Connecting to WPA2 from command line, without editing a configuration file

The name of the pictureThe name of the pictureThe name of the pictureClash Royale CLAN TAG#URR8PPP











up vote
4
down vote

favorite
2












I am attempting to connect to a WPA2 network with a bash script. The usual approach is something along these lines:



wpa_passphrase SSID PASSWORD > CONFIG_FILE
wpa_supplicant -B -iwlan0 -cCONFIG_FILE -Dwext


However, I do not want the password to persist in a file. Is there a similar approach to configure a WPA2 network without using a configuration file (even if only temporary), similar to how open and WEP networks can be configured with a single command, iwconfig wlan0 essid SSID key s:PASSWORD?










share|improve this question

















  • 1




    would a process substitution as available in bash suffice? i.e. wpa_supplicant -i <WIFIINTERFACE> -c <(wpa_passphrase <SSID> <PASSPHRASE>) ? the config file should only be available brievly via /dev/fd/<fd>?
    – humanityANDpeace
    Aug 23 at 18:23














up vote
4
down vote

favorite
2












I am attempting to connect to a WPA2 network with a bash script. The usual approach is something along these lines:



wpa_passphrase SSID PASSWORD > CONFIG_FILE
wpa_supplicant -B -iwlan0 -cCONFIG_FILE -Dwext


However, I do not want the password to persist in a file. Is there a similar approach to configure a WPA2 network without using a configuration file (even if only temporary), similar to how open and WEP networks can be configured with a single command, iwconfig wlan0 essid SSID key s:PASSWORD?










share|improve this question

















  • 1




    would a process substitution as available in bash suffice? i.e. wpa_supplicant -i <WIFIINTERFACE> -c <(wpa_passphrase <SSID> <PASSPHRASE>) ? the config file should only be available brievly via /dev/fd/<fd>?
    – humanityANDpeace
    Aug 23 at 18:23












up vote
4
down vote

favorite
2









up vote
4
down vote

favorite
2






2





I am attempting to connect to a WPA2 network with a bash script. The usual approach is something along these lines:



wpa_passphrase SSID PASSWORD > CONFIG_FILE
wpa_supplicant -B -iwlan0 -cCONFIG_FILE -Dwext


However, I do not want the password to persist in a file. Is there a similar approach to configure a WPA2 network without using a configuration file (even if only temporary), similar to how open and WEP networks can be configured with a single command, iwconfig wlan0 essid SSID key s:PASSWORD?










share|improve this question













I am attempting to connect to a WPA2 network with a bash script. The usual approach is something along these lines:



wpa_passphrase SSID PASSWORD > CONFIG_FILE
wpa_supplicant -B -iwlan0 -cCONFIG_FILE -Dwext


However, I do not want the password to persist in a file. Is there a similar approach to configure a WPA2 network without using a configuration file (even if only temporary), similar to how open and WEP networks can be configured with a single command, iwconfig wlan0 essid SSID key s:PASSWORD?







wpa-supplicant






share|improve this question













share|improve this question











share|improve this question




share|improve this question










asked Aug 23 at 17:21









Exudes

233




233







  • 1




    would a process substitution as available in bash suffice? i.e. wpa_supplicant -i <WIFIINTERFACE> -c <(wpa_passphrase <SSID> <PASSPHRASE>) ? the config file should only be available brievly via /dev/fd/<fd>?
    – humanityANDpeace
    Aug 23 at 18:23












  • 1




    would a process substitution as available in bash suffice? i.e. wpa_supplicant -i <WIFIINTERFACE> -c <(wpa_passphrase <SSID> <PASSPHRASE>) ? the config file should only be available brievly via /dev/fd/<fd>?
    – humanityANDpeace
    Aug 23 at 18:23







