Connecting to WPA2 from command line, without editing a configuration file
Clash Royale CLAN TAG#URR8PPP
up vote
4
down vote
favorite
I am attempting to connect to a WPA2 network with a bash script. The usual approach is something along these lines:
wpa_passphrase SSID PASSWORD > CONFIG_FILE
wpa_supplicant -B -iwlan0 -cCONFIG_FILE -Dwext
However, I do not want the password to persist in a file. Is there a similar approach to configure a WPA2 network without using a configuration file (even if only temporary), similar to how open and WEP networks can be configured with a single command, iwconfig wlan0 essid SSID key s:PASSWORD?
wpa-supplicant
asked Aug 23 at 17:21
Exudes
233
add a comment |Â
up vote
4
down vote
favorite
I am attempting to connect to a WPA2 network with a bash script. The usual approach is something along these lines:
wpa_passphrase SSID PASSWORD > CONFIG_FILE
wpa_supplicant -B -iwlan0 -cCONFIG_FILE -Dwext
However, I do not want the password to persist in a file. Is there a similar approach to configure a WPA2 network without using a configuration file (even if only temporary), similar to how open and WEP networks can be configured with a single command, iwconfig wlan0 essid SSID key s:PASSWORD?
wpa-supplicant
asked Aug 23 at 17:21
Exudes
233
1
would a process substitution as available inbashsuffice? i.e.wpa_supplicant -i <WIFIINTERFACE> -c <(wpa_passphrase <SSID> <PASSPHRASE>)? the config file should only be available brievly via/dev/fd/<fd>?
– humanityANDpeace
Aug 23 at 18:23
add a comment |Â
up vote
4
down vote
favorite
up vote
4
down vote
favorite
I am attempting to connect to a WPA2 network with a bash script. The usual approach is something along these lines:
wpa_passphrase SSID PASSWORD > CONFIG_FILE
wpa_supplicant -B -iwlan0 -cCONFIG_FILE -Dwext
However, I do not want the password to persist in a file. Is there a similar approach to configure a WPA2 network without using a configuration file (even if only temporary), similar to how open and WEP networks can be configured with a single command, iwconfig wlan0 essid SSID key s:PASSWORD?
wpa-supplicant
asked Aug 23 at 17:21
Exudes
233
I am attempting to connect to a WPA2 network with a bash script. The usual approach is something along these lines:
wpa_passphrase SSID PASSWORD > CONFIG_FILE
wpa_supplicant -B -iwlan0 -cCONFIG_FILE -Dwext
However, I do not want the password to persist in a file. Is there a similar approach to configure a WPA2 network without using a configuration file (even if only temporary), similar to how open and WEP networks can be configured with a single command, iwconfig wlan0 essid SSID key s:PASSWORD?
wpa-supplicant
wpa-supplicant
asked Aug 23 at 17:21
Exudes
233
asked Aug 23 at 17:21
Exudes
233
asked Aug 23 at 17:21
Exudes
233
asked Aug 23 at 17:21
Exudes
233
asked Aug 23 at 17:21
Exudes
233
233
1
would a process substitution as available inbashsuffice? i.e.wpa_supplicant -i <WIFIINTERFACE> -c <(wpa_passphrase <SSID> <PASSPHRASE>)? the config file should only be available brievly via/dev/fd/<fd>?
– humanityANDpeace
Aug 23 at 18:23
add a comment |Â
1
would a process substitution as available inbashsuffice? i.e.wpa_supplicant -i <WIFIINTERFACE> -c <(wpa_passphrase <SSID> <PASSPHRASE>)? the config file should only be available brievly via/dev/fd/<fd>?
– humanityANDpeace
Aug 23 at 18:23
1
1
would a process substitution as available in
bash suffice? i.e. wpa_supplicant -i <WIFIINTERFACE> -c <(wpa_passphrase <SSID> <PASSPHRASE>) ? the config file should only be available brievly via /dev/fd/<fd>?– humanityANDpeace
Aug 23 at 18:23
would a process substitution as available in
bash suffice? i.e. wpa_supplicant -i <WIFIINTERFACE> -c <(wpa_passphrase <SSID> <PASSPHRASE>) ? the config file should only be available brievly via /dev/fd/<fd>?– humanityANDpeace
Aug 23 at 18:23
add a comment |Â
1 Answer
1
active
oldest
votes
up vote
2
down vote
accepted
Starting with the ideas already hinted at in my comment I would like to offer an answer. The answer is tested to work in the specific case of using a combination of wpa_supplicant (version v2.6), wpa_passphrase, GNU bash (version 4.4.23), and linux 4.18.
