telnet(1)telnet(1)NAMEtelnet - Logs into a remote host
SYNOPSIStelnet [-dfx] [-l username] [-n trace_file] [host] [port]
OPTIONS
Turns debugging mode on. Copies your Kerberos ticket from the local
host to the remote host to establish your Kerberos credentials on the
remote host. This option requires that the local and remote hosts be
configured to use Kerberos authentication in the same or trusting Ker‐
beros realms. The Kerberos ticket will remain on the remote host until
it either expires or it is explicitly destroyed. The -f option is
ignored when used with the -l option. Sends user to the remote system
as the value for the variable USER when connecting to the remote sys‐
tem, if the remote system understands the ENVIRON option. This option
can also be used with the open command. Records network trace informa‐
tion in the file specified by trace_file. Encrypts the data transmit‐
ted between the local host and the remote host. This option requires
that the local and remote hosts be configured to use Kerberos authenti‐
cation in the same or trusting Kerberos realms.
DESCRIPTION
The telnet command is the interface to the TELNET protocol. The TELNET
protcol allows remote login to other hosts.
The telnet command uses the Transmission Control Protocol/Internet Pro‐
tocol (TCP/IP) to communicate with other hosts in the network.
The telnet command operates in two different modes: command mode and
input mode. When issued without arguments, telnet enters command mode,
as indicated by the telnet> prompt. Command mode can also be entered
by typing the telnet Escape character (initially ^]). When in command
mode, the normal terminal editing conventions are available.
In command mode, the subcommands listed in the SUBCOMMANDS section can
be entered. Some of these subcommands return you to the remote session
upon completion. For those that do not, pressing <Return> returns you
to the remote session.
If the telnet command is entered with arguments, it performs an open
subcommand with those arguments, then enters input mode. Once a connec‐
tion is opened, telnet attempts to enable the TELNET LINEMODE option.
If this fails, telnet reverts to one of two input modes: either charac‐
ter-at-a-time or old line-by-line mode, depending on what the remote
system supports.
When LINEMODE is enabled, character processing is done on the local
system, under the control of the remote system. When input editing or
character echoing is to be disabled, the remote system relays that
information. The remote system also relays changes to any special
characters that happen on the remote system, so that they can take
effect on the local system.
In character-at-a-time mode, most text typed is immediately sent to the
remote host for processing.
In old line-by-line mode, all text is echoed locally, and (in most
cases) only completed lines are sent to the remote host. The local echo
character (initially ^E) can be used to turn off and on the local echo
(this would mostly be used to enter passwords without the password
being echoed).
If the LINEMODE option is enabled, or if the localchars toggle is true
(the default for old line-by-line; see below), the user's quit, intr,
and flush characters are trapped locally, and sent as TELNET protocol
sequences to the remote side. If LINEMODE has ever been enabled, then
the user's susp and eof are also sent as TELNET protocol sequences, and
quit is sent as a TELNET ABORT instead of BRK. There are options (see
toggle autoflush and toggle autosynch below) that cause this action to
flush subsequent output to the terminal (until the remote host acknowl‐
edges the TELNET sequence) and flush previous terminal input (in the
case of quit and intr).
The telnet command uses the default Type-of-Service value recommended
by RFC 1060, which is as follows: telnet Low delay
You can configure this value by specifying it in the /etc/iptos file.
For more information, see iptos(4).
The way in which the remote host authenticates a user and transmits
data depends on if the local and remote hosts are using a basic connec‐
tion or a secure connection (Kerberos or Secure Shell). Basic and
secure connections provide user authentication; however, a secure con‐
nection also provides client and server authentication, data encryp‐
tion, data integrity, and nonrepudiation.
Basic Connection
A basic connection is one where the telnet command connects to the
remote host, then prompts for the username and password. The telnet
command fails if no password is defined at the remote host for the
specified username.
Secure Connection
A secure connection is one where the telnet command connects to the
remote host by using either Kerberos or Secure Shell. Kerberos and
Secure Shell are client/server applications that authenticate the
client, server, and user; encrypt data; and ensure data integrity and
nonrepudiation. See your system administrator to determine if your
system is running Kerberos or Secure Shell software. See Security
Administration for more information about Kerberos and Secure Shell.