1




1




would a process substitution as available in bash suffice? i.e. wpa_supplicant -i <WIFIINTERFACE> -c <(wpa_passphrase <SSID> <PASSPHRASE>) ? the config file should only be available brievly via /dev/fd/<fd>?
– humanityANDpeace
Aug 23 at 18:23




would a process substitution as available in bash suffice? i.e. wpa_supplicant -i <WIFIINTERFACE> -c <(wpa_passphrase <SSID> <PASSPHRASE>) ? the config file should only be available brievly via /dev/fd/<fd>?
– humanityANDpeace
Aug 23 at 18:23










1 Answer
1






active

oldest

votes

















up vote
2
down vote



accepted










Starting with the ideas already hinted at in my comment I would like to offer an answer. The answer is tested to work in the specific case of using a combination of wpa_supplicant (version v2.6), wpa_passphrase, GNU bash (version 4.4.23), and linux 4.18.



I expect that the solution offered here, with the purpose to avoid some remaining passphrase file to be adoptable in a more general posix way, however i have only tested my arch linux setup available for experimenting.



I have run



strace wpa_supplicant -i <WIFIINTERFACE> -c <(wpa_passphrase <SSID> <PASSPHRASE>) 2>&1 | less


with the actual parameters of my wifi network. And the connection got established. Also browsing the stace I find this:



execve("/usr/bin/wpa_supplicant", ["wpa_supplicant", "-i", "wlp0s29u1u2", "-c", "/dev/fd/63"], 0x7fffc7b0ad10 /* 39 vars */) = 0
[....]
openat(AT_FDCWD, "/dev/fd/63", O_RDONLY) = 3
fstat(3, 0600, st_size=0, ...) = 0
read(3, "network={ntssid="Oscarone"nt#psk"..., 4096) = 116
read(3, "", 4096) = 0
close(3) = 0
socket(AF_NETLINK, SOCK_RAW, NETLINK_ROUTE) = 3
bind(3, sa_family=AF_NETLINK, nl_pid=0, nl_groups=0x000001, 12) = 0
[....]


which should how the process substituion ( the command <(other command) ) thing worked out. It can be seen that wpa_supplicant accessed the pipe at /dev/fd/63 and read the configuration, and then closed it further, after closing the fd 3, the file-descripter is reusing directly for opening a socket.



I douple checked via ls -ialh /proc/<pid of wpa_supplicant>/3 and it reports:
571637 lrwx------ 1 root root 64 Aug 23 20:49 3 -> 'socket:[571092]'
meaning that the only temporary accesibility of the passphrase (via the fifo at /dev/fd/53 opened as fd 3 has been indeed closed and now is still the socket as the strace informed about correctly.



It also seems that the information about this way of creating a "file-less" "less-file" command line for wpa_supplicant is discussed in the arch linux wiki ( https://wiki.archlinux.org/index.php/WPA%20supplicant )



I also want to point out the obvious. Since you input the password in the shell make sure that it will not be recorded in the shell history hence do something akin to:



set +o history
wpa_supplicant -i INTERFACE -c <(wpa_passphrase SSID PASSPHRASE) &
set -o history


(as laid out here https://unix.stackexchange.com/a/10923/24394)






share|improve this answer






















    Your Answer







    StackExchange.ready(function()
    var channelOptions =
    tags: "".split(" "),
    id: "106"
    ;
    initTagRenderer("".split(" "), "".split(" "), channelOptions);

    StackExchange.using("externalEditor", function()
    // Have to fire editor after snippets, if snippets enabled
    if (StackExchange.settings.snippets.snippetsEnabled)
    StackExchange.using("snippets", function()
    createEditor();
    );

    else
    createEditor();

    );

    function createEditor()
    StackExchange.prepareEditor(
    heartbeatType: 'answer',
    convertImagesToLinks: false,
    noModals: false,
    showLowRepImageUploadWarning: true,
    reputationToPostImages: null,
    bindNavPrevention: true,
    postfix: "",
    onDemand: true,
    discardSelector: ".discard-answer"
    ,immediatelyShowMarkdownHelp:true
    );



    );













