Next: , Previous: , Up: Top   [Contents][Index]

25 telnetd: Telnet server

telnetd [option]…
-a authmode

Specify what mode to use for authentication. Allowed values are: ‘none’, ‘other’, ‘user’, ‘valid’, and ‘off’.


Set the debugging level. The argument is a comma separated list of these categories: ‘options’, ‘report’, ‘netdata’, ‘ptydata’, ‘auth’, and ‘encr’. All these may be used in the form ‘name[=level]’. Omission of ‘level’ implies the maximal possible debugging level for that particular category.

There is one additional category ‘tcp’, which does not take an additional level indicator, but is instead equivalent to setting the socket option ‘SO_DEBUG’ for debugging the complete traffic.

The output is written to the file /tmp/telnet.debug, and any new data is incrementally added as time passes.

-E string

Set program to be executed instead of /bin/login.


Do not print host information before login has been completed.


Set line mode. An empty argument will force line read mode at all times. The only recognised value is otherwise ‘nokludge’.


Disable TCP keep-alives.

-S principal

Set principal name for the server, to be used in Kerberos authentication. The value principal can be set to provide full specification like ‘srv.local@REALM’ and ‘tnt/localhost@REALM’, where the first uses the standard prefix ‘host/’. Or principal can override default settings in part only, like ‘srv.local’, ‘tnt/srv.local’, or ‘@REALM’.


Refuse connections from addresses that cannot be mapped back into a symbolic name. A client is accepted only if the IP address can be resolved as a host name, and the same name is resolvable to addresses among which the clients’s address is included.

-X authtype

Disable the use of the given authentication type. Use this option multiple times if more than one type is to be disabled. Standard choices are ‘null’, ‘kerberos_v4’, and ‘kerberos_v5’.

25.1 Crafting an execution string.

The server telnetd contains a built-in execution string which invokes login with arguments suitable for the operating system at hand. This preset choice corresponds to the standard use case of the service. For specialized purposes this implementation also offers a command line option -E, or --exec-login, to override the built-in execution of login, thus allowing almost any choice of handler.

A custom execution string could look like

telnetd -h -E '/usr/local/sbin/avrop  %t %U'

The execution string must as its first part provide an absolute path to an executable file. After that may follow arbitrary additional arguments. For this latter part, telnetd offers some replacement tokens that dynamically are replaced by content. All are of the form %<var>, where ‘<var>’ is a single letter from the following collection of selectors. A valid letter is called variable. The mark conditional, appearing below, indicates that the corresponding variable is conditionally assigned a value.


Returns ‘ok’ whenever authentication is complete. conditional


Produces a time and date string.


Gives the remote host name in canonical form.


States the local host name, also in canonical form.


Returns the path of the pseudo terminal assigned to the client.


Gives the terminal device stripped of the leading ‘/dev/’.


States the terminal type, like ‘xterm’. conditional


Provides the authenticated user name. conditional


Returns the user name passed as an environment variable USER by the remote client software. The value is empty, should the environment not provide a value.

In addition, a conditional construct is able to take one action in case a variable has an assigned value, and optionally to take another action in the opposite case. The contruct is


The braces are here mandatory, while the brackets enclose the optional else-clause and are not included in actual use. The initial, motivating example, could thus be expanded to read

telnetd -h -E '/usr/local/sbin/avrop  %t %?a{%u krb5}{%U}'

In case authentication was completed as user ‘sigge’, the execution string would resolve to

/usr/local/sbin/avrop  pts/1 sigge krb5

In all other cases the result would be

/usr/local/sbin/avrop  pts/1 $USER

where $USER is the value of the corresponding environment variable and could possibly be empty.

Next: , Previous: , Up: Top   [Contents][Index]