Connect to Wi-Fi From Terminal on Debian 11/10 with WPA Supplicant

This tutorial is going to show you how to connect to Wi-Fi network from the command line on Debian 11/10 server and desktop using wpa_supplicant, which is an implementation of the supplicant component for the WPA protocol. A supplicant in wireless LAN is client software installed on end-user’s computer that needs to be authenticated in order to join a network.

Please note that you will need to install the wpa_supplicant software before connecting to Wi-Fi, so you need to connect to Wired Ethernet first, which is done for just one time. If you don’t like this method, please don’t be mad at me. Maybe someday Debian will ship wpa_supplicant out of the box.

Step 1: Find The Name of Your Wireless Interface And Wireless Network

Run iwconfig command to find the name of your wireless interface.

iwconfig

wlan0 is a common name for a wireless network interface on Linux systems. On systemd-based Linux distros, you might have a wireless interface named wlp4s0.

debian server connect to wifi terminal

As you can see, the wireless interface isn’t associated with any access point right now. Then run the following command to bring up the wireless interface.

sudo ip link set dev wlp4s0 up

If you encounter the following error,

RTNETLINK answers: Operation not possible due to RF-kill

you need to unblock Wi-Fi with the following command.

sudo rfkill unblock wifi

Next, find your wireless network name by scanning nearby networks with the command below. Replace wlp4s0 with your own wireless interface name. ESSID is the network name identifier.

sudo iwlist wlp4s0 scan | grep ESSID

debian connect to wifi command line wpa supplicant

Step 2: Connect to Wi-Fi Network With WPA_Supplicant

Now install wpa_supplicant on Debian 11/10 from the default software repository.

sudo apt install wpasupplicant

We need to create a file named wpa_supplicant.conf using the wpa_passphrase utility. wpa_supplicant.conf is the configuration file describing all networks that the user wants the computer to connect to. Run the following command to create this file. Replace ESSID (network name) and Wi-Fi passphrase with your own.

wpa_passphrase your-ESSID your-wifi-passphrase | sudo tee -a /etc/wpa_supplicant/wpa_supplicant.conf

debian wpa_passphrase

If your ESSID contains whitespace such as (linuxbabe WiFi), you need to wrap the ESSID with double-quotes ("linuxbabe WiFi") in the above command.

The output of wpa_passphrase command will be piped to tee, and then written to the /etc/wpa_supplicant/wpa_supplicant.conf file. Now use the following command to connect your wireless card to the wireless access point.

sudo wpa_supplicant -c /etc/wpa_supplicant/wpa_supplicant.conf -i wlp4s0

The following output indicates your wireless card is successfully connected to an access point.

Successfully initialized wpa_supplicant
wlp4s0: SME: Trying to authenticate with c5:4a:21:53:ac:eb (SSID='CMCC-11802' freq=2437 MHz)
wlp4s0: Trying to associate with c5:4a:21:53:ac:eb (SSID='CMCC-11802' freq=2437 MHz)
wlp4s0: Associated with c5:4a:21:53:ac:eb
wlp4s0: CTRL-EVENT-SUBNET-STATUS-UPDATE status=0
wlp4s0: WPA: Key negotiation completed with c5:4a:21:53:ac:eb [PTK=CCMP GTK=CCMP]
wlp4s0: CTRL-EVENT-CONNECTED - Connection to c5:4a:21:53:ac:eb completed [id=0 id_str=]

Note that if you are using Debian desktop edition, then you need to stop Network Manager with the following command, otherwise it will cause a connection problem when using wpa_supplicant.

sudo systemctl stop NetworkManager

And disable NetworkManager auto-start at boot time by executing the following command.

sudo systemctl disable NetworkManager-wait-online NetworkManager-dispatcher NetworkManager

By default, wpa_supplicant runs in the foreground. If the connection is completed, then open up another terminal window and run

iwconfig

You can see that the wireless interface is now associated with an access point.

