Understanding the Linux and Unix Command: telnet

Remotely access another computer from the command line

The telnet command is used to communicate with another host using the TELNET protocol. If telnet is invoked without the host argument, it enters command mode, indicated by its prompt (telnet>). In this mode, it accepts and executes the commands listed below. If it is invoked with arguments, it performs an open command with those arguments.

Telnet is not considered a secure protocol. In most cases, it should be disabled in favor of the more secure SSH protocol.

How to Use telnet

Telnet is fairly simple to use. Tell the command the IP address of the computer that you want to access, and you're taken to a login screen for that machine.

telnet 192.168.1.110

This is the most common way to work with telnet.

Linux Telnet

If you can, add the -x flag for encryption to make Telnet more secure. For example:

telnet -x 192.168.1.110

You can use a hostname in place of an IP address, as long as you have a DNS or a host specified in the /etc/hosts file.

telnet -x webserver

If you prefer to specify the user you want to log in as in the command, accomplish that with the -l flag.

telnet -x -l username webserver

These are the most common ways to use Telnet. If you want a detailed breakdown, refer to the full manual below.

Telnet Technical Manual

Name

telnet: User interface to the TELNET protocol.

Synopsis

telnet [-8EFKLacdfrx ] [-X authtype ] [-b hostalias ] [-e escapechar ] [-k realm ] [-l user ] [-ntracefile ] [host [port ] ]

Telnet Commands

The options are as follows:

-8

Specifies an 8-bit data path. This causes an attempt to negotiate the TELNET BINARY option on both input and output.

-E

Stops any character from being recognized as an escape character.

-F

If Kerberos V5 authentication is used, the -F option allows the local credentials to be forwarded to the remote system, including any credentials that have been forwarded to the local environment.

-K

Specifies no automatic login to the remote system.

-L

Specifies an 8-bit data path on output. This causes the BINARY option to be negotiated on output.

-X atype

Disables the atype type of authentication.

-a

Attempt automatic login. Currently, this sends the user name via the USER variable of the ENVIRON option if supported by the remote system. The name used is that of the current user as returned by getlogin(2) if it agrees with the current user ID, otherwise, it is the name associated with the user ID.

-b hostalias

Uses bind(2) on the local socket to bind it to an aliased address (see ifconfig(8) and the alias specifier) or to the address of another interface than the one naturally chosen by connect(2). This can be useful when connecting to services that use IP addresses for authentication, and reconfiguration of the server is undesirable (or impossible).

-c

Disables the reading of the user's .telnetrc file. (See the toggle skiprc command on this man page.)

-d

Sets the initial value of the debug toggle to TRUE.

-e escapechar

Sets the initial telnet escape character to escapechar. If escapechar is omitted, there isn't an escape character.

-f

If Kerberos V5 authentication is used, the -f option allows the local credentials to be forwarded to the remote system.

-k realm

If Kerberos authentication is used, the -k option requests that telnet obtain tickets for the remote host in realm instead of the remote host's realm, as determined by krb_realmofhost3.

-l user

When connecting to the remote system, if the remote system understands the ENVIRON option, then user is sent to the remote system as the value for the variable USER. This option implies the -a option. This option may also be used with the open command.

-n tracefile

Opens tracefile for recording trace information. See the set tracefile command below.

-r

Specifies a user interface similar to rlogin(1). In this mode, the escape character is set to the tilde (~) character, unless modified by the -e option.

-x

Turns on encryption of the data stream if possible.

host

Indicates the official name, an alias, or the internet address of a remote host.

port

Indicates a port number (the address of an application). If a number is not specified, the default telnet port is used.

When in rlogin mode, a line of the form ~. disconnects from the remote host; ~ is the telnet escape character. Similarly, the line ~^Z suspends the telnet session. The line ~^] escapes to the normal telnet escape prompt.

Telnet LINEMODE Option

Once a connection has been opened, telnet attempts to enable the TELNET LINEMODE option. If this fails, telnet reverts to one of two input modes: either character at a time or old line by line depending on what the remote system supports.

When LINEMODE is enabled, character processing is done on the local system, under the control of the remote system. When input editing or character echoing is to be disabled, the remote system relays that information. The remote system also relays changes to any special characters that happen on the remote system so that these take effect on the local system.

In character at a time mode, most text typed is immediately sent to the remote host for processing.

