telnet -- user interface to the TELNET protocol

telnet [-468EFKLNacdfruxy] [-S tos] [-X authtype] [-e escapechar] [-k realm] [-l user] [-n tracefile] [-s src_addr] [host [port]]

Frequently used to communicate to a login shell at another host using the TELNET protocol.

Invoked without the host argument, enters command mode, prompt telnet> and accepts and executes the commands.
With arguments, it performs an open command with those arguments.

-l user if the remote system understands the ENVIRON option, user will be sent to the remote system as the value for the variable USER. implies -.a
may be used with the open command.
-r Specifies a user interface similar to rlogin(1).
In this mode, the escape character is set to the tilde (~).
-e ec Sets telnet escape character used to invoke telnet command mode .
If ec is omitted, there will be no escape character.
-E Stops any character from being recognized as an escape character to invoke telnet command mode.
-K no automatic login to the remote system.
-a automatic login. the default, so this option is ignored.
sends the user name via the USER variable of the ENVIRON option if supported by the remote system. The name used is that of the current user as returned by getlogin(2) if it agrees with the current user ID, otherwise it is the name associated with the user ID.
-4 Forces IPv4 addresses only.
-6 Forces IPv6 addresses only.
-8 an 8-bit data path. This causes negotiating the TELNET BINARY option on both input and output.
-L an 8-bit data path on output. This causes the BINARY option to be negotiated on output.
-N Prevents IP address to name lookup when destination host is given as an IP address.
-S tos Sets the IP type-of-service (TOS) which can be a numeric or symbolic TOS name found in the /etc/iptos file.
-X atype Disables the atype type of authentication.
-d Sets debug toggle to TRUE.
-f If Kerberos V5 authentication is being used, local credentials are forwarded to the remote system.
-F " " including any credentials that have already been forwarded into the local environment.
-k realm If Kerberos authentication telnets obtain tickets for the remote host in realm instead of the remote host's realm, as determined by krb_realmofhost(3).
-n tracefile Opens tracefile for recording trace information. See the set tracefile
-s src_addrSet the source IP address for the telnet connection to src_addr, which can be an IP address or a host name.
-u Forces telnet to use AF_UNIX addresses only (e.g., UNIX domain sockets, accessed with a file path).
-x Turns on encryption of the data stream if possible. the default, so this option is ignored.
-y Suppresses encryption of the data stream.
host name, alias, or the Internet address of a remote host. If host starts with /, telnet establishes a connection to the corresponding named socket.
port port number (address of an application). If a number is not specified, the default telnet port (20)is used.

This can be used for debugging many protocols since many use a plain text exchange. For example telnet host 25 will connect to host Simple Mail Transport Protocol (SMTP, outgoing email) application which expects commands like HELP, HELO,EHLO, MAIL FROM, SEND FROM, DATA

Another example is to test connection to a QL server using telnet host

-c Disables the reading of .telnetrc . (See skiprc

In rlogin mode, a line of the form
~. disconnects from the remote host; (~ is the default escape character).
~^Z suspends the session.
~^] escapes to the normal telnet escape prompt.

Once a connection has been opened, telnet will attempt to enable the TELNET LINEMODE option. If this fails, then telnet will revert to one of two input modes: either character at a time or old line by line depending on what the remote system supports.

When LINEMODE is enabled, character processing is done on the local system, under the control of the remote system. When input editing or character echoing is to be disabled, the remote system will relay that information. The remote system will also relay changes to any special characters that happen on the remote system, so that they can take effect on the local system.

In character at a time mode, most text typed is immediately sent to the remote host for processing.

In old line by line mode, all text is echoed locally, and (normally) only completed lines are sent to the remote host. The local echo character (initially ^E) may be used to turn off and on the local echo (this would mostly be used to enter passwords without the password being echoed).

If the LINEMODE option is enabled, or if the localchars toggle is TRUE (the default for old line by line; see below), the user's quit, intr, and flush characters are trapped locally, and sent as TELNET protocol sequences to the remote side. If LINEMODE has ever been enabled, then the user's susp and eof are also sent as TELNET protocol sequences, and quit is sent as a TELNET ABORT instead of BREAK. There are options (see toggle autoflush and toggle autosynch below) which cause this action to flush subse- quent output to the terminal (until the remote host acknowledges the TELNET sequence) and flush previ- ous terminal input (in the case of quit and intr).

