Connect to wireless network via command line 2/2

Categories:  Linux
Labels:  terminal, internet, command, wifi

The Command Line

Find your wireless interface and bring it up:

 # ip a
 # iwconfig
 # ip link set wlan0 up

Scan for available networks and get network details:

 $ su
 # iwlist scan

Now edit /etc/network/interfaces. The required configuration is much dependent on your particular setup. See the following example to get an idea of how it works:

# my wifi device
auto wlan0
iface wlan0 inet dhcp
 wireless-essid [ESSID]
 wireless-mode [MODE] 

For further information on available configuration options, see man interfaces, man wireless and /usr/share/doc/wireless-tools/README.Debian.

You can now bring your interface up and down with the usual ifup and ifdown commands. If you added auto wlan0 as in the example above, the interface should be brought up automatically during boot up.


wpa_supplicant is a WPA client and IEEE 802.1X supplicant.

The wpasupplicant package provides wpa-* ifupdown options for /etc/network/interfaces. If these options are specified, wpa_supplicant is started in the background when your wireless interface is raised and stopped when brought down.

  • GNOME and KDE users shouldn’t configure wpa_supplicant manually. Use NetworkManager as explained above.

Before continuing, install the wpasupplicant package:

$ su
# aptitude update
# aptitude install wpasupplicant


Also known as “WPA Personal” and “WPA2 Personal” respectively.

  1. Restrict the permissions of /etc/network/interfaces, to prevent pre-shared key (PSK) disclosure (alternatively use a separate config file such as /etc/network/interfaces.d/wlan0 on newer Debian versions):

    # chmod 0600 /etc/network/interfaces
  2. Use the WPA passphrase to calculate the correct WPA PSK hash for your SSID by altering the following example:

    $ wpa_passphrase myssid my_very_secret_passphrase

    If you don't put the passphrase on the command line, it will be prompted for. The above command gives the output:

    you'll need to copy from "psk=" to the end of the line, to put in your /etc/network/interfaces file.
  3. Open /etc/network/interfaces in a text editor:

    # sensible-editor /etc/network/interfaces
  4. Define appropriate stanzas for your wireless interface, along with the SSID and PSK HASH. For example:

    auto wlan0
    iface wlan0 inet dhcp
     wpa-ssid myssid
     wpa-psk ccb290fd4fe6b22935cbae31449e050edd02ad44627b16ce0151668f5f53c01b
    The "auto" stanza will bring your interface up at system startup. If not desired, remove or comment this line.
  5. Save the file and exit the editor.
  6. Bring your interface up. This will start wpa_supplicant as a background process.

    # ifup wlan0

Additional wpa-* options are described within /usr/share/doc/wpasupplicant/README.modes.gz. This should also be read if connecting to a network not broadcasting its SSID.

For general /etc/network/interfaces information, see the interfaces(5) man page.


For networks using EAP-TLS, you are required to establish a wpa_supplicant configuration file and provide the client-side certificate. An example WPA2-EAP configuration file can be found at /usr/share/doc/wpasupplicant/examples/wpa2-eap-ccmp.conf.

Once available, reference your configuration file in /etc/network/interfaces. For example:

auto wlan0
iface wlan0 inet dhcp
 wpa-conf /etc/wpa_supplicant/wpa_supplicant.conf

More information can be found in the wpa_supplicant.conf(5) man page. A fully-commented wpa_supplicant configuration file example is at /usr/share/doc/wpasupplicant/README.wpa_supplicant.conf.gz.

Switching Connections

To switch between multiple distinct configurations:

  • GNOME users should use "Menu System > Administration > Network". (n.b. this doesn't work in etch)

  • Console users can

Security consideration

  1. Every member of a network can listen to other members' traffic (whether it's an unencrypted public hot-spot, or a WEP/WPA/WPA2, or LAN). Use SSL/TLS protocols (HTTPS, IMAPS...) or VPN to preserve your privacy.

  2. WEP is so insecure that it is basically equivalent to not using any encryption at all.
  3. WPA1 is deprecated. Use WPA2 instead.

  4. Make sure you use a strong pass-phrase.

Network security, see:

Social Profiles


This web accept cryptocoin donations
BTC address, LTC, ETH, Uphold:
Why donations?