Telnet

ZestSSH includes a raw TCP Telnet client with basic RFC 854 option negotiation. Telnet is provided for accessing legacy equipment and services that do not support SSH.

Availability

Platform	Status
Android	Full support
iOS	Full support
Windows	Full support
macOS	Full support
Linux	Full support

Security Warning

Telnet transmits all data — including usernames and passwords — in plaintext. Anyone with access to the network path between your device and the target host can intercept your session. ZestSSH displays a prominent warning in the connection log every time a Telnet connection is established.

Use SSH whenever possible. Telnet should only be used for:

Legacy network equipment that lacks SSH support (older managed switches, UPS units, serial console servers without SSH).
Lab or isolated environments where traffic interception is not a concern.
Initial device setup where SSH has not yet been configured.
Testing TCP connectivity or debugging services on arbitrary ports.

Quick Start

Create a new connection and select Telnet as the protocol.
Enter the hostname or IP address.
Set the port (default: 23).
Tap Connect. No identity or credentials are required at connection time — the remote host handles login prompts directly in the terminal.

How It Works

ZestSSH’s Telnet implementation opens a raw TCP socket to the target host and handles the Telnet protocol at a basic level:

TCP Connection — Connects to the specified host and port.
Option Negotiation — Parses incoming IAC (Interpret As Command) sequences. ZestSSH accepts DO NAWS (Negotiate About Window Size) so the remote host receives terminal dimensions, and refuses all other option requests.
Data Stream — Strips Telnet control sequences from the data stream and forwards clean output to the terminal emulator. Escaped IAC bytes (255) are passed through as literal data.
Window Size — When the terminal is resized, ZestSSH sends an updated NAWS sub-negotiation to the remote host.

Configuration

Telnet connections have minimal configuration:

Parameter	Default	Description
Host	(required)	Hostname or IP address
Port	23	Telnet service port

There are no authentication settings at the connection level. Login credentials are entered interactively in the terminal session as prompted by the remote host.

Limitations

No encryption. All traffic is plaintext.
No authentication framework. Login is handled by whatever the remote host presents.
Basic option negotiation only. Advanced Telnet features such as LINEMODE, CHARSET, and ENVIRON are not supported.
No TLS/STARTTLS upgrade support.
Connection-level features like keep-alive, zlib compression, and agent forwarding are SSH-only and do not apply to Telnet.

Troubleshooting

Connection refused

Verify the Telnet service is running on the target host and port.
Many modern servers disable Telnet by default. Check that the service is enabled.

Garbled output

Some legacy devices expect a specific terminal type. ZestSSH uses xterm-256color, which may not be recognized by very old equipment. If output is garbled, check if the device has a terminal type setting and try vt100 or ansi.

The device may require a carriage return to trigger the login prompt. Press Enter after connecting.
Check if the device is configured for a different port than the one you specified.

FAQ

Q: Why does ZestSSH include Telnet if it is insecure? A: Many network engineers need to access legacy equipment (managed switches, UPS units, console servers) that only supports Telnet. ZestSSH provides it as a convenience while clearly warning about the security implications.

Q: Can I use Telnet on a non-standard port? A: Yes. Set the port to any value between 1 and 65535. This is useful for accessing services that listen on custom ports.