While connected to a remote host, telnet command mode may be entered by typing the telnet escape character (initially ^]). When in command mode, the normal terminal editing conventions are available.

The following telnet commands are available.
Only enough of each command to uniquely identify it need be typed (also true for arguments to mode, set, toggle, unset, slc, environ, and display).

open host [-l user] [[-]port] host host name, address in dot notation, or IPv6 coloned-hexadecimal addreess.
-l login user name passed to the remote system via ENVIRON .
When connecting to a non-standard port, telnet omits any automatic initiation of TELNET options.
When port is preceded by a minus sign, the initial option negotiation is done.

After establishing a connection, .telnetrc in the users home directory is opened.

close Close a TELNET session and return to command mode.
logout Sends the TELNET LOGOUT option to the remote side, similar to a close ;
if the remote side does not support the LOGOUT option, nothing happens.
If the remote side does support the LOGOUT option, this command should cause the remote side to close the TELNET connection.
If the remote side also supports the concept of suspending a user's session for later reattachment,
the logout argument indicates terminate the session immediately.
auth disable type       enable manipulates the TELNET AUTHENTICATE option.
To a list of available types, use auth disable ?
auth status Lists the current status of the various types of authentication.
Authentication enabled
KERBEROS_V5: enabled
KERBEROS_V4: enabled
encrypt argument ...
enable type [input | output]
Omitting input or output, both are disabled.
To list available types: encrypt disable ?
stop [input | output]
Omitting input or output both are encrypted.
encrypt stop(stop) input
encrypt start (stop) output
type type Sets the default type
environ args The initial set of variables is populated with the contents of: USER, PRINTER, DISPLAY, TERM, COLUMNS, LINES.
Only USER, PRINTER, DISPLAY are exported by default.
Valid arguments for the environ command are:
define variable [value] Define the variable variable to have a value of value. If value is empty, the value is taken from the environment variable. Any variables defined by this command are automatically exported. The value may be enclosed in single or dou- ble quotes so that tabs and spaces may be included.
undefine variable Remove variable from the list of environment variables.
export variable Mark variable to be exported to the remote side.
unexport variable Mark variable to not be exported unless explicitly asked for by the remote side.
list List the current set of environment variables. Those marked with a * will be sent automatically, other variables will only be sent if explicitly requested.
? output help for environ
mode type
character Disable TELNET LINEMODE.
If the remote side does not understand LINEMODE ,
enter character at a time mode.
line Enable the TELNET LINEMODE option,
If the remote side does not understand LINEMODE, then enter old-line-by-line mode.
[-]isig enable (disable) TRAPSIG
[-]edit enable (disable) EDIT
[-]softtabs enable (disable) SOFT_TAB
[-]litecho enable (disable) LIT_ECHO
? output help for mode .
send arguments More than one argument may be specified
ayt Are You There
brk Break
ec Erase Character erases the last character entered.
el Erase Line erases the line currently being entered.
eof End Of File
eor End of Record
escape current telnet escape character, initially ^.
ga Go Ahead
getstatus server current option status.
nop No OPeration
abort Abort processes
ao Abort Output causes the remote system to flush buffered output
ip Interrupt Process abort the currently running process.
susp SUSPend process
synch discard all previously typed (but not yet read) input.
sent as TCP urgent data. If ignored a lower case r may be echoed on the terminal.
do cmd
dont cmd
will cmd
wont cmd
cmd decimal number between 0 and 255, or a symbolic name for a specific TELNET command.
help or ? to output help information, including a list of known symbolic names.
? outputs help send
display argument ... Displays set and toggle values
telnet> display ayt
ayt             [^T]

