character sends the TELNET BRK sequence to the
remote host. The initial value for the quit character is the local
terminal's quit character.
reprint
Defines the terminal's reprint character, if telnet is operating in
LINEMODE or old line-by-line mode. The initial value for the
reprint character is the terminal's reprint character.
start
Defines the terminal's start character, if the TELNET TOGGLE-FLOW-
CONTROL option was enabled. The initial value for the start
character is the terminal's start character.
stop
Defines the terminal's stop character, if the TELNET TOGGLE-FLOW-
CONTROL option was enabled. The initial value for the stop
character is the terminal's stop character.
susp
Sends a TELNET SUSP sequence (see send susp) to the remote host, if
telnet is in localchars mode, or LINEMODE is enabled, and the
suspend character is typed. The initial value for the suspend
character is the terminal's suspend character.
tracefile
Specifies the file to which the output, caused by netdata or option
tracing being true, is written. If it is set to a - (dash), then
tracing information is written to standard output (the default).
worderase
Defines the terminal's worderase character, if telnet is operating
in LINEMODE or old line-by-line mode. The initial value for the
worderase character is taken to be the terminal's worderase
character.
slc state
Sets or changes the state of the special characters when the TELNET
LINEMODE option is enabled (Set Local Characters). Special characters
are characters that get mapped to TELNET commands sequences (like ip or
quit) or line editing characters (like erase and kill). By default, the
local special characters are exported.
export
Switches to the local defaults for the special characters. The
local default characters are those of the local terminal at the
time when telnet was started.
import
Switches to the remote defaults for the special characters. The
remote default characters are those of the remote system at the
time when the TELNET connection was established.
check
Verifies the current settings for the current special characters.
The remote side is requested to send all the current special
character settings, and if there are any discrepancies with the
local side, the local side switches to the remote value.
? Prints out help information for the slc command.
status
Shows the current status of telnet. This includes the host to which
you are connected, as well as the current mode.
toggle argument ...
Toggles one or more arguments that control how telnet responds to
events. Possible values are true and false. These options can be
explicitly set to true or false with the set and unset subcommands.
Multiple arguments are separated by spaces. The display subcommand can
be used to query the current setting of each argument.
The following arguments can be used:
? Displays valid arguments to toggle.
autoflush
If autoflush and localchars are both true and the AO, interrupt,
and quit characters are recognized and transformed into TELNET
sequences, telnet does not display any data on the user's terminal
until the remote system acknowledges (with a TELNET timing mark
option) that it has processed those TELNET sequences. The initial
value of autoflush is true if the terminal has not done an stty
noflsh, and false if it has.
autosynch
If autosynch and localchars are both true, then typing the
interrupt or quit character sends that character's TELNET sequence,
followed by the TELNET SYNC sequence. This procedure causes the
remote host to discard all previously typed input until both of the
telnet sequences are read and acted upon. The initial value of
this toggle is false.
binary
Enables or disables the TELNET BINARY option on both input and
output.
inbinary
Enables or disables the TELNET BINARY option on input.
outbinary
Enables or disables the TELNET BINARY option on output.
crlf
Toggles carriage-return feature. When true, carriage-returns are
sent as carriage-return/linefeed. When false, carriage-returns are
sent as carriage-return/NULL. The initial value for this toggle is
false.
crmod
Toggles carriage-return mode. When set to true, most carriage-
return characters received from the remote host are mapped into a
carriage-return followed by a linefeed. This mode does not affect
the characters typed by the user, only those received from the
remote host. This mode is useful when the remote host sends only a
carriage-return and not a linefeed. The initial value of this
toggle is false.
debug
Toggles debugging at the socket level. This argument can only be
entered by a user with superuser privileges. The initial value of
this toggle is false.
localchars
Determines the handling of telnet special characters. When this
value is true, the erase, flush, interrupt, kill, and quit
characters are recognized locally and transformed into the
appropriate TELNET control sequences (EC, AO, IP, BRK, and EL,
respectively). When this value is false, these special characters
are sent to the remote host as literal characters. The initial
value of localchars is true in line-by-line mode and false in
character-at-a-time mode.
When the LINEMODE option is enabled, the value of localchars is
ignored, and assumed to always be true. If LINEMODE has ever been
enabled, quit is sent as abort, and eof and suspend are sent as eof
and susp (see the send subcommand).
netdata
Toggles the display of all network data (in hexadecimal format).
