1 .\" $NetBSD: telnet.1,v 1.33 2012/04/08 22:00:39 wiz Exp $
3 .\" Copyright (c) 1983, 1990, 1993
4 .\" The Regents of the University of California. All rights reserved.
6 .\" Redistribution and use in source and binary forms, with or without
7 .\" modification, are permitted provided that the following conditions
9 .\" 1. Redistributions of source code must retain the above copyright
10 .\" notice, this list of conditions and the following disclaimer.
11 .\" 2. Redistributions in binary form must reproduce the above copyright
12 .\" notice, this list of conditions and the following disclaimer in the
13 .\" documentation and/or other materials provided with the distribution.
14 .\" 3. Neither the name of the University nor the names of its contributors
15 .\" may be used to endorse or promote products derived from this software
16 .\" without specific prior written permission.
18 .\" THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
19 .\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
20 .\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
21 .\" ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
22 .\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
23 .\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
24 .\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
25 .\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
26 .\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
27 .\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
30 .\" from: @(#)telnet.1 8.4 (Berkeley) 2/3/94
37 .Nd user interface to the
43 .Op Fl e Ar escapechar
58 is used to communicate with another host using the
63 is invoked without the
65 argument, it enters command mode,
66 indicated by its prompt
67 .Pq Nm telnet\&\*[Gt] .
68 In this mode, it accepts and executes the commands listed below.
69 If it is invoked with arguments, it performs an
71 command with those arguments.
74 .Bl -tag -width indent
78 to use IPv4 addresses only.
82 to use IPv6 addresses only.
84 Specifies an 8-bit data path.
85 This causes an attempt to
88 option on both input and output.
90 Stops any character from being recognized as an escape character.
92 If Kerberos V5 authentication is being used, the
94 option allows the local credentials to be forwarded
95 to the remote system, including any credentials that
96 have already been forwarded into the local environment.
98 Specifies no automatic login to the remote system.
100 Specifies an 8-bit data path on output.
102 BINARY option to be negotiated on output.
104 Numeric host address.
105 No attempt will be made to look up
106 symbolic names for host addresses.
108 Sets the IP type-of-service (TOS) option for the telnet
109 connection to the value
111 which can be a numeric TOS value
112 or, on systems that support it, a symbolic
113 TOS name found in the /etc/iptos file.
117 type of authentication.
119 Attempt automatic login.
120 Currently, this sends the user name via the
125 option if supported by the remote system.
126 The name used is that of the current user as returned by
128 if it agrees with the current user ID,
129 otherwise it is the name associated with the user ID.
131 Disables the reading of the user's
136 command on this man page.)
138 Sets the initial value of the
142 .It Fl e Ar escape char
150 there will be no escape character.
152 If Kerberos V5 authentication is being used, the
154 option allows the local credentials to be forwarded to the remote system.
156 If Kerberos authentication is being used, the
158 option requests that telnet obtain tickets for the remote host in
161 instead of the remote host's realm, as determined by
162 .Xr krb_realmofhost 3 .
164 When connecting to the remote system, if the remote system
169 will be sent to the remote system as the value for the variable USER.
170 This option implies the
173 This option may also be used with the
176 .It Fl n Ar tracefile
179 for recording trace information.
184 Use IPsec policy specification string
188 .Xr ipsec_set_policy 3
191 Specifies a user interface similar to
194 mode, the escape character is set to the tilde (~) character,
195 unless modified by the
199 Turns on encryption of the data stream if possible.
201 option is not available outside of the United States and
204 Indicates the official name, an alias, or the Internet address
207 Indicates a port number (address of an application).
209 not specified, the default
214 When in rlogin mode, a line of the form ~.
216 remote host; ~ is the telnet escape character.
217 Similarly, the line ~^Z suspends the telnet session.
218 The line ~^] escapes to the normal telnet escape prompt.
220 Once a connection has been opened,
222 will attempt to enable the
227 will revert to one of two input modes:
228 either \*(Lqcharacter at a time\*(Rq
229 or \*(Lqold line by line\*(Rq
230 depending on what the remote system supports.