I expect that the solution offered here, with the purpose to avoid some remaining passphrase file to be adoptable in a more general posix way, however i have only tested my arch linux setup available for experimenting.
I have run
strace wpa_supplicant -i <WIFIINTERFACE> -c <(wpa_passphrase <SSID> <PASSPHRASE>) 2>&1 | less
with the actual parameters of my wifi network. And the connection got established. Also browsing the stace I find this:
execve("/usr/bin/wpa_supplicant", ["wpa_supplicant", "-i", "wlp0s29u1u2", "-c", "/dev/fd/63"], 0x7fffc7b0ad10 /* 39 vars */) = 0
[....]
openat(AT_FDCWD, "/dev/fd/63", O_RDONLY) = 3
fstat(3, 0600, st_size=0, ...) = 0
read(3, "network={ntssid="Oscarone"nt#psk"..., 4096) = 116
read(3, "", 4096) = 0
close(3) = 0
socket(AF_NETLINK, SOCK_RAW, NETLINK_ROUTE) = 3
bind(3, sa_family=AF_NETLINK, nl_pid=0, nl_groups=0x000001, 12) = 0
[....]
which should how the process substituion ( the command <(other command) ) thing worked out. It can be seen that wpa_supplicant accessed the pipe at /dev/fd/63 and read the configuration, and then closed it further, after closing the fd 3, the file-descripter is reusing directly for opening a socket.
I douple checked via ls -ialh /proc/<pid of wpa_supplicant>/3 and it reports:571637 lrwx------ 1 root root 64 Aug 23 20:49 3 -> 'socket:[571092]'
meaning that the only temporary accesibility of the passphrase (via the fifo at /dev/fd/53 opened as fd 3 has been indeed closed and now is still the socket as the strace informed about correctly.
It also seems that the information about this way of creating a "file-less" "less-file" command line for wpa_supplicant is discussed in the arch linux wiki ( https://wiki.archlinux.org/index.php/WPA%20supplicant )
I also want to point out the obvious. Since you input the password in the shell make sure that it will not be recorded in the shell history hence do something akin to:
set +o history
wpa_supplicant -i INTERFACE -c <(wpa_passphrase SSID PASSPHRASE) &
set -o history
(as laid out here https://unix.stackexchange.com/a/10923/24394)
answered Aug 23 at 19:10
humanityANDpeace
4,62243350
add a comment |Â
1 Answer
1
active
oldest
votes
1 Answer
1
active
oldest
votes
active
oldest
votes
active
oldest
votes
up vote
2
down vote
accepted
Starting with the ideas already hinted at in my comment I would like to offer an answer. The answer is tested to work in the specific case of using a combination of wpa_supplicant (version v2.6), wpa_passphrase, GNU bash (version 4.4.23), and linux 4.18.
I expect that the solution offered here, with the purpose to avoid some remaining passphrase file to be adoptable in a more general posix way, however i have only tested my arch linux setup available for experimenting.
I have run
strace wpa_supplicant -i <WIFIINTERFACE> -c <(wpa_passphrase <SSID> <PASSPHRASE>) 2>&1 | less
with the actual parameters of my wifi network. And the connection got established. Also browsing the stace I find this:
execve("/usr/bin/wpa_supplicant", ["wpa_supplicant", "-i", "wlp0s29u1u2", "-c", "/dev/fd/63"], 0x7fffc7b0ad10 /* 39 vars */) = 0
[....]
openat(AT_FDCWD, "/dev/fd/63", O_RDONLY) = 3
fstat(3, 0600, st_size=0, ...) = 0
read(3, "network={ntssid="Oscarone"nt#psk"..., 4096) = 116
read(3, "", 4096) = 0
close(3) = 0
socket(AF_NETLINK, SOCK_RAW, NETLINK_ROUTE) = 3
bind(3, sa_family=AF_NETLINK, nl_pid=0, nl_groups=0x000001, 12) = 0
[....]
which should how the process substituion ( the command <(other command) ) thing worked out. It can be seen that wpa_supplicant accessed the pipe at /dev/fd/63 and read the configuration, and then closed it further, after closing the fd 3, the file-descripter is reusing directly for opening a socket.
I douple checked via ls -ialh /proc/<pid of wpa_supplicant>/3 and it reports:571637 lrwx------ 1 root root 64 Aug 23 20:49 3 -> 'socket:[571092]'
meaning that the only temporary accesibility of the passphrase (via the fifo at /dev/fd/53 opened as fd 3 has been indeed closed and now is still the socket as the strace informed about correctly.