In old line by line mode, all text is echoed locally, and (normally) only completed lines are sent to the remote host. The local echo character (initially ^E) may be used to turn off and on the local echo (this is mostly used to enter passwords without the password being echoed).

If the LINEMODE option is enabled, or if the localchars toggle is TRUE (the default for old line by line; see below), the user's quit intr and flush characters are trapped locally and sent as TELNET protocol sequences to the remote side.

If LINEMODE has ever been enabled, then the user's susp and eof are also sent as TELNET protocol sequences, and quit is sent as a TELNET ABORT instead of BREAK. There are options (see toggle autoflush and toggleautosynch below) which cause this action to flush subsequent output to the terminal (until the remote host acknowledges the TELNET sequence) and flush previous terminal input (in the case of quit and intr).

While connected to a remote host, telnet command mode may be entered by typing the telnet escape character (initially ^]). When in command mode, the normal terminal editing conventions are available. Note that the escape character returns to the command mode of the initial invocation of telnet that has the controlling terminal. Use the send escape command to switch to command mode in subsequent telnet processes on remote hosts.

Telnet Commands

The following telnet commands are available. Only enough of each command to uniquely identify it need be typed (this is also true for arguments to the mode set toggle unset slcenviron and display commands).

auth argument [... ]

The auth command manipulates the information sent through the TELNET AUTHENTICATE option.

Valid arguments for the auth command are as follows:

disable type

Disables the specified type of authentication. To obtain a list of available types, use the auth disable ? command.

enable type

Enables the specified type of authentication. To obtain a list of available types, use the auth enable ? command.

status

Lists the current status of the various types of authentication.

close

Close a TELNET session and return to command mode.

display argument [... ]

Displays all, or some, of the set and toggle values (see below).

encrypt argument [... ]

The encrypt command manipulates the information sent through the TELNET ENCRYPT option.

Valid arguments for the encrypt command are as follows:

disable type [input|output]

Disables the specified type of encryption. If you omit input and output, both input and output are disabled. To obtain a list of available types, use the encrypt disable ? command.

enable type [input|output]

Enables the specified type of encryption. If you omit input and output both input and output are enabled. To obtain a list of available types, use the encrypt enable ? command.

input

This is the same as the encrypt start input command.

-input

This is the same as the encrypt stop input command.

output

This is the same as the encrypt start output command.

-output

This is the same as the encrypt stop output command.

start [input|output]

Attempts to start encryption. If you omit input and output, both input and output are enabled. To obtain a list of available types, use the encrypt enable ? command.

status

Lists the current status of encryption.

stop [input|output]

Stops encryption. If you omit input and output, encryption is on both input and output.

type type

Sets the default type of encryption to be used with later encrypt start or encrypt stop commands.

Environ Commands

environ arguments [... ]

The environ command is used to manipulate the variables that may be sent through the TELNET ENVIRON option. The initial set of variables is taken from the user's environment, with only the DISPLAY and PRINTER variables being exported by default. The USER variable is also exported if the -a or -l options are used.

Valid arguments for the environ command are:

define variable value

Define the variable variable to have a value of value. Any variables defined by this command are automatically exported. The value may be enclosed in single or double quotes so that tabs and spaces may be included.

undefine variable

Remove variable from the list of environment variables.

export variable

Mark the variable variable to be exported to the remote side.

unexport variable

Mark the variable variable to not be exported unless explicitly asked for by the remote side.

list

List the current set of environment variables. Those marked with a * will be sent automatically, other variables will only be sent if explicitly requested.

?

Prints out help information for the environ command.

logout

Sends the TELNET LOGOUT option to the remote side. This command is similar to a close command. However, if the remote side doesn't support the LOGOUT option, nothing happens. If, however, the remote side does support the LOGOUT option, this command should cause the remote side to close the TELNET connection. If the remote side also supports the concept of suspending a user's session for later reattachment, the logout argument indicates that you should terminate the session immediately.

mode type

type is one of several options, depending on the state of the TELNET session. The remote host is asked for permission to go into the requested mode. If the remote host is capable of entering that mode, the requested mode is entered.

character

Disable the TELNET LINEMODE option, or, if the remote side does not understand the LINEMODE option, then enter character at a time mode.

line

Enable the TELNET LINEMODE option, or, if the remote side does not understand the LINEMODE option, then attempt to enter old line by line mode.

isig (-isig )

Attempt to enable (disable) the TRAPSIG mode of the LINEMODE option. This requires that the LINEMODE option be enabled.

edit (-edit )

Attempt to enable (disable) the EDIT mode of the LINEMODE option. This requires that the LINEMODE option be enabled.

softtabs (-softtabs )

Attempt to enable (disable) the SOFT_TAB mode of the LINEMODE option. This requires that the LINEMODE option be enabled.

litecho (-litecho )

Attempt to enable (disable) the LIT_ECHO mode of the LINEMODE option. This requires that the LINEMODE option be enabled.