The data is written to standard output unless a trace_file is
specified with the -n option on the telnet command line. The
initial value of this toggle is false.
options
Toggles the display of internal TELNET protocol processing options,
such as terminal negotiation and local or remote echo of
characters. The initial value of this toggle is false, indicating
that the current options are not displayed.
prettydump
When the netdata toggle is enabled and prettydump is also enabled,
the output from the netdata toggle appears in a more readable
format. Spaces are placed between the characters in the output,
and the beginning of any TELNET escape sequence is preceded by an *
(asterisk) to aid in locating it.
termdata
Toggles printing of hexadecimal terminal data (used for debugging).
z Suspends TELNET execution and returns you to your original login shell.
This subcommand works only when you are using csh or ksh.
SOURCE ROUTING
You can specify a source route to a destination system in either command
mode or input mode by using the following syntax for host:
[!]@hop@hop@hop...@host [-V {4|6}]
Each hop can be an IPv4 address, IPv6 address, or host name. If you use
addresses, you must use the same address type for each hop (either all IPv4
addresses or all IPv6 addresses).
There are two type of source routes: strict and loose. A strict source
route is one that does not do any other lookups, and uses only the
specified hosts as routes. The optional exclamation (!) character
preceding a source route indicates a strict source route. Strict source
routes are not supported in IPv6.
Loose source routes (those specified without ! character), try to use the
specified route as best as it can. However, in some instances an
intermediate gateway may be used.
The following is an example of a strict source route. In this example,
packets are sent to host1, which will then forward them to host2. Both
host1 and host2 must have a direct link, otherwise the connection will be
refused.
!@host1@host2
The following is an example of a loose source route. In this example,
host1 and host2 do not have to have a direct link, and may have a gateway
or a router between them.
@host1@host2
If the user specifies actual host names, telnet decides which protocol to
use as follows:
______________________________________________
If any host has: telnet uses this protocol:
______________________________________________
IPv6 address only IPv6
IPv4 address only IPv4
______________________________________________
If all hosts have both IPv4 and IPv6 address, telnet will use IPv6.
You can also modify which protocol is used with the -V option. The -V
option is only used in conjunction with a source route and must follow the
source route.
If you use the -V option and the option contradicts the outcome of the
telnet protocol selection, telnet prints an error. If all hosts have both
IPv4 and IPv6 addresses, and you specify -V4, telnet will use IPv4.
NOTES
1. On some remote systems, echo has to be turned off manually when in old
line-by-line mode.
2. In old line-by-line mode or LINEMODE, the terminal's End-of-File
character is only recognized (and sent to the remote system) when it
is the first character on a line.
EXAMPLES
1. To log in to host1 and do terminal type negotiation, enter:
telnet host1
Information similar to the following is displayed on your screen:
Trying ...
Connected to host1
Escape character is ^]
login: _
2. To log in to remote host host3 and then check the status of the telnet
program, enter:
$ telnet host3
Trying ...
Connected to host3
Escape character is ^]
login: _
Enter your login ID and password when you are prompted to do so. Press
^] to receive the telnet> prompt. Enter the status subcommand at the
prompt. Information similar to the following is then displayed on
your screen:
Connected to host3.
Operating in single character mode.
Escape character is '^]'.
_ Press <Return>
$_
Upon completion of the status subcommand, you must press <Return> to
return to the remote prompt.
The following examples use Kerberos. The local host and the remote host
host2 are in the same Kerberos realm.
1. To log into the remote host over an encrypted connection, enter:
$ telnet -x host2
You are not prompted for a password if both hosts are in the same or
trusting realm and you have a valid TGT.
2. To log in and forward your Kerberos ticket to the remote host, enter:
$ telnet -f host2
You are not prompted for a password if both hosts are in the same or
trusting realm and you have a valid TGT.
FILES
~/.telnetrc
User-customized telnet startup values.
SEE ALSO
Commands: env(1), kdestroy(1), kinit(1), klist(1), printenv(1), rexecd(8),
rlogin(1), rsh(1), ssh2(1), telnetd(8)
Files: iptos(4)
Guides: Security Administration
|
Index for
Section 1 |
|
|
Alphabetical
listing for T |
|
 |
Top of
page |
|