Jump to content United States-English
HP.com Home Products and Services Support and Drivers Solutions How to Buy
» Contact HP
More options
HP.com home
 HP-UX Reference > T

telnetd(1M)

HP-UX 11i Version 3: February 2007
» 

Technical documentation

» Feedback
Content starts here

 » Table of Contents

 » Index

spacerspacerspacer
spacer
spacer
  		 
 

NAME

telnetd — TELNET protocol server

SYNOPSIS

/usr/lbin/telnetd [-A] [-a authmode] [-b [bannerfile]] [-e] [-f] [-n] [-s] [-t] [-y] [-z] [-TCP_DELAY]

DESCRIPTION

The telnetd daemon executes a server that supports the DARPA standard TELNET virtual terminal protocol. The Internet daemon (inetd) executes telnetd when it receives a service request at the port listed in the services database for telnet using the tcp protocol (see inetd(1M) and services(4)).

telnetd operates by allocating a Telnet pseudo-terminal device (see tels(7)) for a client, then creating a login process, which has the slave side of the Telnet pseudo-terminal as stdin, stdout, and stderr. telnetd manipulates the master side of the Telnet pseudo-terminal, implementing the TELNET protocol, and passing characters between the client and login process.

  • NOTE: telnetd no longer uses pty(7) devices; instead it uses special devices created for TELNET sessions only. For more information, see tels(7).

When a TELNET session is started up, telnetd sends TELNET options to the client side, indicating a willingness to do remote echo of characters, to suppress go ahead, and to receive terminal speed terminal type, and authentication (if kerberos is enabled) information from the remote client. If the remote client is ready, the remote terminal type is propagated in the environment of the created login process. The pseudo-terminal allocated to the client is configured as a normal terminal for login, with the exception of echoing characters (see tty(7)).

  • telnetd is willing to do: echo, binary, suppress go ahead, and timing mark.

  • telnetd is willing to have the remote client do: binary, flow control, terminal speed, terminal type, suppress go ahead and authentication (if kerberos is enabled).

The flow control option permits applications running on a remote host to toggle the flow control on the local host. To toggle flow control for a telnet session programmatically, the application program must first call the tcgetattr function to get the current termios settings. For example,

tcgetattr(filedes, &termios_p)

Then, the c_iflag of the termios structure must have IXON set(reset) to enable(disable) flow control.

Finally, the tcsetattr function call can implement the change. For example,

tcsetattr(filedes, TCSANOW, &termios_p)

To toggle the flow control interactively, the user can issue a stty command using the input options -ixon to disable, or ixon to enable flow control. See the stty(1) manpage.

The terminal speed option permits applications running on a remote host to obtain the terminal speed of the local host session using either ioctl or stty.

The telnet server also supports the TAC User ID (also known as the TAC Access Control System, or TACACS User ID) option using which, users telneting to two or more consenting hosts may avoid going through a second login sequence. See the -t option below.

To start telnetd from the Internet daemon, the configuration file /etc/inetd.conf must contain an entry as follows:

telnet stream tcp nowait root /usr/lbin/telnetd telnetd

The above configuration applies only for the IPv4 environment. For telnetd to work in the IPv6 environment, the configuration file /etc/inetd.conf must contain a tcp6 entry as follows:

  • telnet stream tcp6 nowait root /usr/lbin/telnetd telnetd

  • NOTE: The tcp entry has changed to tcp6 to work in the IPv6 environment.

telnet uses the same files as rlogin to verify participating systems and authorized users, hosts.equiv and .rhosts. (See hosts.equiv(4) and the HP-UX System Administrator's Guide for configuration details.)

Options

telnetd has the following options.

-b [bannerfile]

Specify a file containing a custom banner. This option overrides the standard telnetd login banner. For example, to use /etc/issue as the login banner, have inetd start telnetd with the following lines in /etc/inetd.conf (\ provides line continuation):

telnet stream tcp nowait root /usr/lbin/telnetd \ telnetd -b/etc/issue

To work in the IPv6 environment, the entry in /etc/inetd.conf would be:

telnet stream tcp6 nowait root /usr/lbin/telnetd \ telnetd -b/etc/issue

NOTE: tcp has changed to tcp6 for IPv6.

If bannerfile is not specified, telnetd does not print a login banner.

-e

Invoke login with all the environment variables passed to telnetd.

-n

Set the time-out value for the initial option negotiation in the /etc/inetd.conf file as:

telnet stream tcp nowait root /usr/lbin/telnetd \ telnetd -n240

This option informs telnetd how long it should wait before timing out and exiting if it does not receive either a positive or negative reply for any of the initial option negotiations. The time-out value is measured in seconds. This option is set with integer values. The values range between 1 and 21474836. The default value is 120 seconds.

There should not be any space between the -n option and the time-out value. For example, -n240.

To work in the IPv6 environment, the entry in /etc/inetd.conf would be:

telnet stream tcp6 nowait root /usr/lbin/telnetd \ telnetd -n240

NOTE: tcp has changed to tcp6 for IPv6.

-s

This option allows users to set the BUFFERSIZE value. This option, when set, informs telnetd the number of user bytes to concatenate before sending to TCP. This option is set with integer values. There is no specified default.