     

    draft saved


    draft discarded


















    StackExchange.ready(
    function ()
    StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2funix.stackexchange.com%2fquestions%2f464460%2fconnecting-to-wpa2-from-command-line-without-editing-a-configuration-file%23new-answer', 'question_page');

    );

    Post as a guest






























    1 Answer
    1






    active

    oldest

    votes








    1 Answer
    1






    active

    oldest

    votes









    active

    oldest

    votes






    active

    oldest

    votes








    up vote
    2
    down vote



    accepted










    Starting with the ideas already hinted at in my comment I would like to offer an answer. The answer is tested to work in the specific case of using a combination of wpa_supplicant (version v2.6), wpa_passphrase, GNU bash (version 4.4.23), and linux 4.18.



    I expect that the solution offered here, with the purpose to avoid some remaining passphrase file to be adoptable in a more general posix way, however i have only tested my arch linux setup available for experimenting.



    I have run



    strace wpa_supplicant -i <WIFIINTERFACE> -c <(wpa_passphrase <SSID> <PASSPHRASE>) 2>&1 | less


    with the actual parameters of my wifi network. And the connection got established. Also browsing the stace I find this:



    execve("/usr/bin/wpa_supplicant", ["wpa_supplicant", "-i", "wlp0s29u1u2", "-c", "/dev/fd/63"], 0x7fffc7b0ad10 /* 39 vars */) = 0
    [....]
    openat(AT_FDCWD, "/dev/fd/63", O_RDONLY) = 3
    fstat(3, 0600, st_size=0, ...) = 0
    read(3, "network={ntssid="Oscarone"nt#psk"..., 4096) = 116
    read(3, "", 4096) = 0
    close(3) = 0
    socket(AF_NETLINK, SOCK_RAW, NETLINK_ROUTE) = 3
    bind(3, sa_family=AF_NETLINK, nl_pid=0, nl_groups=0x000001, 12) = 0
    [....]


    which should how the process substituion ( the command <(other command) ) thing worked out. It can be seen that wpa_supplicant accessed the pipe at /dev/fd/63 and read the configuration, and then closed it further, after closing the fd 3, the file-descripter is reusing directly for opening a socket.



    I douple checked via ls -ialh /proc/<pid of wpa_supplicant>/3 and it reports:
    571637 lrwx------ 1 root root 64 Aug 23 20:49 3 -> 'socket:[571092]'
    meaning that the only temporary accesibility of the passphrase (via the fifo at /dev/fd/53 opened as fd 3 has been indeed closed and now is still the socket as the strace informed about correctly.



    It also seems that the information about this way of creating a "file-less" "less-file" command line for wpa_supplicant is discussed in the arch linux wiki ( https://wiki.archlinux.org/index.php/WPA%20supplicant )



    I also want to point out the obvious. Since you input the password in the shell make sure that it will not be recorded in the shell history hence do something akin to:



    set +o history
    wpa_supplicant -i INTERFACE -c <(wpa_passphrase SSID PASSPHRASE) &
    set -o history


    (as laid out here https://unix.stackexchange.com/a/10923/24394)






    share|improve this answer


























      up vote
      2
      down vote



      accepted










      Starting with the ideas already hinted at in my comment I would like to offer an answer. The answer is tested to work in the specific case of using a combination of wpa_supplicant (version v2.6), wpa_passphrase, GNU bash (version 4.4.23), and linux 4.18.



      I expect that the solution offered here, with the purpose to avoid some remaining passphrase file to be adoptable in a more general posix way, however i have only tested my arch linux setup available for experimenting.