telnet> display              
will flush output when sending interrupt characters.
won't send interrupt characters in urgent mode.
will send login name and/or authentication information.
won't skip reading of ~/.telnetrc file.
won't map carriage return on output.
will recognize certain control characters.
won't turn on socket level debugging.
won't print hexadecimal representation of network traffic.
won't print user readable output for "netdata".
won't show option processing.
won't print hexadecimal representation of terminal traffic.
     following reformated
echo            [^E]             escape          [^]]           
rlogin          [off]
tracefile       "(standard output)"
flushoutput     [^O]             interrupt       [^C]            quit            [^\]
eof             [^D]             erase           [^?]            kill            [^U]
lnext           [^V]             susp            [^Z]            reprint         [^R]
worderase       [^W]             start           [^Q]            stop            [^S]
forw1           [off]            forw2           [off]
ayt             [^T]
set code value|TRUE|off
unset code value|TRUE|off
variables which may be set or unset, but not toggled
variables for toggle command may be set or unset
code initial
escape ^[enters command mode
echo ^Ein line by line mode, toggles local echo of entered characters (for normal processing), and suppressing echoing (for example entering, a password)
eof ^Din LINEMODE or old line by line mode, as the first character on a line, causes this character to be sent
in LINEMODE, cause partial lines to be forwarded
lnext ^V in LINEMODE or old line by line mode
ayt ^T in localchars mode, or LINEMODE , status character sends TELNET AYT
affect input
erase ^?in localchars mode and operating in character at a time mode, sends TELNET EC
worderase^W in LINEMODE or old line by line mode,
affect output
stop ^S If TOGGLE-FLOW-CONTROL is enabled
start ^Q If TOGGLE-FLOW-CONTROL is enabled
kill ^Uin localchars mode and operating in character at a time mode, sends TELNET EL
flushoutput^O In localchars mode, sends TELNET AO
request action
susp ^Z in localchars mode, or LINEMODE is enabled, TELNET SUSP is sent.
interrupt^Cin localchars mode send TELNET IP
quit ^\ localchars mode sends TELNET BRK
reprint^Rin LINEMODE or old line by line mode,
rlogin off If set, the escape character is ignored unless preceded by this character at the beginning of a line.
At the beginning of a line followed by a "." closes the connection to be suspended
When followed by a ^Z suspends the telnet command.
tracefile- filename to which the output, of netdata or tracing If -, then tracing information is written to standard output
? Displays the legal set (unset) commands.
slc state Set Local Characters
in LINEMODE Special characters are characters mapped to TELNET commands sequences (like ip or quit) or line editing characters (like erase and kill).
Default: exported.
check Verify the current settings for the current special characters. The remote side is requested to send all the current special character settings, and if there are any discrepancies with the local side, the local side will switch to the remote value.
export Switch to the local defaults for the special characters. The local default characters are those of the local terminal at the time when telnet was started.
import Switch to the remote defaults for the special characters. The remote default characters are those of the remote system at the time when the TELNET connection was established.
? output help information for the slc command.
status Show the current status of telnet. This includes the peer one is connected to, as well as the current mode.
toggle arguments ... use set and unset to explicitly set TRUE or FALSE
More than one argument may be specified. The state of these flags may be interrogated with the display command.
authdebug Turns on debugging for the authentication code.
autoflush If autoflush and localchars are both TRUE, then when the ao, or quit characters are recognized (and transformed into TELNET sequences; telnet refuses to display any data on the user's terminal until the remote system acknowledges (via a TELNET TIMING MARK option) that it has processed those TELNET sequences.
Initaly TRUE if the terminal user had not done an stty noflsh", otherwise FALSE (see stty
autodecrypt When the TELNET ENCRYPT option is negotiated, by default the actual encryption (decryption) of the data stream does not start automatically.
The autoencrypt (autodecrypt) command states that encryption of the output (input) stream should be enabled as soon as possible.
autologin If the remote side supports the TELNET AUTHENTICATION option telnet attempts to use it to perform automatic authentication. If the AUTHENTICATION option is not supported, the user's login name are propagated through the TELNET ENVIRON option. This command is the same as specifying -a option on the open command.
autosynch If autosynch and localchars are both TRUE, then when either the intr or quit characters is typed (see set above for descriptions of the intr and quit characters), the resulting TELNET sequence sent is followed by the TELNET SYNCH sequence. This procedure should cause the remote system to begin throwing away all previously typed input until both of the TELNET sequences have been read and acted upon.
Initally FALSE.

