The Command Line
Find your wireless interface and bring it up:
# ip a # iwconfig # ip link set wlan0 up
Scan for available networks and get network details:
$ su # iwlist scan
/etc/network/interfaces. The required configuration is much dependent on your particular setup. See the following example to get an idea of how it works:
# my wifi device auto wlan0 iface wlan0 inet dhcp wireless-essid [ESSID] wireless-mode [MODE]
For further information on available configuration options, see
man wireless and
You can now bring your interface up and down with the usual
ifdown commands. If you added
auto wlan0 as in the example above, the interface should be brought up automatically during boot up.
wpa_supplicant is a WPA client and IEEE 802.1X supplicant.
The wpasupplicant package provides
wpa-* ifupdown options for
/etc/network/interfaces. If these options are specified, wpa_supplicant is started in the background when your wireless interface is raised and stopped when brought down.
- GNOME and KDE users shouldn’t configure wpa_supplicant manually. Use NetworkManager as explained above.
Before continuing, install the wpasupplicant package:
$ su # aptitude update # aptitude install wpasupplicant
WPA-PSK and WPA2-PSK
Also known as “WPA Personal” and “WPA2 Personal” respectively.
Restrict the permissions of
/etc/network/interfaces, to prevent pre-shared key (PSK) disclosure (alternatively use a separate config file such as
/etc/network/interfaces.d/wlan0on newer Debian versions):
Use the WPA passphrase to calculate the correct WPA PSK hash for your SSID by altering the following example:
If you don't put the passphrase on the command line, it will be prompted for. The above command gives the output:you'll need to copy from "psk=" to the end of the line, to put in your
/etc/network/interfacesin a text editor:
Define appropriate stanzas for your wireless interface, along with the SSID and PSK HASH. For example:The "auto" stanza will bring your interface up at system startup. If not desired, remove or comment this line.
- Save the file and exit the editor.
Bring your interface up. This will start wpa_supplicant as a background process.
wpa-* options are described within
/usr/share/doc/wpasupplicant/README.modes.gz. This should also be read if connecting to a network not broadcasting its SSID.
/etc/network/interfaces information, see the interfaces(5) man page.
For networks using EAP-TLS, you are required to establish a wpa_supplicant configuration file and provide the client-side certificate. An example WPA2-EAP configuration file can be found at /usr/share/doc/wpasupplicant/examples/wpa2-eap-ccmp.conf.
Once available, reference your configuration file in
/etc/network/interfaces. For example:
auto wlan0 iface wlan0 inet dhcp wpa-conf /etc/wpa_supplicant/wpa_supplicant.conf
More information can be found in the wpa_supplicant.conf(5) man page. A fully-commented wpa_supplicant configuration file example is at
To switch between multiple distinct configurations:
GNOME users should use "Menu System > Administration > Network". (n.b. this doesn't work in etch)
- Console users can
Every member of a network can listen to other members' traffic (whether it's an unencrypted public hot-spot, or a WEP/WPA/WPA2, or LAN). Use SSL/TLS protocols (HTTPS, IMAPS...) or VPN to preserve your privacy.
- WEP is so insecure that it is basically equivalent to not using any encryption at all.
WPA1 is deprecated. Use WPA2 instead.
Make sure you use a strong pass-phrase.
Network security, see: http://www.aircrack-ng.org/doku.php?id=tutorial.