?

Prints out help information for the mode command.

open host [-l user ] [[- ] port ]

Open a connection to the named host. If no port number is specified, telnet attempts to contact a TELNET server at the default port. The host specification may be either a hostname (see hosts (5)) or an internet address specified in the dot notation (see inet(3)). The -l option may be used to specify the username to be passed to the remote system via the ENVIRON option. When connecting to a non-standard port, telnet omits any automatic initiation of TELNET options. When the port number is preceded by a minus sign, the initial option negotiation is done. After establishing a connection, the file .telnetrc in the user's home directory is opened. Lines beginning with a # are comment lines. Blank lines are ignored. Lines that begin without whitespace are the start of a machine entry. The first thing on the line is the name of the machine that is being connected to. The rest of the line and successive lines that begin with whitespace are assumed to be telnet commands and are processed as if the line had been typed in manually to the telnet command prompt.

quit

Close any open TELNET session and exit telnet. An end-of-file (in command mode) will also close a session and exit.

send arguments

Sends one or more special character sequences to the remote host. The following are the arguments which may be specified (more than one argument may be specified at a time):

abort

Sends the TELNET ABORT (Abort processes) sequence.

ao

Sends the TELNET AO (Abort Output) sequence, which should cause the remote system to flush all output from the remote system to the user's terminal.

ayt

Sends the TELNET AYT (Are You There) sequence, to which the remote system may or may not choose to respond.

brk

Sends the TELNET BRK (Break) sequence, which may have significance to the remote system.

ec

Sends the TELNET EC (Erase Character) sequence, which should cause the remote system to erase the last character entered.

el

Sends the TELNET EL (Erase Line) sequence, which should cause the remote system to erase the line currently being entered.

eof

Sends the TELNET EOF (End Of File) sequence.

eor

Sends the TELNET EOR (End of Record) sequence.

escape

Sends the current telnet escape character (initially ^]).

ga

Sends the TELNET GA (Go Ahead) sequence, which likely has no significance to the remote system.

getstatus

If the remote side supports the TELNET STATUS command, getstatus sends the subnegotiation to request that the server send its current option status.

ip

Sends the TELNET IP (Interrupt Process) sequence, which should cause the remote system to abort the currently running process.

nop

Sends the TELNET NOP (No OPeration) sequence.

susp

Sends the TELNET SUSP (SUSPend process) sequence.

synch

Sends the TELNET SYNCH sequence. This sequence causes the remote system to discard all previously typed (but not yet read) input. This sequence is sent as TCP urgent data (and may not work if the remote system is a BSD 4.2 system—if it doesn't work, a lower case r may be echoed on the terminal).

do cmd

Sends the TELNET DO cmd sequence. cmd can be either a decimal number between 0 and 255 or a symbolic name for a specific TELNET command. cmd can also be either help or ? to print out help information, including a list of known symbolic names.

dont cmd

Sends the TELNET DONT cmd sequence. cmd can be either a decimal number between 0 and 255 or a symbolic name for a specific TELNET command. cmd can also be either help or ? to print out help information, including a list of known symbolic names.

will cmd

Sends the TELNET WILL cmd sequence. cmd can be either a decimal number between 0 and 255 or a symbolic name for a specific TELNET command. cmd can also be either help or ? to print out help information, including a list of known symbolic names.

wont cmd

Sends the TELNET WONT cmd sequence. cmd can be either a decimal number between 0 and 255 or a symbolic name for a specific TELNET command. cmd can also be either help or ? to print out help information, including a list of known symbolic names.

?

