Debian – How to encrypt/hide password in /etc/network/interfaces file on debian

debianencryptionnetworkingpasswordwlan

How can I encrypt/hide my – wpa-psk "password" – line in the /etc/network/interfaces file? Since it's uncovered and readable for everyone who can get in the file now.

Or is it better that I use something else if I don't want to store my blank wifi password in a file?

I'm running on debian without desktop environment.

Best Answer

The best you can do is hash the password. Set wpa-psk to the output of:

wpa_passphrase <SSID> <KEY>

This will obfuscate the password, but it will not prevent someone else from using the hash to connect with another device.

As an additional measure you should also set /etc/network/interfaces file permission to rw------- (600), chmod og-rw.

Related Solutions

Connect to hidden Wifi AP with wpa-supplicant

Finally, I've found out a solution, just an other line (previous not needed: ~~wpa-ap-scan~~)

wpa-scan-ssid 1

I've not really found it in any documentation... just in a forum post.

Debian, two network cards – “no route to host” on eth1

How do the hosts on the the 192.168.0.x network get their network configuration? If they expect to receive it via DHCP, you will probably need to run a DHCP server on eth1 (being very careful not to offer it on eth0!). If the devices don't have addresses, you won't be able to route to them.

On my home router I run the ISC dhcpd on eth0 whilst acting as a DHCP client on ppp0. Relevant bits of configuration in /etc/dhcpd.conf include:

# Don't attempt dynDNS updates
ddns-update-style none;

# option definitions common to all supported networks...
option domain-name "mydomain";
option domain-name-servers 192.168.0.1;  # This machine

default-lease-time 86400; # 1 day
max-lease-time 864000;    # 10 days


  group {
    # PXE-boot clients
    filename "/pxelinux.0";
    next-server 192.168.0.1;

    host myhost1 {
      hardware ethernet 00:30:18:a5:6b:20;
      fixed-address 192.168.0.66;
      option root-path "192.168.0.1:/export/client/myhost1";
    }
  }

  # Dynamically-leased addresses for visitors
  subnet 192.168.0.0 netmask 255.255.255.0 {
    authoritative;  
    range 192.168.0.128 192.168.0.254;
    option broadcast-address 192.168.0.255;
    option routers 192.168.0.1;
  }

I previously ran dnsmasq successfully on eth0 (I still do, but now only for DNS and not for DHCP). Here's the old, commented-out snippets from /etc/dnsmasq.d/dhcp.conf:

#interface=eth0

# read-ethers

# dhcp-range=192.168.0.128,192.168.0.254

# dhcp-host=00:30:18:a5:6b:20,myhost1,192.168.0.66,static

# dhcp-option-force=208,f1:00:74:7e

# dhcp-boot=pxelinux.0

# #enable-tftp
# tftp-root=/var/lib/tftpboot

# log-dhcp

Best Answer

Related Solutions

Connect to hidden Wifi AP with wpa-supplicant

Debian, two network cards – “no route to host” on eth1

Related Question