You are not logged in.
I've found a netcfg configuration that successfully connects to my university's wireless APs. The problem is that this requires my password to be in plain text, which is problematic for a laptop, especially when the OS drive is external. Is there any way to get netcfg to prompt for the username and/or password when one attempts to use a profile?
Here's a redacted version of the profile.
CONNECTION='wireless'
DESCRIPTION='My university's wireless'
INTERFACE='wlp2s0'
SECURITY='wpa-configsection'
ESSID=<hmmm>
IP='dhcp'
CONFIGSECTION='
ssid="<hmmm>"
key_mgmt=WPA-EAP
eap=PEAP
group=CCMP
pairwise=CCMP
identity="<uhhh...>"
password="<no thank you!>"
priority=1
ca_path="/etc/ssl/certs"
phase2="auth=MSCHAPV2"
'
Edit: solution is to store the NT hash of the password, as Gusar suggested.
Last edited by kinghajj (2013-03-20 03:04:10)
Offline
(e)ssid is eduroam, right?
I don't know a solution, but for now you can ensure that only root can read the file.
chmod 0600 /path/to/file
Offline
Nope, not eduroam. And that solution would only help stop online attacks; it wouldn't stop someone from stealing the drive and accessing its contents.
Offline
you can use the nt4 hash of the password instead of plain text: https://bbs.archlinux.org/viewtopic.php … 2#p1125232
Offline
This is basically why I wrote fipolate. Check the example section on the project page to see how to create an input WPA configuration file, then start with the wireless-wpa-config example profile in /etc/network.d/examples to create your profile. Change the WPA_CONF parameter to the output path you used with fipolate.
My own setup uses a script to set up the file with fipolate before starting the profile. Note that you can save the interpolated file to a plaintext file on a ramdisk with restricted permissions instead of using a fifo. Either way, it's won't be written to the disk and will be gone once the system is off. The only difference is that the fifo output will disappear as soon as fipolate is terminated whereas the ramdisk file will persist until you remove it or reboot.
My Arch Linux Stuff • Forum Etiquette • Community Ethos - Arch is not for everyone
Offline
You can also use psk hashes if you'd prefer. Both netcfg (I believe) and netctl (I know) support it. Man pages are your friends.
All the best,
-HG
Offline
You can also use psk hashes if you'd prefer.
He's not using psk, he's using mschapv2 authentication. So it's either plain text or nt4 hash.
Offline
The profile gets sourced, so you should be able to use bash commands in order to set the password (e.g call systemd-ask-password)
Edit: Sorry, it does not work. The profile gets sourced too often.
Edit: You should consider to use encrypted partitions for your sensitive data including passwords.
Last edited by progandy (2013-03-19 23:27:17)
| alias CUTF='LANG=en_XX.UTF-8@POSIX ' |
Offline
Using the NT hash worked, thanks Gusar!
Offline
HalosGhost wrote:You can also use psk hashes if you'd prefer.
He's not using psk, he's using mschapv2 authentication. So it's either plain text or nt4 hash.
Ahh, good call.
All the best,
-HG
Offline
My netcfg file looks different for some reason, it doesn't have all that CONFIGSECTION stuff, but instead:
CONNECTION='wireless'
DESCRIPTION='Automatically generated profile by wifi-menu'
INTERFACE='wlp5s0'
SECURITY='wpa'
ESSID=networkname
IP='dhcp'
KEY=blablabla
Anyway so I tried to replace KEY=blablabla by KEY=hash:<nthashhere> (without '<' '>' of course) so it looks now similar to
KEY=hash:012345678901234567890123456789ab
where I generated the nthashhere via
echo -n $1 | iconv -t utf16le | openssl md4
but I always get authentication failure. It only works if I use plaintext key.
Now I changed it to SECURITY='wpa-configsection' and added
CONFIGSECTION='
ssid="netname"
psk="blabla"
which works fine with plaintext password. But when I try
psk="hash:...."
I get authentication failure again.
Does hash no longer work/not work with wpa2?
Last edited by Jindur (2013-04-08 08:03:03)
Offline
What's wrong is that you're using PSK, whereas this thread is about MSCHAPv2 authentication. Completely different thing.
To create a PSK hash, use wpa_passphrase.
Offline
oh thanks, works now!
Offline
nvm
Last edited by Jindur (2013-04-08 08:13:44)
Offline