234 is enabled, character processing is done on the
235 local system, under the control of the remote system.
237 editing or character echoing is to be disabled, the remote system
238 will relay that information.
239 The remote system will also relay
240 changes to any special characters that happen on the remote
241 system, so that they can take effect on the local system.
243 In \*(Lqcharacter at a time\*(Rq mode, most
244 text typed is immediately sent to the remote host for processing.
246 In \*(Lqold line by line\*(Rq mode, all text is echoed locally,
247 and (normally) only completed lines are sent to the remote host.
248 The \*(Lqlocal echo character\*(Rq (initially \*(Lq^E\*(Rq) may be used
249 to turn off and on the local echo
250 (this would mostly be used to enter passwords
251 without the password being echoed).
255 option is enabled, or if the
259 (the default for \*(Lqold line by line\*(Lq; see below),
265 characters are trapped locally, and sent as
267 protocol sequences to the remote side.
270 has ever been enabled, then the user's
283 There are options (see
290 which cause this action to flush subsequent output to the terminal
291 (until the remote host acknowledges the
293 sequence) and flush previous terminal input
299 While connected to a remote host,
301 command mode may be entered by typing the
303 \*(Lqescape character\*(Rq (initially \*(Lq^]\*(Rq).
304 When in command mode, the normal terminal editing conventions are available.
308 commands are available.
309 Only enough of each command to uniquely identify it need be typed
310 (this is also true for arguments to the
321 .Bl -tag -width "mode type"
322 .It Ic auth Ar argument ...
323 The auth command manipulates the information sent through the
324 .Dv TELNET AUTHENTICATE
326 Valid arguments for the
327 auth command are as follows:
328 .Bl -tag -width "disable type"
329 .It Ic disable Ar type
330 Disables the specified type of authentication.
331 To obtain a list of available types, use the
334 .It Ic enable Ar type
335 Enables the specified type of authentication.
336 To obtain a list of available types, use the
340 Lists the current status of the various types of
346 session and return to command mode.
347 .It Ic display Ar argument ...
348 Displays all, or some, of the
353 .It Ic encrypt Ar argument ...
354 The encrypt command manipulates the information sent through the
358 Note: Because of export controls, the
360 option is not supported outside of the United States and Canada.
362 Valid arguments for the encrypt command are:
364 .It Ic disable Ar type Ic [input|output]
365 Disables the specified type of encryption.
366 If you omit the input and output, both input and output
368 To obtain a list of available types, use the
369 .Ic encrypt disable \&?
371 .It Ic enable Ar type Ic [input|output]
372 Enables the specified type of encryption.
373 If you omit input and output, both input and output are
375 To obtain a list of available types, use the
376 .Ic encrypt enable \&?
379 This is the same as the
380 .Ic encrypt start input
383 This is the same as the
384 .Ic encrypt stop input
387 This is the same as the
388 .Ic encrypt start output
391 This is the same as the
392 .Ic encrypt stop output
394 .It Ic start Ic [input|output]
395 Attempts to start encryption.
400 both input and output are enabled.
401 To obtain a list of available types, use the
402 .Ic encrypt enable \&?
405 Lists the current status of encryption.
406 .It Ic stop Ic [input|output]
408 If you omit input and output,
409 encryption is on both input and output.
411 Sets the default type of encryption to be used
418 .It Ic environ Ar arguments ...
421 command is used to manipulate the
422 variables that may be sent through the
425 The initial set of variables is taken from the users
426 environment, with only the
430 variables being exported by default.
433 variable is also exported if the
439 Valid arguments for the
443 .It Ic define Ar variable value
448 Any variables defined by this command are automatically exported.
451 may be enclosed in single or double quotes so
452 that tabs and spaces may be included.
453 .It Ic undefine Ar variable
456 from the list of environment variables.
457 .It Ic export Ar variable
460 to be exported to the remote side.
461 .It Ic unexport Ar variable
464 to not be exported unless
465 explicitly asked for by the remote side.