Kerberos
Kerberos authenticates by using secret-key cryptography and tickets
between Kerberos clients and Kerberos server in the same or trusting
Kerberos realms. Once authenticated by Kerberos, users receive a Ker‐
beros Ticket Granting Ticket (TGT). Users with a valid TGT are not
prompted for a username or password when the remote host is in the same
or trusting Kerberos realm.
To use Kerberos to log in to a remote host, enter the telnet command
with the -f and -x options.
Secure Shell
Secure Shell authenticates by using passwords, host-based identifica‐
tion, or public and private keys between Secure Shell clients and
Secure Shell servers.
By default, the telnet command will use Kerberos (with a valid TGT)
when a system is configured to use both Kerberos and Secure Shell.
To use Secure Shell to log into a remote host, enter the Secure Shell
ssh2 (or ssh) command instead of the telnet command. The ssh2 command
provides the same functionality as the telnet command over a secure
connection. See ssh2(1) for more information on using the Secure Shell
ssh2 command.
After it is determined that Secure Shell will be used, all authentica‐
tion and communication between the client and server will use the
Secure Shell connection. A connection is not established if a user can‐
not be authenticated.
SUBCOMMANDS
For each of the subcommands in the following list, you only need to
type enough letters to uniquely identify the command. (For example, q
is sufficient for the quit subcommand.) This is also true for the argu‐
ments to the mode, set, toggle, unset, slc, and display commands.
The subcommands for telnet are as follows: Requests help on telnet.
Without arguments, telnet prints a help summary. If a subcommand is
specified, telnet prints help information for just that subcommand.
Closes the telnet connection and returns to command mode. Displays all
of the set and toggle values if no argument is specified; otherwise,
lists only those values that match argument. Manipulates the variables
that can be sent through the telnet ENVIRON option. The initial set of
variables is taken from the user's environment, with only the USER and
DISPLAY variables being exported.
Valid arguments for the environ subcommand are as follows:
Defines variable to have the specified value. Any variables
defined by this command are automatically exported. value can
be enclosed in single or double quotes so that tabs and spaces
can be included. Removes variable from the list of environment
variables. Marks variable to be exported to the remote side.
Marks variable to not be exported unless explicitly asked for by
the remote side. Lists the current set of environment vari‐
ables. Those marked with an * (asterisk) are sent automati‐
cally; other variables are sent only if explicitly requested.
The type option is one of several options, depending on the
state of the TELNET session. The remote host is asked for per‐
mission to go into the requested mode. If the remote host is
capable of entering that mode, the requested mode is entered.
Prints out help information for the mode command. Disables the
LINEMODE option, or, if the remote side does not understand the
LINEMODE option, enters character-at-a-time mode. Enables the
LINEMODE option, or, if the remote side does not understand the
LINEMODE option, then attempts to enter old line-by-line mode.
Attempts to enable (disable) the TRAPSIG mode of the LINEMODE
option. This requires that the LINEMODE option be enabled.
Attempts to enable (disable) the EDIT mode of the LINEMODE
option. This requires that the LINEMODE option be enabled.
Attempts to enable (disable) the SOFT_TAB mode of the LINEMODE
option. This requires that the LINEMODE option be enabled.
Attempts to enable (disable) the LIT_ECHO mode of the LINEMODE
option. This requires that the LINEMODE option be enabled.
Opens a connection to the specified host. The host specifica‐
tion can be a hostname, an IPv4 address, an IPv6 address, or a
source route. See the SOURCE ROUTING section for information on
source routing. If no port is given, telnet attempts to contact
a TELNET server at the default port.
When connecting to a nonstandard port, telnet omits any auto‐
matic initiation of TELNET options. When the port number is
preceded by a - (dash), the initial option negotiation is done.
After establishing a connection, the file in the user's home
directory is opened.
Lines beginning with a # (number sign) are comment lines. Blank
lines are ignored. Lines that begin without empty spaces are
the start of a machine entry. The first thing on the line is
the name of the machine to which the user is connected. The
rest of the line and successive lines that begin with empty spa‐
ces are assumed to be telnet commands and are processed as if
they were typed in manually to the telnet> command prompt.
