Sep 04 2009

Configure WPA on Linux Howto

Published by at 10:32 pm under Linux,Security

WPA encryption is not much hassle to set up and is way more secure than WEP if you use a strong pre-shared key.
First off, we’ve got a wifi interface that can be displayed with iwconfig (from the wireless tools):

[root@db ~]# iwconfig
lo        no wireless extensions.

eth0      no wireless extensions.

ath0      IEEE 802.11g  ESSID:""
          Mode:Managed  Frequency:2.412 GHz  Access Point: Not-Associated
          Bit Rate:0 kb/s   Tx-Power:13 dBm   Sensitivity=1/1
          Retry:off   RTS thr:off   Fragment thr:off
          Encryption key:off
          Power Management:off
          Link Quality=0/70  Signal level=-95 dBm  Noise level=-95 dBm
          Rx invalid nwid:0  Rx invalid crypt:0  Rx invalid frag:0
          Tx excessive retries:0  Invalid misc:0   Missed beacon:0

If the interface doesn’t show up, install drivers first, or check the logs to make sure the card has been detected.

wpa_supplicant Configuration File

Install required package wpa_supplicant. This is all you need and it’s provided with most Linux distributions.
If not, you can also download the latest source code from and compile it.
Once installed, generate your hex passphrase

WPA_Linux# wpa_passphrase myssid mypassphrase

Edit /etc/wpa_supplicant/wpa_supplicant.conf (Redhat/Fedora) or create it (Debian/Ubuntu) adding these settings.
The line #psk… commented out can be removed once it works for more security.

Associate with Access Point

Connect manually to check everthing’s fine:

WPA_linux# wpa_supplicant -iath0 -c /etc/wpa_supplicant/wpa_supplicant.conf
Associated with 00:00:00:00:00:00
CTRL-EVENT-DISCONNECTED - Disconnect event - remove keys
Trying to associate with 00:a0:c5:ff:84:72 (SSID='myssid' freq=2412 MHz)
Associated with 00:a0:c5:ff:84:72

Note you may have to specify the driver with -D option.

Configure startup files

On Redhat/Fedora, configure /etc/sysconfig/network-scripts/ifcfg-ath0 (replace ath0 with your own interface name of course) as you would for any classic interface and /etc/sysconfig/wpa_supplicant according to your settings


Then restart the service:

/etc/init.d/wpa_supplicant restart

On Debian/Ubuntu, edit /etc/network/interfaces and add

auto ath0
        iface ath0 inet dhcp
        pre-up wpa_supplicant -iath0 -c/etc/wpa_supplicant/wpa_supplicant.conf -B
        post-down killall wpa_supplicant

And reenable the wireless interface or reboot

ifdown ath0
ifup ath0


No responses yet

Comments RSS

Leave a Reply