Prints out help information for the send command.

set argument value

unset argument value

The set command sets any one of a number of telnet variables to a specific value or to TRUE. The special value off turns off the function associated with the variable; this is equivalent to using the unset command. The unset command disables or sets to FALSE any of the specified functions. The values of variables may be interrogated with the display command. The variables which may be set or unset, but not toggled, are listed here. In addition, any of the variables for the toggle command may be explicitly set or unset using the set and unset commands.

ayt

If TELNET is in localchars mode, or LINEMODE is enabled, and the status character is typed, a TELNET AYT sequence (see send ayt, preceding) is sent to the remote host. The initial value for the Are You There character is the terminal's status character.

echo

This is the value (initially ^E) which, when in line by line mode, toggles between doing local echoing of entered characters (for normal processing), and suppressing echoing of entered characters (to enter, for example, a password).

eof

If telnet is operating in LINEMODE or old line by line mode, entering this character as the first character on a line causes this character to be sent to the remote system. The initial value of the eof character is taken to be the terminal's eof character.

erase

If telnet is in localchars mode (see toggle localchars below), and if telnet is operating in character at a time mode, then when this character is typed, a TELNET EC sequence (see send ec, above) is sent to the remote system. The initial value for the erase character is taken to be the terminal's erase character.

escape

This is the telnet escape character (initially ^[) which causes entry into telnet command mode (when connected to a remote system).

flushoutput

If telnet is in localchars mode (see toggle localchars, below) and the flushoutput character is typed, a TELNET AO sequence (see send ao, above) is sent to the remote host. The initial value for the flush character is taken to be the terminal's flush character.

forw1

forw2

If TELNET is operating in LINEMODE, these are the characters that, when typed, cause partial lines to be forwarded to the remote system. The initial value for the forwarding characters are taken from the terminal's eol and eol2 characters.

interrupt

If telnet is in localchars mode (see toggle localchars, below) and the interrupt character is typed, a TELNET IP sequence (see send ip, above) is sent to the remote host. The initial value for the interrupt character is taken to be the terminal's intr character.

kill

If telnet is in localchars mode (see toggle localchars, below), and if telnet is operating in character at a time mode, then when this character is typed, a TELNET EL sequence (see send el, above) is sent to the remote system. The initial value for the kill character is taken to be the terminal's kill character.

lnext

If telnet is operating in LINEMODE or old line by line mode, then this character is taken to be the terminal's lnext character. The initial value for the lnext character is taken to be the terminal's lnext character.

quit

If telnet is in localchars mode (see toggle localchars, below) and the quit character is typed, a TELNET BRK sequence (see send brk, above) is sent to the remote host. The initial value for the quit character is taken to be the terminal's quit character.

reprint

If telnet is operating in LINEMODE or old line by line mode, then this character is taken to be the terminal's reprint character. The initial value for the reprint character is taken to be the terminal's reprint character.

rlogin

This is the rlogin escape character. If set, the normal TELNET escape character is ignored unless it is preceded by this character at the beginning of a line. This character, at the beginning of a line, followed by a "." closes the connection. When followed by a ^Z, it suspends the telnet command. The initial state is to disable the rlogin escape character.

start

If the TELNET TOGGLE-FLOW-CONTROL option has been enabled, then this character is taken to be the terminal's start character. The initial value for the start character is taken to be the terminal's start character.

stop

If the TELNET TOGGLE-FLOW-CONTROL option has been enabled, then this character is taken to be the terminal's stop character. The initial value for the stop character is taken to be the terminal's stop character.

susp

If telnet is in localchars mode, or LINEMODE is enabled, and the suspend character is typed, a TELNET SUSP sequence (see send susp, above) is sent to the remote host. The initial value for the suspend character is taken to be the terminal's suspend character.

tracefile

This is the file to which the output, caused by netdata or option tracing beingTRUE will be written. If it is set to "-" then tracing information will be written to standard output (the default).

worderase

If telnet is operating in LINEMODE or old line by line mode, then this character is taken to be the terminal's worderase character. The initial value for the worderase character is taken to be the terminal's worderase character.

?

Displays the legal set (unset) commands.

skey sequence challenge

The skey command computes a response to the S/Key challenge. See skey(1) for more information on the S/Key system.

slc state

The slc command (Set Local Characters) is used to set or change the state of the special characters when the TELNET LINEMODE option is enabled. Special characters are characters that get mapped to TELNET commands sequences (like ip or quit or line editing characters like erase and kill). By default, the local special characters are exported.

check

Verify the current settings for the current special characters. The remote side is requested to send all the current special character settings, and if there are any discrepancies with the local side, the local side will switch to the remote value.

export

Switch to the local defaults for the special characters. The local default characters are those of the local terminal at the time when telnet was started.

import

Switch to the remote defaults for the special characters. The remote default characters are those of the remote system at the time when the TELNET connection was established.