467 List the current set of environment variables.
470 will be sent automatically,
471 other variables will only be sent if explicitly requested.
473 Prints out help information for the
480 option to the remote side.
481 This command is similar to a
483 command; however, if the remote side does not support the
485 option, nothing happens.
486 If, however, the remote side does support the
488 option, this command should cause the remote side to close the
491 If the remote side also supports the concept of
492 suspending a user's session for later reattachment,
493 the logout argument indicates that you
494 should terminate the session immediately.
497 is one of several options, depending on the state of the
500 The remote host is asked for permission to go into the requested mode.
501 If the remote host is capable of entering that mode, the requested
502 mode will be entered.
507 option, or, if the remote side does not understand the
509 option, then enter \*(Lqcharacter at a time\*(Lq mode.
513 option, or, if the remote side does not understand the
515 option, then attempt to enter \*(Lqold-line-by-line\*(Lq mode.
516 .It Ic isig Pq Ic \-isig
517 Attempt to enable (disable) the
522 This requires that the
525 .It Ic edit Pq Ic \-edit
526 Attempt to enable (disable) the
531 This requires that the
534 .It Ic softtabs Pq Ic \-softtabs
535 Attempt to enable (disable) the
540 This requires that the
543 .It Ic litecho Pq Ic \-litecho
544 Attempt to enable (disable) the
549 This requires that the
553 Prints out help information for the
557 .It Ic open Ar host Oo Fl l Ar user Oc Oo Fl a Oc Oo Oo \&- Oc Ns Ar port Oc
558 Open a connection to the named host.
562 will attempt to contact a
564 server at the default port.
565 The host specification may be either a host name (see
567 or an Internet address specified in the \*(Lqdot notation\*(Rq (see
571 option may be used to specify the user name
572 to be passed to the remote system via the
575 If a port is specified
577 omits any automatic initialisation of
580 When the port number is preceded by a minus sign,
581 the initial option negotiation is done.
583 After establishing a connection, the file
586 user's home directory is read.
587 Lines beginning with a # are
589 Blank lines are ignored.
591 without white space are the start of a machine entry.
592 The first thing on such a line is a string identifying the machine
593 that is being connected to.
594 It may be the hostname or numeric address specified as the argument
596 the canonical name of that string as determined by
600 indicating all hosts.
601 The rest of the line, and successive
602 lines that begin with white space are assumed to be
604 commands and are processed as if they had been typed
613 An end of file (in command mode) will also close a session and exit.
614 .It Ic send Ar arguments
615 Sends one or more special character sequences to the remote host.
616 The following are the arguments which may be specified
617 (more than one argument may be specified at a time):
619 .Bl -tag -width escape
629 (Abort Output) sequence, which should cause the remote system to flush
639 sequence, to which the remote system may or may not choose to respond.
643 (Break) sequence, which may have significance to the remote
649 sequence, which should cause the remote system to erase the last character
655 sequence, which should cause the remote system to erase the line currently
670 escape character (initially \*(Lq^\*(Rq).
675 sequence, which likely has no significance to the remote system.
677 If the remote side supports the
681 will send the subnegotiation to request that the server send
682 its current option status.
686 (Interrupt Process) sequence, which should cause the remote
687 system to abort the currently running process.
702 This sequence causes the remote system to discard all previously typed
703 (but not yet read) input.
704 This sequence is sent as
707 data (and may not work if the remote system is a
710 it doesn't work, a lower case \*(Lqr\*(Rq may be echoed on the terminal).
720 can be either a decimal number between 0 and 255,
721 or a symbolic name for a specific
729 to print out help information, including
730 a list of known symbolic names.
732 Prints out help information for the
736 .It Ic set Ar argument value
737 .It Ic unset Ar argument value
740 command will set any one of a number of
742 variables to a specific value or to
746 turns off the function associated with
747 the variable, this is equivalent to using the
752 command will disable or set to
754 any of the specified functions.