      I have run



      strace wpa_supplicant -i <WIFIINTERFACE> -c <(wpa_passphrase <SSID> <PASSPHRASE>) 2>&1 | less


      with the actual parameters of my wifi network. And the connection got established. Also browsing the stace I find this:



      execve("/usr/bin/wpa_supplicant", ["wpa_supplicant", "-i", "wlp0s29u1u2", "-c", "/dev/fd/63"], 0x7fffc7b0ad10 /* 39 vars */) = 0
      [....]
      openat(AT_FDCWD, "/dev/fd/63", O_RDONLY) = 3
      fstat(3, 0600, st_size=0, ...) = 0
      read(3, "network={ntssid="Oscarone"nt#psk"..., 4096) = 116
      read(3, "", 4096) = 0
      close(3) = 0
      socket(AF_NETLINK, SOCK_RAW, NETLINK_ROUTE) = 3
      bind(3, sa_family=AF_NETLINK, nl_pid=0, nl_groups=0x000001, 12) = 0
      [....]


      which should how the process substituion ( the command <(other command) ) thing worked out. It can be seen that wpa_supplicant accessed the pipe at /dev/fd/63 and read the configuration, and then closed it further, after closing the fd 3, the file-descripter is reusing directly for opening a socket.



      I douple checked via ls -ialh /proc/<pid of wpa_supplicant>/3 and it reports:
      571637 lrwx------ 1 root root 64 Aug 23 20:49 3 -> 'socket:[571092]'
      meaning that the only temporary accesibility of the passphrase (via the fifo at /dev/fd/53 opened as fd 3 has been indeed closed and now is still the socket as the strace informed about correctly.



      It also seems that the information about this way of creating a "file-less" "less-file" command line for wpa_supplicant is discussed in the arch linux wiki ( https://wiki.archlinux.org/index.php/WPA%20supplicant )



      I also want to point out the obvious. Since you input the password in the shell make sure that it will not be recorded in the shell history hence do something akin to:



      set +o history
      wpa_supplicant -i INTERFACE -c <(wpa_passphrase SSID PASSPHRASE) &
      set -o history


      (as laid out here https://unix.stackexchange.com/a/10923/24394)






      share|improve this answer
























        up vote
        2
        down vote



        accepted







        up vote
        2
        down vote



        accepted






        Starting with the ideas already hinted at in my comment I would like to offer an answer. The answer is tested to work in the specific case of using a combination of wpa_supplicant (version v2.6), wpa_passphrase, GNU bash (version 4.4.23), and linux 4.18.



        I expect that the solution offered here, with the purpose to avoid some remaining passphrase file to be adoptable in a more general posix way, however i have only tested my arch linux setup available for experimenting.



        I have run



        strace wpa_supplicant -i <WIFIINTERFACE> -c <(wpa_passphrase <SSID> <PASSPHRASE>) 2>&1 | less


        with the actual parameters of my wifi network. And the connection got established. Also browsing the stace I find this:



        execve("/usr/bin/wpa_supplicant", ["wpa_supplicant", "-i", "wlp0s29u1u2", "-c", "/dev/fd/63"], 0x7fffc7b0ad10 /* 39 vars */) = 0
        [....]
        openat(AT_FDCWD, "/dev/fd/63", O_RDONLY) = 3
        fstat(3, 0600, st_size=0, ...) = 0
        read(3, "network={ntssid="Oscarone"nt#psk"..., 4096) = 116
        read(3, "", 4096) = 0
        close(3) = 0
        socket(AF_NETLINK, SOCK_RAW, NETLINK_ROUTE) = 3
        bind(3, sa_family=AF_NETLINK, nl_pid=0, nl_groups=0x000001, 12) = 0
        [....]


        which should how the process substituion ( the command <(other command) ) thing worked out. It can be seen that wpa_supplicant accessed the pipe at /dev/fd/63 and read the configuration, and then closed it further, after closing the fd 3, the file-descripter is reusing directly for opening a socket.



        I douple checked via ls -ialh /proc/<pid of wpa_supplicant>/3 and it reports:
        571637 lrwx------ 1 root root 64 Aug 23 20:49 3 -> 'socket:[571092]'
        meaning that the only temporary accesibility of the passphrase (via the fifo at /dev/fd/53 opened as fd 3 has been indeed closed and now is still the socket as the strace informed about correctly.