It also seems that the information about this way of creating a "file-less" "less-file" command line for wpa_supplicant is discussed in the arch linux wiki ( https://wiki.archlinux.org/index.php/WPA%20supplicant )
I also want to point out the obvious. Since you input the password in the shell make sure that it will not be recorded in the shell history hence do something akin to:
set +o history
wpa_supplicant -i INTERFACE -c <(wpa_passphrase SSID PASSPHRASE) &
set -o history
(as laid out here https://unix.stackexchange.com/a/10923/24394)
answered Aug 23 at 19:10
humanityANDpeace
4,62243350
add a comment |Â
up vote
2
down vote
accepted
Starting with the ideas already hinted at in my comment I would like to offer an answer. The answer is tested to work in the specific case of using a combination of wpa_supplicant (version v2.6), wpa_passphrase, GNU bash (version 4.4.23), and linux 4.18.
I expect that the solution offered here, with the purpose to avoid some remaining passphrase file to be adoptable in a more general posix way, however i have only tested my arch linux setup available for experimenting.
I have run
strace wpa_supplicant -i <WIFIINTERFACE> -c <(wpa_passphrase <SSID> <PASSPHRASE>) 2>&1 | less
with the actual parameters of my wifi network. And the connection got established. Also browsing the stace I find this:
execve("/usr/bin/wpa_supplicant", ["wpa_supplicant", "-i", "wlp0s29u1u2", "-c", "/dev/fd/63"], 0x7fffc7b0ad10 /* 39 vars */) = 0
[....]
openat(AT_FDCWD, "/dev/fd/63", O_RDONLY) = 3
fstat(3, 0600, st_size=0, ...) = 0
read(3, "network={ntssid="Oscarone"nt#psk"..., 4096) = 116
read(3, "", 4096) = 0
close(3) = 0
socket(AF_NETLINK, SOCK_RAW, NETLINK_ROUTE) = 3
bind(3, sa_family=AF_NETLINK, nl_pid=0, nl_groups=0x000001, 12) = 0
[....]
which should how the process substituion ( the command <(other command) ) thing worked out. It can be seen that wpa_supplicant accessed the pipe at /dev/fd/63 and read the configuration, and then closed it further, after closing the fd 3, the file-descripter is reusing directly for opening a socket.
I douple checked via ls -ialh /proc/<pid of wpa_supplicant>/3 and it reports:571637 lrwx------ 1 root root 64 Aug 23 20:49 3 -> 'socket:[571092]'
meaning that the only temporary accesibility of the passphrase (via the fifo at /dev/fd/53 opened as fd 3 has been indeed closed and now is still the socket as the strace informed about correctly.
It also seems that the information about this way of creating a "file-less" "less-file" command line for wpa_supplicant is discussed in the arch linux wiki ( https://wiki.archlinux.org/index.php/WPA%20supplicant )
I also want to point out the obvious. Since you input the password in the shell make sure that it will not be recorded in the shell history hence do something akin to:
set +o history
wpa_supplicant -i INTERFACE -c <(wpa_passphrase SSID PASSPHRASE) &
set -o history
(as laid out here https://unix.stackexchange.com/a/10923/24394)
answered Aug 23 at 19:10
humanityANDpeace
4,62243350
add a comment |Â
up vote
2
down vote
accepted
up vote
2
down vote
accepted
Starting with the ideas already hinted at in my comment I would like to offer an answer. The answer is tested to work in the specific case of using a combination of wpa_supplicant (version v2.6), wpa_passphrase, GNU bash (version 4.4.23), and linux 4.18.
I expect that the solution offered here, with the purpose to avoid some remaining passphrase file to be adoptable in a more general posix way, however i have only tested my arch linux setup available for experimenting.
I have run
strace wpa_supplicant -i <WIFIINTERFACE> -c <(wpa_passphrase <SSID> <PASSPHRASE>) 2>&1 | less
with the actual parameters of my wifi network. And the connection got established. Also browsing the stace I find this:
execve("/usr/bin/wpa_supplicant", ["wpa_supplicant", "-i", "wlp0s29u1u2", "-c", "/dev/fd/63"], 0x7fffc7b0ad10 /* 39 vars */) = 0
[....]
openat(AT_FDCWD, "/dev/fd/63", O_RDONLY) = 3
fstat(3, 0600, st_size=0, ...) = 0
read(3, "network={ntssid="Oscarone"nt#psk"..., 4096) = 116
read(3, "", 4096) = 0
close(3) = 0
socket(AF_NETLINK, SOCK_RAW, NETLINK_ROUTE) = 3
bind(3, sa_family=AF_NETLINK, nl_pid=0, nl_groups=0x000001, 12) = 0
[....]
which should how the process substituion ( the command <(other command) ) thing worked out. It can be seen that wpa_supplicant accessed the pipe at /dev/fd/63 and read the configuration, and then closed it further, after closing the fd 3, the file-descripter is reusing directly for opening a socket.
