Where are WiFi passwords (WPA keys) stored?

classic Classic list List threaded Threaded
14 messages Options
Reply | Threaded
Open this post in threaded view
|

Where are WiFi passwords (WPA keys) stored?

Robert Latest
Not in /etc/wpa_supplicant/wpa_supplicant.conf, despite suggestions in
every bit of documentation that I got my hands on. In fact, that file
doesn't even exist on my jessie system. Nevertheless, when I
configured the WiFi network using some GUI tool in the XFCE desktop,
it worked. Even after a reboot, with no desktop running, I could ssh
into the system via WiFi.

So there must be a place, somewhere, where the WiFi passowrd ist
stored, outside the realm of some specific user. Where is it?

BTW, I did find a wpa_supplicant.conf file in some deep subdir of
/etc/dbus-1/... (I'm not at that computer at the moment). But that is
in some XML format that has nothing to do with the syntax described in
the wpa_supplicant.conf man page, and my WPA key doesn't seem to be in
there.

Thanks!

Reply | Threaded
Open this post in threaded view
|

Re: Where are WiFi passwords (WPA keys) stored?

Ben Finney-3
Robert Latest <[hidden email]> writes:

> […] when I configured the WiFi network using some GUI tool in the XFCE
> desktop,

You'll need to be more specific than that :-) Exactly which tool did you
use?

> So there must be a place, somewhere, where the WiFi passowrd ist
> stored, outside the realm of some specific user. Where is it?

That will depend on what version of Debian, and which tool you used.


The most likely answer is: You used the GNOME tool that interacts with
NetworkManager <URL:https://wiki.gnome.org/Projects/NetworkManager>, but
that could be wrong. Please tell us the details so we can know better
what your system is doing.

--
 \      “I went to a garage sale. ‘How much for the garage?’ ‘It's not |
  `\                                        for sale.’” —Steven Wright |
_o__)                                                                  |
Ben Finney

Reply | Threaded
Open this post in threaded view
|

Re: Where are WiFi passwords (WPA keys) stored?

Yvan Masson-3
In reply to this post by Robert Latest
Hi,

Le mardi 06 décembre 2016 à 09:04 +0100, Robert Latest a écrit :

> Not in /etc/wpa_supplicant/wpa_supplicant.conf, despite suggestions
> in
> every bit of documentation that I got my hands on. In fact, that file
> doesn't even exist on my jessie system. Nevertheless, when I
> configured the WiFi network using some GUI tool in the XFCE desktop,
> it worked. Even after a reboot, with no desktop running, I could ssh
> into the system via WiFi.
>
> So there must be a place, somewhere, where the WiFi passowrd ist
> stored, outside the realm of some specific user. Where is it?
>
> BTW, I did find a wpa_supplicant.conf file in some deep subdir of
> /etc/dbus-1/... (I'm not at that computer at the moment). But that is
> in some XML format that has nothing to do with the syntax described
> in
> the wpa_supplicant.conf man page, and my WPA key doesn't seem to be
> in
> there.
I am almost sure that installing a XFCE desktop also installs
NetworkManager to handle connections.

NetwokManager runs as a system service, uses wpasupplicant to connect
to WiFi, and offers a sytem tray applet (nm-applet), a GUI (nm-
connection-editor), a CLI (nmcli) and a TUI (Text User Interface -
nmtui).

Networks' configurations, including WiFi password, are stored in
/etc/NetworkManager/system-connections/<config name or SSID>, and are
readable by root.

Regards,
Yvan

signature.asc (849 bytes) Download Attachment
Reply | Threaded
Open this post in threaded view
|

Re: Where are WiFi passwords (WPA keys) stored?

Christian Seiler
In reply to this post by Robert Latest
On 12/06/2016 09:04 AM, Robert Latest wrote:
> Not in /etc/wpa_supplicant/wpa_supplicant.conf, despite suggestions in
> every bit of documentation that I got my hands on. In fact, that file
> doesn't even exist on my jessie system. Nevertheless, when I
> configured the WiFi network using some GUI tool in the XFCE desktop,
> it worked.