Closes a TELNET connection and exits telnet. An End-of-File in
command mode also closes the connection and exits. Sends one or
more arguments (special character sequences) to the remote host.
(Not all hosts will respond to all of these sequences.) Multi‐
ple arguments are separated by spaces. The following arguments
can be used: Prints help information for the send subcommand.
Sends the TELNET ABORT (Abort Processes) sequence. Sends the
TELNET AO (Abort Output) sequence, which causes the remote host
to flush all output from the remote system to the local termi‐
nal. Sends the TELNET AYT (Are You There) sequence, to which
the remote system can respond. Sends the TELNET BRK (Break)
sequence, which might have significance to the remote system.
Sends the TELNET EC (Erase Character) sequence, which causes the
remote host to erase the last character entered. Sends the TEL‐
NET EL (Erase Line) sequence, which causes the remote system to
erase the line currently being entered. Sends the TELNET EOF
(End-of-File) sequence. Sends the TELNET EOR (End-of-Record)
sequence. Sends the current TELNET Escape character (^] by
default). Sends the TELNET GA (Go Ahead) sequence, which pro‐
vides the remote system with a mechanism to signal the local
system to return control to the user. If the remote side sup‐
ports the TELNET STATUS command, getstatus sends the subnegotia‐
tion to request that the server send its current option status.
Sends the TELNET IP (Interrupt Process) sequence, which causes
the remote system to terminate the currently running process.
Sends the TELNET NOP (No Operation) sequence. Sends the TELNET
SUSP (Suspend Process) sequence. Sends the TELNET SYNC
sequence, which causes the remote system to discard all previ‐
ously typed input that has not yet been read. This sequence is
sent as TCP urgent data. Sets a telnet variable to the speci‐
fied value or to true. The off special value turns off the
function associated with the variable name entered; this is
equivalent to using the unset command. The unset command dis‐
ables or sets to false any of the specified functions. The val‐
ues of variables can be queried with the display subcommand.
The variables that can be set or unset, but not toggled, are
listed here. In addition, any of the variables for the toggle
subcommand can be explicitly set or unset by using the set and
unset commands. Displays the legal set (unset) commands. Tog‐
gles between enabling and suppressing local echo of entered
characters. Local echo is used for normal processing, while
suppressing the echo is used for entering text that should not
appear on the display, such as passwords. This variable is ini‐
tially ^E, and can only be used in line-by-line mode. Defines
the End-of-File character for telnet. When telnet is in line-
by-line mode, entering the eof character as the first character
on a line sends the character to the remote host. The initial
value for the eof character is the local terminal's End-of-File
character. Defines the erase character for telnet. When telnet
is in character-at-a-time mode and localchars is true, typing
the erase character sends the TELNET EC sequence to the remote
host. The initial value for the erase character is the local
terminal's erase character. Specifies the telnet escape charac‐
ter (initially ^]), which puts telnet into command mode when
connected to a remote host. Defines the flush character for
telnet. When localchars is true, typing the flushoutput charac‐
ter sends the TELNET AO sequence to the remote host. The initial
value for the flush character is the terminal's flush character.
Defines alternate end-of-line character. Defines the interrupt
character for telnet. When localchars is true, typing the
interrupt character sends the TELNET IP sequence to the remote
host. The initial value for the interrupt character is the local
terminal's interrupt character. Defines the kill character for
telnet. When telnet is in character-at-a-time mode and
localchars is true, typing the kill character sends the TELNET
EL sequence to the remote host. The initial value for the kill
character is the local terminal's kill character. Defines the
lnext (literal next) character for telnet. If telnet is operat‐
ing in old line-by-line mode and localchars is true, this char‐
acter is taken to be the terminal's lnext character. The initial
value for the lnext character is the local terminal's lnext
character. Defines the quit character for telnet. When
localchars is true, typing the quit character sends the TELNET
BRK sequence to the remote host. The initial value for the quit
character is the local terminal's quit character. Defines the
terminal's reprint character, if telnet is operating in LINEMODE
or old line-by-line mode. The initial value for the reprint
character is the terminal's reprint character. Defines the ter‐
minal's start character, if the TELNET TOGGLE-FLOW-CONTROL
option was enabled. The initial value for the start character
is the terminal's start character. Defines the terminal's stop
character, if the TELNET TOGGLE-FLOW-CONTROL option was enabled.