I douple checked via ls -ialh /proc/<pid of wpa_supplicant>/3 and it reports:571637 lrwx------ 1 root root 64 Aug 23 20:49 3 -> 'socket:[571092]'
meaning that the only temporary accesibility of the passphrase (via the fifo at /dev/fd/53 opened as fd 3 has been indeed closed and now is still the socket as the strace informed about correctly.
It also seems that the information about this way of creating a "file-less" "less-file" command line for wpa_supplicant is discussed in the arch linux wiki ( https://wiki.archlinux.org/index.php/WPA%20supplicant )
I also want to point out the obvious. Since you input the password in the shell make sure that it will not be recorded in the shell history hence do something akin to:
set +o history
wpa_supplicant -i INTERFACE -c <(wpa_passphrase SSID PASSPHRASE) &
set -o history
(as laid out here https://unix.stackexchange.com/a/10923/24394)
answered Aug 23 at 19:10
humanityANDpeace
4,62243350
Starting with the ideas already hinted at in my comment I would like to offer an answer. The answer is tested to work in the specific case of using a combination of wpa_supplicant (version v2.6), wpa_passphrase, GNU bash (version 4.4.23), and linux 4.18.
I expect that the solution offered here, with the purpose to avoid some remaining passphrase file to be adoptable in a more general posix way, however i have only tested my arch linux setup available for experimenting.
I have run
strace wpa_supplicant -i <WIFIINTERFACE> -c <(wpa_passphrase <SSID> <PASSPHRASE>) 2>&1 | less
with the actual parameters of my wifi network. And the connection got established. Also browsing the stace I find this:
execve("/usr/bin/wpa_supplicant", ["wpa_supplicant", "-i", "wlp0s29u1u2", "-c", "/dev/fd/63"], 0x7fffc7b0ad10 /* 39 vars */) = 0
[....]
openat(AT_FDCWD, "/dev/fd/63", O_RDONLY) = 3
fstat(3, 0600, st_size=0, ...) = 0
read(3, "network={ntssid="Oscarone"nt#psk"..., 4096) = 116
read(3, "", 4096) = 0
close(3) = 0
socket(AF_NETLINK, SOCK_RAW, NETLINK_ROUTE) = 3
bind(3, sa_family=AF_NETLINK, nl_pid=0, nl_groups=0x000001, 12) = 0
[....]
which should how the process substituion ( the command <(other command) ) thing worked out. It can be seen that wpa_supplicant accessed the pipe at /dev/fd/63 and read the configuration, and then closed it further, after closing the fd 3, the file-descripter is reusing directly for opening a socket.
I douple checked via ls -ialh /proc/<pid of wpa_supplicant>/3 and it reports:571637 lrwx------ 1 root root 64 Aug 23 20:49 3 -> 'socket:[571092]'
meaning that the only temporary accesibility of the passphrase (via the fifo at /dev/fd/53 opened as fd 3 has been indeed closed and now is still the socket as the strace informed about correctly.
It also seems that the information about this way of creating a "file-less" "less-file" command line for wpa_supplicant is discussed in the arch linux wiki ( https://wiki.archlinux.org/index.php/WPA%20supplicant )
I also want to point out the obvious. Since you input the password in the shell make sure that it will not be recorded in the shell history hence do something akin to:
set +o history
wpa_supplicant -i INTERFACE -c <(wpa_passphrase SSID PASSPHRASE) &
set -o history
(as laid out here https://unix.stackexchange.com/a/10923/24394)
answered Aug 23 at 19:10
humanityANDpeace
4,62243350
edited Aug 23 at 19:24
answered Aug 23 at 19:10
humanityANDpeace
4,62243350
answered Aug 23 at 19:10
humanityANDpeace
4,62243350
answered Aug 23 at 19:10
humanityANDpeace
4,62243350
4,62243350
add a comment |Â
add a comment |Â
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
StackExchange.ready(
function ()
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2funix.stackexchange.com%2fquestions%2f464460%2fconnecting-to-wpa2-from-command-line-without-editing-a-configuration-file%23new-answer', 'question_page');
);
Post as a guest
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
1
would a process substitution as available in
bashsuffice? i.e.wpa_supplicant -i <WIFIINTERFACE> -c <(wpa_passphrase <SSID> <PASSPHRASE>)? the config file should only be available brievly via/dev/fd/<fd>?– humanityANDpeace
Aug 23 at 18:23