Disclaimer: I'm not a user of XFCE, so if that does something
really weird, this may not apply.

However, most graphical tools interface with NetworkManager, and
that stores its configuration in /etc/NetworkManager.

You'll likely find your password stored in
/etc/NetworkManager/system-connections/$SSID
(file only readable/writable as root; also please don't modify it
while NetworkManager is running, it will overwrite it without
warning; modifying it when NetworkManager is stopped is fine
though)

where you replace $SSID with the SSID of your WiFi.

On some desktops (e.g. GNOME) the Password can be stored in the
personal user's keyring/wallet/password manager instead, but
then you need to be logged in for NetworkManager to have access
to the password - which is not true in your case because you
mentioned:

> Even after a reboot, with no desktop running, I could ssh
> into the system via WiFi.

So that means that NetworkManager has the password stored
directly.

Note that when using NetworkManager, it configures its own
instance of wpa_supplicant, so you should never touch a
configuration file for wpa_supplicant yourself in this kind of
setup.

(You could of course stop using NetworkManager and configure
wpa_supplicant manually, but I really wouldn't recommend that;
I don't think wpa_supplicant is designed in a way that makes
direct end-user usage easy - there's a reason why NetworkManager
exists instead of desktop environments communicating directly
with wpa_supplicant.)

> BTW, I did find a wpa_supplicant.conf file in some deep subdir of
> /etc/dbus-1/...

That's just the DBus policy, that doesn't configure how
wpa_supplicant reacts, but only how the DBus daemon handles
the access policy for wpa_supplicant. (DBus is a communication
bus used on Linux and other systems; most desktop envirnoments,
including XFCE, use it internally for some things.) Unless you
know what you're doing, I wouldn't touch that, otherwise you
could end up stopping NetworkManager from communicating with
wpa_supplicant and then your WiFi could stop working altogether.

Regards,
Christian

Reply | Threaded
Open this post in threaded view
|

Re: Where are WiFi passwords (WPA keys) stored?

Mart van de Wege
In reply to this post by Robert Latest
Robert Latest <[hidden email]> writes:

> Not in /etc/wpa_supplicant/wpa_supplicant.conf, despite suggestions in
> every bit of documentation that I got my hands on. In fact, that file
> doesn't even exist on my jessie system. Nevertheless, when I
> configured the WiFi network using some GUI tool in the XFCE desktop,
> it worked. Even after a reboot, with no desktop running, I could ssh
> into the system via WiFi.
>
> So there must be a place, somewhere, where the WiFi passowrd ist
> stored, outside the realm of some specific user. Where is it?
>
Assuming you're running Network-Manager, you can find the individual
connections defined in /etc/NetworkManager/system-connections, with each
connection having a psk= attribute line with the psk.

Note that these files are only root-accessible.

Mart

--
"We will need a longer wall when the revolution comes."
    --- AJS, quoting an uncertain source.

Reply | Threaded
Open this post in threaded view
|

Re: Where are WiFi passwords (WPA keys) stored?

Robert Latest
In reply to this post by Christian Seiler
Hi Christian (and everybody else),

thanks for all the helpful answers. NetworkManager was what I was
looking for. I was just not aware of any additional layer on top of
wpa-supplicant.

robert


On Tue, Dec 6, 2016 at 11:14 AM, Christian Seiler <[hidden email]> wrote:

> On 12/06/2016 09:04 AM, Robert Latest wrote:
>> Not in /etc/wpa_supplicant/wpa_supplicant.conf, despite suggestions in
>> every bit of documentation that I got my hands on. In fact, that file
>> doesn't even exist on my jessie system. Nevertheless, when I
>> configured the WiFi network using some GUI tool in the XFCE desktop,
>> it worked.
>
> Disclaimer: I'm not a user of XFCE, so if that does something
> really weird, this may not apply.
>
> However, most graphical tools interface with NetworkManager, and
> that stores its configuration in /etc/NetworkManager.
>
> You'll likely find your password stored in
> /etc/NetworkManager/system-connections/$SSID
> (file only readable/writable as root; also please don't modify it
> while NetworkManager is running, it will overwrite it without
> warning; modifying it when NetworkManager is stopped is fine
> though)
>
> where you replace $SSID with the SSID of your WiFi.
>
> On some desktops (e.g. GNOME) the Password can be stored in the
> personal user's keyring/wallet/password manager instead, but
> then you need to be logged in for NetworkManager to have access
> to the password - which is not true in your case because you
> mentioned:
>
>> Even after a reboot, with no desktop running, I could ssh
>> into the system via WiFi.
>
> So that means that NetworkManager has the password stored
> directly.
>
> Note that when using NetworkManager, it configures its own
> instance of wpa_supplicant, so you should never touch a
> configuration file for wpa_supplicant yourself in this kind of
> setup.
>
> (You could of course stop using NetworkManager and configure
> wpa_supplicant manually, but I really wouldn't recommend that;
> I don't think wpa_supplicant is designed in a way that makes
> direct end-user usage easy - there's a reason why NetworkManager
> exists instead of desktop environments communicating directly
> with wpa_supplicant.)
>
>> BTW, I did find a wpa_supplicant.conf file in some deep subdir of
>> /etc/dbus-1/...
>
> That's just the DBus policy, that doesn't configure how
> wpa_supplicant reacts, but only how the DBus daemon handles
> the access policy for wpa_supplicant. (DBus is a communication
> bus used on Linux and other systems; most desktop envirnoments,
> including XFCE, use it internally for some things.) Unless you
> know what you're doing, I wouldn't touch that, otherwise you
> could end up stopping NetworkManager from communicating with
> wpa_supplicant and then your WiFi could stop working altogether.
>
> Regards,
> Christian

Reply | Threaded
Open this post in threaded view
|

Re: Where are WiFi passwords (WPA keys) stored?

celejar
In reply to this post by Robert Latest
On Tue, 6 Dec 2016 09:04:08 +0100
Robert Latest <[hidden email]> wrote:

> Not in /etc/wpa_supplicant/wpa_supplicant.conf, despite suggestions in
> every bit of documentation that I got my hands on. In fact, that file
> doesn't even exist on my jessie system. Nevertheless, when I
> configured the WiFi network using some GUI tool in the XFCE desktop,
> it worked. Even after a reboot, with no desktop running, I could ssh
> into the system via WiFi.
>
> So there must be a place, somewhere, where the WiFi passowrd ist
> stored, outside the realm of some specific user. Where is it?

No idea about the GUI tool that you used, but I use Xfce and manage my
WiFi manually with ifupdown - /etc/network/interfaces. My WiFi keys are
stored in e/n/i.

Celejar

Reply | Threaded
Open this post in threaded view
|

Re: Where are WiFi passwords (WPA keys) stored?

celejar
In reply to this post by Yvan Masson-3
On Tue, 06 Dec 2016 11:12:45 +0100
Yvan Masson <[hidden email]> wrote:

...

> I am almost sure that installing a XFCE desktop also installs
> NetworkManager to handle connections.

I use (much / most of) Xfce without NM. I just looked at what would
happen if I selected the xfce4 metapackage for installation, and NM
still will not get installed, and doesn't even show up in aptitude as
recommended or suggested.

Celejar

Reply | Threaded
Open this post in threaded view
|

Re: Where are WiFi passwords (WPA keys) stored?

Brian
On Tue 06 Dec 2016 at 12:44:19 -0500, Celejar wrote:

> On Tue, 06 Dec 2016 11:12:45 +0100
> Yvan Masson <[hidden email]> wrote:
>
> ...
>
> > I am almost sure that installing a XFCE desktop also installs
> > NetworkManager to handle connections.
>
> I use (much / most of) Xfce without NM. I just looked at what would
> happen if I selected the xfce4 metapackage for installation, and NM
> still will not get installed, and doesn't even show up in aptitude as
> recommended or suggested.