-t

Enable the TAC User ID option. The system administrator can enable the TAC User ID option on servers designated as participating hosts by having inetd start telnetd with the -t option in /etc/inetd.conf:

telnet stream tcp nowait root /usr/lbin/telnetd telnetd -t

To enable the TAC User ID option for IPv6, users must have inetd start telnetd with the -t option in /etc/inetd.conf as shown below:

telnet stream tcp6 nowait root /usr/lbin/telnetd telnetd -t

NOTE: tcp has changed to tcp6 for IPv6.

In order to make the TAC User ID option work as specified, the system administrator must assign to all authorized users of the option the same login name and unique user ID (UUID) on every participating system to which they are allowed TAC User ID access. These same UUIDs should not be assigned to non-authorized users.

Users cannot use the feature on systems where their local and remote UUIDs differ, but they can always use the normal telnet login sequence. Also, there may be a potential security breach where a user with one UUID may be able to gain entry to participating systems and accounts where that UUID is assigned to someone else, unless the above restrictions are followed.

A typical configuration may consist of one or more secure front-end systems and a network of participating hosts. Users who have successfully logged onto the front-end system may telnet directly to any participating system without being prompted for another login.

-y

Set the behavior for stty 0 to instruct telnetd to close the connection on the shell command stty 0 or whenever the telnet client communicates with telnetd to arrive upon 0 baud rate for TELOPT_TERMSPEED.

-z

This option allows users to set the BUFFERTIMEOUT value. This option, when set, informs telnetd how long it should wait before timing out and flushing the concatenated user data to TCP. Note that the TIMEOUT value is measured in clock ticks (10 ms) and not in seconds. This option is set with integer values. There is no specified default.

-TCP_DELAY

This option allows the users to disable the TCP_NODELAY socket option. When telnetd is invoked with this option, small writes over telnetd may concatenate at the tcp level so that larger tcp packets are sent to the client at less frequent intervals.

NOTE: Using the -TCP_DELAY option with the -z and -s options is not recommended.

To configure telnetd to use the -TCP_DELAY option, the entry in /etc/inetd.conf would be:

telnet stream tcp nowait root /usr/lbin/telnetd telnetd -TCP_DELAY

To work in the IPv6 environment using the -TCP_DELAY option, the entry in /etc/inetd.conf would be:

telnet stream tcp6 nowait root /usr/lbin/telnetd telnetd -TCP_DELAY

  • NOTE: tcp has changed to tcp6 for IPv6.

To configure telnetd to have a BUFFERSIZE of 100 bytes and a BUFFERTIMEOUT of 100 ticks, the entry in /etc/inetd.conf would be:

telnet stream tcp nowait root /usr/lbin/telnetd telnetd -s100 -z100

To work in the IPv6 environment, the entry in /etc/inetd.conf would be:

telnet stream tcp6 nowait root /usr/lbin/telnetd telnetd -s100 -z100

  • NOTE: tcp has changed to tcp6 for IPv6.

Kerberos-specific Options

In Kerberos mode, inetd can start telnetd with the following lines in /etc/inetd.conf:

telnet stream tcp nowait root /usr/lbin/telnetd telnetd -A

or

telnet stream tcp nowait root /usr/lbin/telnetd telnetd -a valid

The -A option is used to ensure that non-secure systems are denied access to the server. It overrides any value specified with the -a option except when authmode is debug. See the sis(5) manpage.

The -a authmode option specifies what mode is to be used for Kerberos authentication. See the sis(5) manpage. Values for authmode are:

debug

Activates authentication debugging.

valid

Default value. Only allows connections when the remote user can provide valid Kerberos authentication information and is authorized to access the specified account.

none

Authentication information is not required. If no or insufficient Kerberos authentication information is provided, the login program provides the necessary user verification. See the login(1) manpage.

The -f option instructs telnetd to use the normal authentication mode whenever the telnet client communicates NULL type in the authentication option negotiation.

By default, the telnet server provides remote execution facilities with authentication based on Kerberos V5. See the sis(5) manpage.

DIAGNOSTICS

If any error is encountered by telnetd in establishing the connection, an error message is returned through the connection, after which the connection is closed and the server exits. Any errors generated by the login process or its descendents are passed through as ordinary data.

The following diagnostic messages are displayed by telnetd:

unable to allocate Telnet device

The server was unable to obtain a Telnet pseudo-terminal for use with the login process. Either all Telnet pseudo-terminals were in use or the telm driver has not been properly set up (see tels(7)).

Next step: Check the Telnet pseudo driver configuration of the host where telnetd is executing.

fork: No more processes

telnetd was unable to fork a process to handle the incoming connection.

Next step: Wait a period of time and try again. If this message persists, the server's host may have runaway processes that are using all the entries in the process table.

/usr/bin/login: ...

The login program could not be started via exec*() for the reason indicated (see exec(2)).

WARNINGS

The terminal type name received from the remote client is converted to lowercase.

telnetd never sends TELNET go ahead commands.

AUTHOR

telnetd was developed by the University of California, Berkeley.

SEE ALSO

login(1), rlogin(1), stty(1), telnet(1), inetd(1M), inetsvcs_sec(1M), exec(2), ioctl(2), hosts(4), hosts.equiv(4), inetd.conf(4), inetd.sec(4), services(4), sis(5), pty(7), tels(7), tty(7).

DOD MIL_STD 1782.

RFC 854 for the TELNET protocol specification.



tcpd
  		 


tftpd  
Printable version
Privacy statement Using this site means you accept its terms Feedback to webmaster
© 1983-2007 Hewlett-Packard Development Company, L.P.