?

Prints help information for the slc command.

status

Show the current status of telnet. This includes the peer one is connected to, as well as the current mode.

toggle arguments [... ]

Toggle (between TRUE and FALSE) various flags that control how telnet responds to events. These flags may be set explicitly to TRUE or FALSE using the set and unset commands listed above. More than one argument may be specified. The state of these flags may be interrogated with the display command. Valid arguments are:

authdebug

Turns on debugging information for the authentication code.

autoflush

If autoflush and localchars are both TRUE, then when the ao or quit characters are recognized (and transformed into TELNET sequences; see set, above, for details), telnet refuses to display any data on the user's terminal until the remote system acknowledges (via a TELNET TIMING MARK option) that it has processed those TELNET sequences. The initial value for this toggle is TRUE if the terminal user had not done an stty noflsh, otherwise FALSE (see stty(1)).

autodecrypt

When the TELNET ENCRYPT option is negotiated, by default the actual encryption (decryption) of the data stream does not start automatically. The autoencrypt (autodecrypt) command states that encryption of the output (input) stream should be enabled as soon as possible.

autologin

If the remote side supports the TELNET AUTHENTICATION option, TELNET attempts to use it to perform automatic authentication. If the AUTHENTICATION option is not supported, the user's login name is propagated through the TELNET ENVIRON option. This command is the same as specifying the a option on the open command.

autosynch

If autosynch and localchars are both TRUE, then when either the intr or quit character is typed (see set, above, for descriptions of the intr and quit characters), the resulting TELNET sequence sent is followed by the TELNET SYNCH sequence. This procedure should cause the remote system to throw away all previously typed input until both of the TELNET sequences have been read and acted upon. The initial value of this toggle is FALSE.

binary

Enable or disable the TELNET BINARY option on both input and output.

inbinary

Enable or disable the TELNET BINARY option on input.

outbinary

Enable or disable the TELNET BINARY option on output.

crlf

If this is TRUE, then carriage returns will be sent. If this is FALSE, then carriage returns will be sent as the initial value.

crmod

Toggle carriage return mode. When this mode is enabled, most carriage return characters received from the remote host are mapped into a carriage return followed by a line feed. This mode does not affect those characters typed by the user, only those received from the remote host. This mode is not very useful unless the remote host only sends carriage return, but never line feeds. The initial value for this toggle is FALSE.

debug

Toggles socket level debugging (useful only to the superuser). The initial value for this toggle is FALSE.

encdebug

Turns on debugging information for the encryption code.

localchars

If this is TRUE, then the flush interrupt quit erase and kill characters (see set, above) are recognized locally, and transformed into appropriate TELNET control sequences (respectively ao, ip, brk, ec, and el; see send, above). The initial value for this toggle is TRUE in old line by line mode, and FALSE in character at a time mode. When the LINEMODE option is enabled, the value of localchars is ignored and assumed to always be TRUE. If LINEMODE has ever been enabled, then quit is sent as abort, and eof and suspend are sent as eof and susp (see send, above).

netdata

Toggles the display of all network data (in hexadecimal format). The initial value for this toggle is FALSE.

options

Toggles the display of some internal telnet protocol processing (having to do with TELNET options). The initial value for this toggle is FALSE.

prettydump

When the netdata toggle is enabled, if prettydump is enabled, the output from the netdata command is formatted in a user-readable format. Spaces are put between each character in the output, and the beginning of any TELNET escape sequence is preceded by a * to aid in locating the sequence.

skiprc

When the skiprc toggle is TRUE, TELNET skips the reading of the .telnetrc file in the user's home directory when connections are opened. The initial value for this toggle is FALSE.

termdata

Toggles the display of all terminal data (in hexadecimal format). The initial value for this toggle is FALSE.

verbose_encrypt

When the verbose_encrypt toggle is TRUE, telnet prints a message each time encryption is enabled or disabled. The initial value for this toggle is FALSE.

?

Displays the legal toggle commands.

z

Suspend telnet. This command only works when the user is using the csh(1).

! [command ]

Execute a single command in a subshell on the local system. If command is omitted, then an interactive subshell is invoked.

? [command ]

Get help. With no arguments, telnet prints a help summary. If a command is specified, telnet prints the help information for just that command.

Use the man command (% man) to see how a command is used on your computer.