Try installing task-xfce4-desktop. This is what d-i does. (But you
are correct. Installing xfce4 does not install network-manager).

--
Brian.

Reply | Threaded
Open this post in threaded view
|

Re: Where are WiFi passwords (WPA keys) stored?

Teemu Likonen-2
In reply to this post by celejar
[hidden email] [2016-12-06 12:44:19-05] wrote:

> I just looked at what would happen if I selected the xfce4 metapackage
> for installation, and NM still will not get installed, and doesn't
> even show up in aptitude as recommended or suggested.

Task named task-xfce-desktop has network-manager-gnome package in its
"recommends" list. Network Manager is the default way of configuring
network for desktop Linux systems.

    $ aptitude --disable-columns -F%p search '?recommends(network-manager)'
    cinnamon                                                    
    education-networked
    education-standalone
    gnome-control-center
    gnome-core
    lxde
    plasma-nm
    strongswan-nm
    task-gnome-desktop
    task-mate-desktop
    task-xfce-desktop
    wader-core

--
/// Teemu Likonen   - .-..   <https://github.com/tlikonen> //
// PGP: 4E10 55DC 84E9 DFF6 13D7 8557 719D 69D3 2453 9450 ///

signature.asc (463 bytes) Download Attachment
Reply | Threaded
Open this post in threaded view
|

Re: Where are WiFi passwords (WPA keys) stored?

Liam O'Toole
In reply to this post by celejar
On 2016-12-06, Celejar <[hidden email]> wrote:

> On Tue, 06 Dec 2016 11:12:45 +0100
> Yvan Masson <[hidden email]> wrote:
>
> ...
>
>> I am almost sure that installing a XFCE desktop also installs
>> NetworkManager to handle connections.
>
> I use (much / most of) Xfce without NM. I just looked at what would
> happen if I selected the xfce4 metapackage for installation, and NM
> still will not get installed, and doesn't even show up in aptitude as
> recommended or suggested.
>
> Celejar
>
>

The task package task-xfce-desktop recommends network-manager-gnome. So
the latter would have been installed if the OP selected Xfce at the
'Software selection' stage of the installation of Debian.

--

Liam

Reply | Threaded
Open this post in threaded view
|

Re: Where are WiFi passwords (WPA keys) stored?

Brian
In reply to this post by Christian Seiler
On Tue 06 Dec 2016 at 11:14:56 +0100, Christian Seiler wrote:

> Note that when using NetworkManager, it configures its own
> instance of wpa_supplicant, so you should never touch a
> configuration file for wpa_supplicant yourself in this kind of
> setup.
>
> (You could of course stop using NetworkManager and configure
> wpa_supplicant manually, but I really wouldn't recommend that;
> I don't think wpa_supplicant is designed in a way that makes
> direct end-user usage easy - there's a reason why NetworkManager
> exists instead of desktop environments communicating directly
> with wpa_supplicant.)

Direct interaction with the supplicant is not easy? Mmm, probably a
sustainable view if the only objective is to point and click.

However, it is worth acknowledging that Debian has the most complete
integration of ifupdown with wpa_supplicant you will find. It also has
excellent documentation to help with explaining this integration. There
are some things Debian does so well that they are unsurpassable.

Users wanting a simple or complex supplicant setup could find dealing
with the organ grinder (rather than the monkey) a more satisfying
experience when managing wireless networks. Just in case you think you
cannot point and click when you have direct enduser control over the
supplicant, think again. There is wpa-gui.

--
Brian.

Reply | Threaded
Open this post in threaded view
|

Re: Where are WiFi passwords (WPA keys) stored?

