Miskatonic University PressI have a Raspberry Pi at work that I use for listening to STAPLR. A while ago it fell off the university’s wifi network. Today I got around to fixing that. For some unknown reason I had to do more today than I did back when I first got it on the wifi, but such is the way of computers. For my own sake I’m documenting what I did here, and maybe it will be useful to others.
This is based on: Raspberry Pi 3 and PEAP-MSCHAPv2 WiFi Networks by Nontas Rontogiannis and an answer in a Raspberry Pi forum by broo0oose. Thank you, fellow Pi users who are on not on a simple wifi network!
First edit /etc/wpa_supplicant/wpa_supplicant.conf and add:
network={
ssid=""
priority=1
proto=RSN
key_mgmt=WPA-EAP
pairwise=CCMP
auth_alg=OPEN
eap=PEAP
identity=
password=hash:
phase1="peaplabel=0"
phase2="auth=MSCHAPV2"
}
Fill in these fields:
ssid(wifi network name)identity(username)password
You can enter your password in plain text, but that’s a terrible thing to do. Instead, use a hashed version.
echo -n 'password_in_plaintext' | iconv -t utf16le | openssl md4 > hash.txt
Then take the text in hash.txt and add it after “hash:” in the password field.
Restart network services (sudo service networking restart) and all should work … unless you don’t have a /etc/network/interfaces file, which I didn’t! Somehow it had disappeared. So I created one, with this incantation:
auto lo
iface lo inet loopback
iface eth0 inet dhcp
allow-hotplug wlan0
iface wlan0 inet dhcp
pre-up wpa_supplicant -B -Dwext -i wlan0 -c/etc/wpa_supplicant/wpa_supplicant.conf
post-down killall -q wpa_supplicant
(That’s a tab for indentation there, in case it matters. The pre-up line should be all on the same line, it’s -c/etc/wpa..., but some formatting thing is messing up the display here.)
After rebooting it all worked, even though the network icon in the icon bar showed no connection.
Typing in your password means it’s in your history, which means it’s in a file on the system. That’s insecure. The easiest way to clear that out is to wipe your history:
history -c
But you can also just wipe out the one line by finding just which one it is, for example:
$ history | grep openssl
118 echo -n 'password_in_plaintext' | iconv -t utf16le | openssl md4 > hash.txt
$ history -d 118
But when you’re on the network you should install xsel:
sudo apt-get install xsel
Now next time you can run
echo -n 'password_in_plaintext' | iconv -t utf16le | openssl md4 | xsel -b
This puts the hashed password into the X clipboard, where it’s easier to paste. You’ll still want to wipe it from your history.
Why the Pi doesn’t support this kind of network out of the box, I don’t know, but I hope they add it. Nevertheless, the Pi is marvellous little thing.