enable wifi on debian using terminal command

You can press CTRL+C to stop the current wpa_supplicant process and run it in the background by adding the -B flag.

sudo wpa_supplicant -B -c /etc/wpa_supplicant.conf -i wlp4s0

Although we’re authenticated and connected to a wireless network, we don’t have an IP address yet. To obtain a private IP address from DHCP server, use the following command:

sudo dhclient wlp4s0

Now your wireless interface has a private IP address, which can be shown with:

ip addr show wlp4s0

debian dhclient obtain private ip address

Now you can access the Internet. To release the private IP address, run

sudo dhclient wlp4s0 -r

Connecting to Hidden Wireless Network

If your wireless router doesn’t broadcast ESSID, then you need to add the following line in /etc/wpa_supplicant/wpa_supplicant.conf file.

scan_ssid=1

Like below:

network={
        ssid="LinuxBabe.Com Network"
        #psk="12345qwert"
        psk=68add4c5fee7dc3d0dac810f89b805d6d147c01e281f07f475a3e0195
        scan_ssid=1
}

Step 3: Auto-Connect At System Boot Time

To automatically connect to wireless network at boot time, we need to edit the wpa_supplicant.service file. It’s a good idea to copy the file from /lib/systemd/system/ directory to /etc/systemd/system/ directory, then edit the file content, because we don’t want a newer version of wpa_supplicant to override our modifications.

sudo cp /lib/systemd/system/wpa_supplicant.service /etc/systemd/system/wpa_supplicant.service

Edit the file with a command-line text editor, such as Nano.

sudo nano /etc/systemd/system/wpa_supplicant.service

Find the following line.

ExecStart=/sbin/wpa_supplicant -u -s -O /run/wpa_supplicant

Change it to the following. Here we added the configuration file and the wireless interface name to the ExecStart command.

ExecStart=/sbin/wpa_supplicant -u -s -c /etc/wpa_supplicant/wpa_supplicant.conf -i wlp4s0

It’s recommended to always try to restart wpa_supplicant when failure is detected. Add the following right below the ExecStart line.

Restart=always

Save and close the file. (To save a file in Nano text editor, press Ctrl+O, then press Enter to confirm. To exit, press Ctrl+X.) Then reload systemd.

sudo systemctl daemon-reload

Enable wpa_supplicant service to start at boot time.

sudo systemctl enable wpa_supplicant.service

We also need to start dhclient at boot time to obtain a private IP address from DHCP server. This can be achieved by creating a systemd service unit for dhclient.

sudo nano /etc/systemd/system/dhclient.service

Put the following text into the file.

[Unit]
Description= DHCP Client
Before=network.target
After=wpa_supplicant.service

[Service]
Type=forking
ExecStart=/sbin/dhclient wlp4s0 -v
ExecStop=/sbin/dhclient wlp4s0 -r
Restart=always
 
[Install]
WantedBy=multi-user.target

Save and close the file. Then enable this service.

sudo systemctl enable dhclient.service

How to Obtain a Static IP Address

If you want to obtain a static IP address, then you need to disable dhclient.service.

sudo systemctl disable dhclient.service

Create a network config file.

sudo nano /etc/systemd/network/static.network

Add the following lines.

[Match]
Name=wlp4s0

[Network]
Address=192.168.1.8/24
Gateway=192.168.1.1

Save and close the file. Then create a .link file for the wireless interface.

sudo nano /etc/systemd/network/10-wifi.link

Add the following lines in this file. You need to use your own MAC address and wireless interface name. This is to prevent the system from changing the wireless interface name.

[Match]
MACAddress=a8:4b:05:2b:e8:54

[Link]
NamePolicy=
Name=wlp4s0

Save and close the file. Then disable the networking.service and enable systemd-networkd.service, which will take care of networking.

sudo systemctl disable networking

sudo systemctl enable systemd-networkd

You can now restart systemd-networkd to see if your configuration works.

sudo systemctl restart systemd-networkd

Another way to obtain a static IP address is by logging into your router’s management interface and assigning a static IP to the MAC address of your wireless card, if your router supports this feature.

