 |
Index for
Section 8 |
|
 |
Alphabetical
listing for T |
|
 |
Bottom of
page |
|
telnetd(8)
NAME
telnetd - The DARPA telnet protocol server daemon
SYNOPSIS
telnetd [-debug | debug6 [port]] [-D modifier...] [-n] [-x] [-K] [-d auth |
enc]
OPTIONS
-debug|debug6 [port]
Starts telnetd manually, rather than through inetd, on alternate TCP
port number port (if specified). It either creates an IPv4 socket
(-debug) or IPv6 socket (-debug6).
-D modifier ...
Prints out debugging information. This allows telnetd to print out
debugging information to the connection, allowing the user to see what
telnetd is doing. Valid values for modifier are:
options Prints information about negotiation of telnet options.
report Prints the same information as options, along with additional
processing information.
netdata Displays the data stream received by telnetd.
ptydata Displays data written to the pty.
exercise
Not yet implemented.
-n Disables reverse lookups of remote host names. This option can prevent
login delays and timeouts in an environment where host name resolution
is sluggish.
-x Encrypts the data transmitted between the local host and the remote
host. This option requires that the local and remote hosts be
configured to use Kerberos authentication in the same or trusting
Kerberos realms.
-K Specifies that only Kerberos authenticated connections will be
accepted. This option requires that the local and remote hosts be
configured to use Kerberos authentication in the same or trusting
Kerberos realms.
-d [auth | enc]
Enables authentication (auth) or encryption (enc) debugging.
DESCRIPTION
The telnetd daemon is a server that supports the DARPA (Defense Advanced
Research Projects Agency) standard telnet virtual terminal protocol. The
telnetd daemon is invoked by the Internet server (see inetd(8)) normally
for requests to connect to the telnet port as indicated by the
/etc/services file (see services(4)). Either the -debug option (for IPv4
sockets) or -debug6 option (for IPv6 sockets) may be used, to start up
telnetd manually. If the daemon is started up this way, port may be
specified to run telnetd on an alternate TCP port number.
The telnetd daemon operates by allocating a pseudoterminal device (see
pty(7)) for a client, then creating a login process that has the slave side
of the pseudoterminal as stdin, stdout, and stderr. The telnetd daemon
manipulates the master side of the pseudo-terminal, implementing the telnet
protocol and passing characters between the remote client and the login
process.
When a telnet session is started up, telnetd sends telnet options to the
client side, indicating a willingness to do remote echo of characters, to
suppress go ahead, to do remote flow control, and to receive terminal type
information, terminal speed information, and window size information from
the remote client. If the remote client is willing, the remote terminal
type is propagated in the environment of the created login process. The
pseudoterminal allocated to the client is configured to operate in cooked
mode, and with XTABS and CRMOD enabled (see tty(7)).
The telnetd daemon is willing to do: echo, binary, suppress go ahead, and
timing mark. The telnetd daemon is willing to have the remote client do:
line mode, binary, terminal type, terminal speed, window size, toggle flow
control, environment, X display location, and suppress go ahead.
The telnetd daemon never sends telnet go ahead commands.
Note that binary mode has no common interpretation except between similar
operating systems (Unix-compatible systems in this case).
Note also that the terminal type name received from the remote client is
converted to lowercase.
The telnet command uses the default Type-of-Service value recommended by
RFC1060, which is as follows:
telnet
Low delay
You can configure this value by specifying it in the /etc/iptos file. For
more information, see iptos(4).
By default, the telnetd daemon starts the login dialog using the login
string specified in the message field of the /etc/gettydefs file. If you
want to use a customized banner, create an /etc/issue.net or /etc/issue
file. The telnetd daemon reads the file that exists and writes its contents
over a new telnet connection prior to starting the login dialog. If both
files exist, only the /etc/issue.net file is used.
SECURE CONNECTION
The telnetd daemon can use a secure connection. A secure connection is one
where the telnetd daemon authenticates a user by using Kerberos. Kerberos
is a client/server application that authenticate the client, server, and
user, encrypt data, and ensure data integrity and nonrepudiation. See your
system administrator to determine if your system is running Kerberos. See
Security Administration for more information about Kerberos.
Kerberos authenticates by using secret-key cryptography and tickets between
Kerberos clients and Kerberos server in the same or trusting Kerberos
realms. Once authenticated by Kerberos, users receive a Kerberos Ticket
Granting Ticket (TGT). Users with a valid TGT are not prompted for a
username or password when the remote host is in the same or trusting
Kerberos realm.
CAUTIONS
Some telnet commands are only partially implemented.
Because of bugs in the original 4.2BSD telnet command, telnetd performs
some dubious protocol exchanges to try to discover if the remote client is,
in fact, a 4.2BSD telnet.
FILES
/usr/sbin/telnetd
Specifies the command path.
/etc/issue.net
Specifies the path name for the network issue identification file.
/etc/issue
Specifies the path name for the issue identification file.
SEE ALSO
Commands: telnet(1)
Files: iptos(4), issue(4), issue.net(4)
Guides: Security Administration
|
Index for
Section 8 |
|
|
Alphabetical
listing for T |
|
 |
Top of
page |
|