        It also seems that the information about this way of creating a "file-less" "less-file" command line for wpa_supplicant is discussed in the arch linux wiki ( https://wiki.archlinux.org/index.php/WPA%20supplicant )



        I also want to point out the obvious. Since you input the password in the shell make sure that it will not be recorded in the shell history hence do something akin to:



        set +o history
        wpa_supplicant -i INTERFACE -c <(wpa_passphrase SSID PASSPHRASE) &
        set -o history


        (as laid out here https://unix.stackexchange.com/a/10923/24394)






        share|improve this answer














        Starting with the ideas already hinted at in my comment I would like to offer an answer. The answer is tested to work in the specific case of using a combination of wpa_supplicant (version v2.6), wpa_passphrase, GNU bash (version 4.4.23), and linux 4.18.



        I expect that the solution offered here, with the purpose to avoid some remaining passphrase file to be adoptable in a more general posix way, however i have only tested my arch linux setup available for experimenting.



        I have run



        strace wpa_supplicant -i <WIFIINTERFACE> -c <(wpa_passphrase <SSID> <PASSPHRASE>) 2>&1 | less


        with the actual parameters of my wifi network. And the connection got established. Also browsing the stace I find this:



        execve("/usr/bin/wpa_supplicant", ["wpa_supplicant", "-i", "wlp0s29u1u2", "-c", "/dev/fd/63"], 0x7fffc7b0ad10 /* 39 vars */) = 0
        [....]
        openat(AT_FDCWD, "/dev/fd/63", O_RDONLY) = 3
        fstat(3, 0600, st_size=0, ...) = 0
        read(3, "network={ntssid="Oscarone"nt#psk"..., 4096) = 116
        read(3, "", 4096) = 0
        close(3) = 0
        socket(AF_NETLINK, SOCK_RAW, NETLINK_ROUTE) = 3
        bind(3, sa_family=AF_NETLINK, nl_pid=0, nl_groups=0x000001, 12) = 0
        [....]


        which should how the process substituion ( the command <(other command) ) thing worked out. It can be seen that wpa_supplicant accessed the pipe at /dev/fd/63 and read the configuration, and then closed it further, after closing the fd 3, the file-descripter is reusing directly for opening a socket.



        I douple checked via ls -ialh /proc/<pid of wpa_supplicant>/3 and it reports:
        571637 lrwx------ 1 root root 64 Aug 23 20:49 3 -> 'socket:[571092]'
        meaning that the only temporary accesibility of the passphrase (via the fifo at /dev/fd/53 opened as fd 3 has been indeed closed and now is still the socket as the strace informed about correctly.



        It also seems that the information about this way of creating a "file-less" "less-file" command line for wpa_supplicant is discussed in the arch linux wiki ( https://wiki.archlinux.org/index.php/WPA%20supplicant )



        I also want to point out the obvious. Since you input the password in the shell make sure that it will not be recorded in the shell history hence do something akin to:



        set +o history
        wpa_supplicant -i INTERFACE -c <(wpa_passphrase SSID PASSPHRASE) &
        set -o history


        (as laid out here https://unix.stackexchange.com/a/10923/24394)







        share|improve this answer














        share|improve this answer



        share|improve this answer








        edited Aug 23 at 19:24

























        answered Aug 23 at 19:10









        humanityANDpeace

        4,62243350




        4,62243350



























             

            draft saved


            draft discarded















































             


            draft saved


            draft discarded














            StackExchange.ready(
            function ()
            StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2funix.stackexchange.com%2fquestions%2f464460%2fconnecting-to-wpa2-from-command-line-without-editing-a-configuration-file%23new-answer', 'question_page');

            );

            Post as a guest













































































            Popular posts from this blog

            How to check contact read email or not when send email to Individual?

            Displaying single band from multi-band raster using QGIS

            How many registers does an x86_64 CPU actually have?