The initial value for the stop character is the terminal's stop
character. Sends a TELNET SUSP sequence (see send susp) to the
remote host, if telnet is in localchars mode, or LINEMODE is
enabled, and the suspend character is typed. The initial value
for the suspend character is the terminal's suspend character.
Specifies the file to which the output, caused by netdata or
option tracing being true, is written. If it is set to a -
(dash), then tracing information is written to standard output
(the default). Defines the terminal's worderase character, if
telnet is operating in LINEMODE or old line-by-line mode. The
initial value for the worderase character is taken to be the
terminal's worderase character. Sets or changes the state of
the special characters when the TELNET LINEMODE option is
enabled (Set Local Characters). Special characters are charac‐
ters that get mapped to TELNET commands sequences (like ip or
quit) or line editing characters (like erase and kill). By
default, the local special characters are exported. Switches to
the local defaults for the special characters. The local
default characters are those of the local terminal at the time
when telnet was started. Switches to the remote defaults for
the special characters. The remote default characters are those
of the remote system at the time when the TELNET connection was
established. Verifies the current settings for the current spe‐
cial characters. The remote side is requested to send all the
current special character settings, and if there are any dis‐
crepancies with the local side, the local side switches to the
remote value. Prints out help information for the slc command.
Shows the current status of telnet. This includes the host to
which you are connected, as well as the current mode. Toggles
one or more arguments that control how telnet responds to
events. Possible values are true and false. These options can
be explicitly set to true or false with the set and unset sub‐
commands. Multiple arguments are separated by spaces. The dis‐
play subcommand can be used to query the current setting of each
argument.
The following arguments can be used: Displays valid arguments to
toggle. If autoflush and localchars are both true and the AO,
interrupt, and quit characters are recognized and transformed
into TELNET sequences, telnet does not display any data on the
user's terminal until the remote system acknowledges (with a
TELNET timing mark option) that it has processed those TELNET
sequences. The initial value of autoflush is true if the termi‐
nal has not done an stty noflsh, and false if it has. If
autosynch and localchars are both true, then typing the inter‐
rupt or quit character sends that character's TELNET sequence,
followed by the TELNET SYNC sequence. This procedure causes the
remote host to discard all previously typed input until both of
the telnet sequences are read and acted upon. The initial value
of this toggle is false. Enables or disables the TELNET BINARY
option on both input and output. Enables or disables the TELNET
BINARY option on input. Enables or disables the TELNET BINARY
option on output. Toggles carriage-return feature. When true,
carriage-returns are sent as carriage-return/linefeed. When
false, carriage-returns are sent as carriage-return/NULL. The
initial value for this toggle is false. Toggles carriage-return
mode. When set to true, most carriage-return characters
received from the remote host are mapped into a carriage-return
followed by a linefeed. This mode does not affect the charac‐
ters typed by the user, only those received from the remote
host. This mode is useful when the remote host sends only a
carriage-return and not a linefeed. The initial value of this
toggle is false. Toggles debugging at the socket level. This
argument can only be entered by a user with superuser privi‐
leges. The initial value of this toggle is false. Determines
the handling of telnet special characters. When this value is
true, the erase, flush, interrupt, kill, and quit characters are
recognized locally and transformed into the appropriate TELNET
control sequences (EC, AO, IP, BRK, and EL, respectively). When
this value is false, these special characters are sent to the
remote host as literal characters. The initial value of
localchars is true in line-by-line mode and false in character-
at-a-time mode.