Enable or disable the TELNET BINARY option on i/o, input, output.

crlf carriage returns will be sent as ␍␊
FALSE, then carriage returns will be send as ␍␀
initially FALSE ␍␀.
crmod Toggle carriage return mode. When this mode is enabled, most carriage return characters received from the remote host will be mapped into a carriage return followed by a line feed.
Does not affect those characters typed by the user, only those received from the remote host.
This mode is not very useful unless the remote host only sends carriage return, but never line feed.
Initially FALSE.
debug Toggles socket level debugging (useful only to the super user), initally FALSE.
encdebug Turns on debugging information for the encryption code.
localchars If TRUE, flush, interrupt, quit, erase, and kill characters are recognized locally, and transformed into appropriate TELNET control sequences (respectively ao, ip, brk, ec and el Initially TRUE in old line by line mode, and
Initially FALSE in character at a time mode.
When LINEMODE is enabled, the value of localchars is ignored, and assumed to always be TRUE.
If LINEMODE has ever been enabled, then quit is sent as abort, and eof and suspend are sent as eof and susp (see send above).
termdata Toggles the display of terminal data (in hexadecimal ), initially FALSE.
netdata Toggles the display of network data (in hexadecimal ), initially FALSE.
prettydump When netdata is enabled, more user readable format, i.e. spaces are put between each character in the output, and the beginning of any telnet escape sequence is preceded by a * to aid in locating them.
skiprc skips the reading of .telnetrc, initially FALSE.
verbose_encryptoutput a message each time encryption is enabled or disabled. initially FALSE.
? Displays toggle commands.
opie sequence challengecomputes a response to the OPIE challenge.
z Suspend telnet. resume with fg
! [command] Execute a single command in a subshell on the local system.
If command is omitted, then an interactive subshell is invoked.
options Toggles the display of some internal telnet protocol processing, initially FALSE.
? [command] With no arguments, outputs a summary of commands.
If command is specified, outputs the help information for that command.


Telnet uses at least the HOME, SHELL, DISPLAY, and TERM environment variables.
Other environment variables may be propagated to the other side via the TELNET ENVIRON option.


rlogin(1), rsh(1), hosts(5), nologin(5), telnetd(8)


~/.telnetrc user customized telnet startup values Lines beginning with a # are comment lines. Blank lines are ignored.
Lines that begin without white space are the start of a machine entry.
  machine The rest of the line, and successive lines that begin with white space are telnet commands ..


The telnet command appeared in 4.2BSD.

IPv6 support was added by WIDE/KAME project.

On some remote systems, echo has to be turned off manually when in old line by line mode.

In old line by line mode or LINEMODE the terminal's eof character is only recognized (and sent to the remote system) when it is the first character on a line.

The /etc/iptos file configures the Type Of Service (TOS) of the Internet Protocol (IP) used by FTP and Telnet.

The TOS field in the Internet datagram is to specify how the datagram should be handled. It is a mechanism to allow control information to have precedence over data.

Generally, protocols that are involved in direct interaction with a human should select low delay, while data transfers that involve large blocks of data need high throughput.
Finally, high reliability is most important for datagram-based Internet management functions.

In the Tru64 UNIX operating system, the ftp and telnet applications and the ftpd and telnetd daemons allow the configuring of TOS values. If the file does not exist, the applications default to recommended by RFC1060:

ftp-control Low delay 
  ftp-data High throughput 
  telnet Low delay
Users who want to configure their own TOS values for the TOS field should provide the /etc/iptos file.

Most IP routers do not differentiate based on TOS, and therefore providing values other than the default would have no affect. Digital does not recommend changing the default values for FTP and Telnet.

Application Proto TOS-bits aliases
Application The name of an application TOS entry.
Proto The protocol name for which the entry is appropriate.
TOS-bits The TOS value to be set for the entry.
aliases A list of aliases that exist for the entry.
Items on an entry line are separated by any number of blanks, tabs, or combination of blanks and tabs. A number sign (#) indicates that the rest of the line is a comment and is not interpreted by routines that search the file. Blank lines in the file are ignored.

Valid TOS entry names are ftp-control and ftp-data for FTP and telnet for Telnet.

The TOS value for the entry should be one of the following hexadecimal numbers, corresponding to TOS bits:
0x10 Low delay
0x08 High throughput
0x04 High reliability