Christian Seiler
On 12/06/2016 09:26 PM, Brian wrote:

> On Tue 06 Dec 2016 at 11:14:56 +0100, Christian Seiler wrote:
>
>> Note that when using NetworkManager, it configures its own
>> instance of wpa_supplicant, so you should never touch a
>> configuration file for wpa_supplicant yourself in this kind of
>> setup.
>>
>> (You could of course stop using NetworkManager and configure
>> wpa_supplicant manually, but I really wouldn't recommend that;
>> I don't think wpa_supplicant is designed in a way that makes
>> direct end-user usage easy - there's a reason why NetworkManager
>> exists instead of desktop environments communicating directly
>> with wpa_supplicant.)
>
> Direct interaction with the supplicant is not easy?

If you want to dynamically connect to a network that's not in
your wpa_supplicant.conf, then yes, that's not easy to do via
wpa_cli. (It's doable, just not easy or user-friendly.) If
you then want to combine a dynamically-added configuration
with something like DHCP, then it's even worse.

Of course, if you edit the wpa_supplicant.conf every time you
want to connect to a new network, and tear down and restart
the entire wifi interface, sure, that'll work, but it doesn't
fit well into the WiFi model.

That all said: I'm not a huge fan of NetworkManager, I think
some aspects of it are not well enough thought out to my
taste - but it does it's job in the case of WiFi, and it does
it well, better than the alternatives I've seen so far.

> However, it is worth acknowledging that Debian has the most complete
> integration of ifupdown with wpa_supplicant you will find. It also has
> excellent documentation to help with explaining this integration. There
> are some things Debian does so well that they are unsurpassable.

Yes, and the primary use case I see for this are headless
servers or similar that are connected via WiFi, where the
connection rarely changes. I would not want to use that on a
laptop though, because you never know when you'll want to
connect to a different network.

> Just in case you think you
> cannot point and click when you have direct enduser control over the
> supplicant, think again. There is wpa-gui.

Last time I tried wpa_gui troubleshooting with it was a huge
mess, and I had to resort to wpa_cli to actually get some
sensible information about what was going on. Maybe that has
improved since (it's been a couple of years), but my
experiences with it have been bad.

Regards,
Christian

Reply | Threaded
Open this post in threaded view
|

Re: Where are WiFi passwords (WPA keys) stored?

Brian
On Tue 06 Dec 2016 at 23:09:59 +0100, Christian Seiler wrote:

> On 12/06/2016 09:26 PM, Brian wrote:
>
> That all said: I'm not a huge fan of NetworkManager, I think
> some aspects of it are not well enough thought out to my
> taste - but it does it's job in the case of WiFi, and it does
> it well, better than the alternatives I've seen so far.

I've never really used NetworkManager, not because I think it is lacking
in some way but because the alternatives of ifupdown, wpa_supplicant and
ConnMan etc do a good job for me and my users when at home or roaming.
 

> > However, it is worth acknowledging that Debian has the most complete
> > integration of ifupdown with wpa_supplicant you will find. It also has
> > excellent documentation to help with explaining this integration. There
> > are some things Debian does so well that they are unsurpassable.
>
> Yes, and the primary use case I see for this are headless
> servers or similar that are connected via WiFi, where the
> connection rarely changes. I would not want to use that on a
> laptop though, because you never know when you'll want to
> connect to a different network.

The author of the README.Debian doesn't appear to take the same view as
you. I use what is in it as the basis for my roaming setup on a laptop.
I've just refreshed my memory on the what needs to be done: a stanza or
two in /e/n/i, a couple of lines in a wpa_supplicant.conf and an install
of wpa_gui. Connecting to a different network with wpa_gui doesn't seem
to be any more difficult than using any other GUI application.
 
> > Just in case you think you
> > cannot point and click when you have direct enduser control over the
> > supplicant, think again. There is wpa-gui.
>
> Last time I tried wpa_gui troubleshooting with it was a huge
> mess, and I had to resort to wpa_cli to actually get some
> sensible information about what was going on. Maybe that has
> improved since (it's been a couple of years), but my
> experiences with it have been bad.

I think any serious debugging of a wireless issue would inevitably
involve wpa_cli at some point. I do agree, though, that wpa_cli as a way
of end-user interaction isn't desirable in the normal course of events.
Thank goodness for NetworkManager and all the other GUI stuff.

--
Brian.