When the LINEMODE option is enabled, the value of localchars is
ignored, and assumed to always be true. If LINEMODE has ever
been enabled, quit is sent as abort, and eof and suspend are
sent as eof and susp (see the send subcommand). Toggles the
display of all network data (in hexadecimal format). The data is
written to standard output unless a trace_file is specified with
the -n option on the telnet command line. The initial value of
this toggle is false. Toggles the display of internal TELNET
protocol processing options, such as terminal negotiation and
local or remote echo of characters. The initial value of this
toggle is false, indicating that the current options are not
displayed. When the netdata toggle is enabled and prettydump is
also enabled, the output from the netdata toggle appears in a
more readable format. Spaces are placed between the characters
in the output, and the beginning of any TELNET escape sequence
is preceded by an * (asterisk) to aid in locating it. Toggles
printing of hexadecimal terminal data (used for debugging).
Suspends TELNET execution and returns you to your original login
shell. This subcommand works only when you are using csh or ksh.
SOURCE ROUTING
You can specify a source route to a destination system in either com‐
mand mode or input mode by using the following syntax for host:
[!]@hop@hop@hop...@host [-V {4|6}]
Each hop can be an IPv4 address, IPv6 address, or host name. If you
use addresses, you must use the same address type for each hop (either
all IPv4 addresses or all IPv6 addresses).
There are two type of source routes: strict and loose. A strict source
route is one that does not do any other lookups, and uses only the
specified hosts as routes. The optional exclamation (!) character pre‐
ceding a source route indicates a strict source route. Strict source
routes are not supported in IPv6.
Loose source routes (those specified without ! character), try to use
the specified route as best as it can. However, in some instances an
intermediate gateway may be used.
The following is an example of a strict source route. In this example,
packets are sent to host1, which will then forward them to host2. Both
host1 and host2 must have a direct link, otherwise the connection will
be refused.
!@host1@host2
The following is an example of a loose source route. In this example,
host1 and host2 do not have to have a direct link, and may have a gate‐
way or a router between them.
@host1@host2
If the user specifies actual host names, telnet decides which protocol
to use as follows:
───────────────────────────────────────────────
If any host has: telnet uses this protocol:
───────────────────────────────────────────────
IPv6 address only IPv6
IPv4 address only IPv4
───────────────────────────────────────────────
If all hosts have both IPv4 and IPv6 address, telnet will use IPv6.
You can also modify which protocol is used with the -V option. The -V
option is only used in conjunction with a source route and must follow
the source route.
If you use the -V option and the option contradicts the outcome of the
telnet protocol selection, telnet prints an error. If all hosts have
both IPv4 and IPv6 addresses, and you specify -V4, telnet will use
IPv4.
NOTES
On some remote systems, echo has to be turned off manually when in old
line-by-line mode. In old line-by-line mode or LINEMODE, the termi‐
nal's End-of-File character is only recognized (and sent to the remote
system) when it is the first character on a line.
EXAMPLES
To log in to host1 and do terminal type negotiation, enter: telnet
host1
Information similar to the following is displayed on your
screen: Trying ... Connected to host1 Escape character is ^]
login: _ To log in to remote host host3 and then check the sta‐
tus of the telnet program, enter: $ telnet host3
Trying ... Connected to host3 Escape character is ^]
login: _
Enter your login ID and password when you are prompted to do so.
Press ^] to receive the telnet> prompt. Enter the status subcom‐
mand at the prompt. Information similar to the following is
then displayed on your screen: Connected to host3. Operating in
single character mode. Escape character is '^]'. _ Press
<Return> $_
Upon completion of the status subcommand, you must press
<Return> to return to the remote prompt.
The following examples use Kerberos. The local host and the remote host
host2 are in the same Kerberos realm. To log into the remote host over
an encrypted connection, enter: $ telnet-x host2
You are not prompted for a password if both hosts are in the
same or trusting realm and you have a valid TGT. To log in and
forward your Kerberos ticket to the remote host, enter: $ telnet-f host2
You are not prompted for a password if both hosts are in the
same or trusting realm and you have a valid TGT.
FILES
User-customized telnet startup values.
SEE ALSO
Commands: env(1), kdestroy(1), kinit(1), klist(1), printenv(1), rex‐
ecd(8), rlogin(1), rsh(1), ssh2(1), telnetd(8)
Files: iptos(4)
Guides: Security Administration
telnet(1)