755 The values of variables may be interrogated with the
758 The variables which may be set or unset, but not toggled, are
760 In addition, any of the variables for the
762 command may be explicitly set or unset using
768 .Bl -tag -width escape
772 is in localchars mode, or
774 is enabled, and the status character is typed, a
778 above) is sent to the
780 The initial value for the "Are You There"
781 character is the terminal's status character.
783 This is the value (initially \*(Lq^E\*(Rq) which, when in
784 \*(Lqline by line\*(Rq mode, toggles between doing local echoing
785 of entered characters (for normal processing), and suppressing
786 echoing of entered characters (for entering, say, a password).
792 or \*(Lqold line by line\*(Rq mode, entering this character
793 as the first character on a line will cause this character to be
794 sent to the remote system.
795 The initial value of the eof character is taken to be the terminal's
810 is operating in \*(Lqcharacter at a time\*(Rq mode, then when this
811 character is typed, a
817 is sent to the remote system.
818 The initial value for the erase character is taken to be
825 escape character (initially \*(Lq^[\*(Rq) which causes entry
828 command mode (when connected to a remote system).
840 character is typed, a
846 is sent to the remote host.
847 The initial value for the flush character is taken to be
858 characters that, when typed, cause partial lines to be
859 forwarded to the remote system.
860 The initial value for
861 the forwarding characters are taken from the terminal's
862 eol and eol2 characters.
874 character is typed, a
880 is sent to the remote host.
881 The initial value for the interrupt character is taken to be
897 is operating in \*(Lqcharacter at a time\*(Rq mode, then when this
898 character is typed, a
904 is sent to the remote system.
905 The initial value for the kill character is taken to be
914 or \*(Lqold line by line\*(Lq mode, then this character is taken to
918 The initial value for the lnext character is taken to be
933 character is typed, a
939 is sent to the remote host.
940 The initial value for the quit character is taken to be
949 or \*(Lqold line by line\*(Lq mode, then this character is taken to
953 The initial value for the reprint character is taken to be
958 This is the rlogin escape character.
961 escape character is ignored unless it is
962 preceded by this character at the beginning of a line.
963 This character, at the beginning of a line followed by
964 a "." closes the connection; when followed by a ^Z it
968 The initial state is to
969 disable the rlogin escape character.
972 .Dv TELNET TOGGLE-FLOW-CONTROL
973 option has been enabled,
974 then this character is taken to
978 The initial value for the start character is taken to be
984 .Dv TELNET TOGGLE-FLOW-CONTROL
985 option has been enabled,
986 then this character is taken to
990 The initial value for the stop character is taken to be
1003 character is typed, a
1009 is sent to the remote host.
1010 The initial value for the suspend character is taken to be
1015 This is the file to which the output, caused by
1024 then tracing information will be written to standard output (the default).
1030 or \*(Lqold line by line\*(Lq mode, then this character is taken to
1034 The initial value for the worderase character is taken to be
1047 command (Set Local Characters) is used to set
1048 or change the state of the special
1053 Special characters are characters that get
1056 commands sequences (like
1060 or line editing characters (like
1064 By default, the local special characters are exported.
1067 Verify the current settings for the current special characters.
1068 The remote side is requested to send all the current special
1069 character settings, and if there are any discrepancies with
1070 the local side, the local side will switch to the remote value.
1072 Switch to the local defaults for the special characters.
1074 local default characters are those of the local terminal at
1079 Switch to the remote defaults for the special characters.
1080 The remote default characters are those of the remote system
1081 at the time when the
1083 connection was established.
1085 Prints out help information for the
1090 Show the current status of
1092 This includes the peer one is connected to, as well
1093 as the current mode.
1094 .It Ic toggle Ar arguments ...
1099 various flags that control how
1102 These flags may be set explicitly to
1110 commands listed above.