Recommended Reading:

Multiple Wi-Fi Networks

The /etc/wpa_supplicant.conf configuration file can include multiple Wi-Fi networks. wpa_supplicant automatically selects the best network based on the order of network blocks in the configuration file, network security level, and signal strength.

To add a second Wi-Fi network, run:

wpa_passphrase your-ESSID your-wifi-passphrase | sudo tee -a /etc/wpa_supplicant/wpa_supplicant.conf

Note that you need to use the -a option with the tee command, which will append, instead of deleting the original content, the new Wifi-network to the file.

Wi-Fi Security

Do not use WPA2 TKIP or WPA2 TKIP+AES as the encryption method in your Wi-Fi router. TKIP is not considered secure anymore. You can use WPA2-AES as the encryption method.

Wrapping Up

I hope this tutorial helped you connect Debian 11/10 to Wi-Fi network from the command line with WPA Supplicant. As always, if you found this post useful, then subscribe to our free newsletter to get more tips and tricks 🙂

Rate this tutorial
[Total: 60 Average: 5]

21 Responses to “Connect to Wi-Fi From Terminal on Debian 11/10 with WPA Supplicant

  • Excellent, mission accomplished with mt7601u

  • Thank you so much. I use Debian 11 with i3wm. I am newby in linux. Is it better to use wpa-supplicant rather than NetworkManager? Thank you in advance.

  • Hi, sudo iwconfig is giving me: command not found on Debian 11 server. Tryed ip a instead and my wireless card (usb dongle) is identified as:

    wlx004f622e9505:  mtu 1500 qdisc mq state DOWN...

    The sudo ip link set dev wlp4s0 up is doing nothing. It still stays in “DOWN” mode. Can you please help?

    • cronos_hh
      2 years ago

      Hello Georg,
      iwconfig is a part from wireless-tools….apt install wireless-tools !

    • Ahellwig
      1 year ago

      Please keep in mind that iwconfig is a legacy application. Use iw as a newer alternative.

  • Rfkill command not found

    • Aaron Rogers
      8 months ago

      Thank you for this tutorial. It helped me to setup the wireless network in a raspberry pi 2 w with raspberry OS Lite 6.1.0 (built nov 2023) connecting a,local router.

      wpasupplicant was already installed.

      At first it took many attemps to connect to the wireless SSID, visible in the output thrown by wpa_supplicant -c as I saw many failed attempts and retries (I ignore why). Also,having only one console,I had to improvise sending the command as job to the background y ctrl-z and then bg command. finally, retirected the output to a temp log file.

      I did not have to disable NetworkManager or set static ip address.

  • jlinkels
    2 years ago

    Thank you for this excellent tutorial. After half a day following other instructions (even from Debian wiki itself) without success this really helped. You are writing very clear and to the point.

    One note: Debian does not place /sbin in the user’s path, not even in root’s path. Commands like ifconfig and iwconfig ONLY work as sudo. If the commands are used just to read no root privileges are required. So as a user you should use /sbin/ifconfig and /sbin/iwconfig.

    • Ahellwig
      1 year ago

      I don’t think there’s a distro which does *not* put /sbin in root’s path.

  • jlinkels
    2 years ago

    Also note that the SSID is case sensitive and that wpa_passphrase uses both the SSID and the Wifi key to generate the psk. So using in wpa_passphrase “MyWifi” or “mywifi” yields completely different results. Only if the SSID is correctly specified, including case, the correct psk is generated.

  • Cheryl De Loitte
    2 years ago

    Hello

  • This method works only until the Ethernet cable is connected. As soon as it is disconnected, the wifi connection stops working too. Tested on two different pc’s. Just use iwd for managing wireless, faster and simpler to configure.