1111 More than one argument may be specified.
1112 The state of these flags may be interrogated with the
1115 Valid arguments are:
1118 Turns on debugging information for the authentication code.
1130 characters are recognized (and transformed into
1136 refuses to display any data on the user's terminal
1137 until the remote system acknowledges (via a
1138 .Dv TELNET TIMING MARK
1140 that it has processed those
1143 The initial value for this toggle is
1145 if the terminal user had not
1146 done an "stty noflsh", otherwise
1153 option is negotiated, by
1154 default the actual encryption (decryption) of the data
1155 stream does not start automatically.
1157 (autodecrypt) command states that encryption of the
1158 output (input) stream should be enabled as soon as
1161 Note: Because of export controls, the
1163 option is not supported outside the United States and Canada.
1165 If the remote side supports the
1166 .Dv TELNET AUTHENTICATION
1169 attempts to use it to perform automatic authentication.
1172 option is not supported, the user's login
1173 name are propagated through the
1176 This command is the same as specifying the
1188 then when either the
1192 characters is typed (see
1194 above for descriptions of the
1198 characters), the resulting
1200 sequence sent is followed by the
1205 cause the remote system to begin throwing away all previously
1206 typed input until both of the
1208 sequences have been read and acted upon.
1209 The initial value of this toggle is
1212 Enable or disable the
1214 option on both input and output.
1216 Enable or disable the
1220 Enable or disable the
1226 then carriage returns will be sent as
1227 .Li \*[Lt]CR\*[Gt]\*[Lt]LF\*[Gt] .
1230 then carriage returns will be send as
1231 .Li \*[Lt]CR\*[Gt]\*[Lt]NUL\*[Gt] .
1232 The initial value for this toggle is
1235 Toggle carriage return mode.
1236 When this mode is enabled, most carriage return characters received from
1237 the remote host will be mapped into a carriage return followed by
1239 This mode does not affect those characters typed by the user, only
1240 those received from the remote host.
1241 This mode is not very useful unless the remote host
1242 only sends carriage return, but never line feed.
1243 The initial value for this toggle is
1246 Toggles socket level debugging (useful only to the
1248 The initial value for this toggle is
1251 Turns on debugging information for the encryption code.
1264 above) are recognized locally, and transformed into (hopefully) appropriate
1277 The initial value for this toggle is
1279 in \*(Lqold line by line\*(Rq mode,
1282 in \*(Lqcharacter at a time\*(Rq mode.
1285 option is enabled, the value of
1287 is ignored, and assumed to always be
1291 has ever been enabled, then
1305 Toggles the display of all network data (in hexadecimal format).
1306 The initial value for this toggle is
1309 Toggles the display of some internal
1311 protocol processing (having to do with
1314 The initial value for this toggle is
1319 toggle is enabled, if
1321 is enabled the output from the
1323 command will be formatted in a more user readable format.
1324 Spaces are put between each character in the output, and the
1327 escape sequence is preceded by a '*' to aid in locating them.
1329 When the skiprc toggle is
1332 skips the reading of the
1334 file in the users home
1335 directory when connections are opened.
1337 value for this toggle is
1340 Toggles the display of all terminal data (in hexadecimal format).
1341 The initial value for this toggle is
1343 .It Ic verbose_encrypt
1349 prints out a message each time encryption is enabled or
1351 The initial value for this toggle is
1353 Note: Because of export controls, data encryption
1354 is not supported outside of the United States and Canada.
1363 This command only works when the user is using the
1365 .It Ic \&! Op Ar command
1366 Execute a single command in a subshell on the local
1370 is omitted, then an interactive
1371 subshell is invoked.
1372 .It Ic \&? Op Ar command
1376 prints a help summary.
1377 If a command is specified,
1379 will print the help information for just that command.
1389 environment variables.
1390 Other environment variables may be propagated
1391 to the other side via the
1395 .Bl -tag -width ~/.telnetrc -compact
1397 user customized telnet startup values
1404 IPsec support was added by WIDE/KAME project, in 1999.
1406 On some remote systems, echo has to be turned off manually when in
1407 \*(Lqold line by line\*(Rq mode.
1409 In \*(Lqold line by line\*(Rq mode or
1413 character is only recognized (and sent to the remote system)
1414 when it is the first character on a line.