  • Trever Holmes
    1 year ago

    Thank you so much. This finally got wifi on my laptop up and running

  • Jill Milner
    1 year ago

    Hi there !!!
    How are you?
    We’ve very good offers , espicially for people like you as linuxbabe.com owner
    below you can see smart link we made that for you, it will help you to find great offers.

    You can also try it over and over, each time you will see new offers,

    We will try to send you amazing offers , daily:
    https://impressiveoffer1.bloginwi.com/54343232/take-a-look-at-most-recent-discounts-from-a-wide-range-of-websites-here-on-29-july-don-t-miss-out

    Regards!
    Jill

  • This is, by far, the most informative tutorial I’ve read in decades. After much struggling when I stumbled on your page, voilà, 30 minutes and done!

    Thanks a lot!

  • grohlfer
    11 months ago

    Strange… it works when I type all commands, but after rebooting the system wi-fi doesn’t get up automatically.
    A cat /etc/wpa_supplicant.conf shows config is fine, I can see SSID and PSK keys there..
    An iwconfig shows the following:

    lo        no wireless extensions.
    
    eth0      no wireless extensions.
    
    wlan0     IEEE 802.11  ESSID:off/any
              Mode:Managed  Access Point: Not-Associated
              Retry short limit:10   RTS thr=2353 B   Fragment thr:off
              Encryption key:off
              Power Management:off
    

    And ip addr show wlan0 tells me no IP address despite the dhcp config I made:

    3: wlan0:  mtu 1500 qdisc pfifo_fast state DORMANT group default qlen 1000
        link/ether 5c:6a:c9:d0:d8:5f brd ff:ff:ff:ff:ff:ff
        inet 169.254.14.62/16 brd 169.254.255.255 scope link wlan0:avahi
           valid_lft forever preferred_lft forever
    

    Any ideas?

  • grohlfer
    11 months ago

    Solved the issue by turning off the Network Manager:
    sudo systemctl stop NetworkManager

    Now the problem is how to enable booth interfaces – eth0 and wlan0 – simultaneously.

  • this doesnt work for me. installed debian 12, but wasnt able to connect to the network in the configuration stage… so no GUI to work with, just the CLI. Really struggling to get this set up as a bit of a linux noob! ;-;

  • Merissa Salter
    9 months ago

    Hey there,

    I found this cool way to make money online. If you are interested in getting financially free, now is the time to jump on the AI train!!!!!

    It is SOOOOOOO easy. If I can do it, anyone can.

    Click this link for a FREE 16-minute video that explains the whole process…. https://aibotsmarketing.systeme.io/cd8a7779-0d424be2

    Take care and blessings to you and your family!!!

    Skylar Jade

    To opt out of future communication through your website contact page, click this link and enter in your website domain name… https://aibotsmarketing.wixsite.com/opt-out-form

    2100 14th St. Suite 107-30
    Plano, TX 75074-6444

  • My wifi connects but cannot resolve domain names. some issue with dns i guess , any ideas ?
    Thanks

  • Thank you

    You absolute legend

    I just got a OpenScan mini, a device that is built out of a raspberry pi and 3d printed parts to take photos of little objects and then make them into a 3d model using photogrammetry.

    Everything worked apart from the wifi, connecting via ethernet worked and luckily ssh was enabled following this tutorial showed me wpa_supplicant was installed, however wifi had no ip address as my router uses DHCP.

    Following this tutorial fixed that for me, now I can use my OpenScan mini anywhere that is in range of my router.

Leave a Comment

  • Comments with links are moderated by admin before published.
  • Your email address will not be published.
  • Use <pre> ... </pre> HTML tag to quote the output from your terminal/console.
  • Please use the community (https://community.linuxbabe.com) for questions unrelated to this article.
  • I don't have time to answer every question. Making a donation would incentivize me to spend more time answering questions.

The maximum upload file size: 2 MB. You can upload: image. Links to YouTube, Facebook, Twitter and other services inserted in the comment text will be automatically embedded. Drop file here