1c1d255d3SCy Schubert<!doctype refentry PUBLIC "-//OASIS//DTD DocBook V4.1//EN"> 2c1d255d3SCy Schubert 3c1d255d3SCy Schubert<refentry> 4c1d255d3SCy Schubert <refentryinfo> 5c1d255d3SCy Schubert <date>07 August 2019</date> 6c1d255d3SCy Schubert </refentryinfo> 7c1d255d3SCy Schubert 8c1d255d3SCy Schubert <refmeta> 9c1d255d3SCy Schubert <refentrytitle>wpa_cli</refentrytitle> 10c1d255d3SCy Schubert <manvolnum>8</manvolnum> 11c1d255d3SCy Schubert </refmeta> 12c1d255d3SCy Schubert <refnamediv> 13c1d255d3SCy Schubert <refname>wpa_cli</refname> 14c1d255d3SCy Schubert 15c1d255d3SCy Schubert <refpurpose>WPA command line client</refpurpose> 16c1d255d3SCy Schubert </refnamediv> 17c1d255d3SCy Schubert 18c1d255d3SCy Schubert <refsynopsisdiv> 19c1d255d3SCy Schubert <cmdsynopsis> 20c1d255d3SCy Schubert <command>wpa_cli</command> 21c1d255d3SCy Schubert <arg>-p <replaceable>path to ctrl sockets</replaceable></arg> 22c1d255d3SCy Schubert <arg>-g <replaceable>path to global ctrl_interface socket</replaceable></arg> 23c1d255d3SCy Schubert <arg>-i <replaceable>ifname</replaceable></arg> 24c1d255d3SCy Schubert <arg>-hvB</arg> 25c1d255d3SCy Schubert <arg>-a <replaceable>action file</replaceable></arg> 26c1d255d3SCy Schubert <arg>-P <replaceable>pid file</replaceable></arg> 27c1d255d3SCy Schubert <arg>-G <replaceable>ping interval</replaceable></arg> 28c1d255d3SCy Schubert <arg><replaceable>command ...</replaceable></arg> 29c1d255d3SCy Schubert </cmdsynopsis> 30c1d255d3SCy Schubert </refsynopsisdiv> 31c1d255d3SCy Schubert 32c1d255d3SCy Schubert <refsect1> 33c1d255d3SCy Schubert <title>Overview</title> 34c1d255d3SCy Schubert 35c1d255d3SCy Schubert <para>wpa_cli is a text-based frontend program for interacting 36c1d255d3SCy Schubert with wpa_supplicant. It is used to query current status, change 37c1d255d3SCy Schubert configuration, trigger events, and request interactive user 38c1d255d3SCy Schubert input.</para> 39c1d255d3SCy Schubert 40c1d255d3SCy Schubert <para>wpa_cli can show the current authentication status, selected 41c1d255d3SCy Schubert security mode, dot11 and dot1x MIBs, etc. In addition, it can 42c1d255d3SCy Schubert configure some variables like EAPOL state machine parameters and 43c1d255d3SCy Schubert trigger events like reassociation and IEEE 802.1X 44c1d255d3SCy Schubert logoff/logon. wpa_cli provides a user interface to request 45c1d255d3SCy Schubert authentication information, like username and password, if these 46c1d255d3SCy Schubert are not included in the configuration. This can be used to 47c1d255d3SCy Schubert implement, e.g., one-time-passwords or generic token card 48c1d255d3SCy Schubert authentication where the authentication is based on a 49c1d255d3SCy Schubert challenge-response that uses an external device for generating the 50c1d255d3SCy Schubert response.</para> 51c1d255d3SCy Schubert 52c1d255d3SCy Schubert <para>The control interface of wpa_supplicant can be configured to 53c1d255d3SCy Schubert allow non-root user access (ctrl_interface GROUP= parameter in the 54c1d255d3SCy Schubert configuration file). This makes it possible to run wpa_cli with a 55c1d255d3SCy Schubert normal user account.</para> 56c1d255d3SCy Schubert 57c1d255d3SCy Schubert <para>wpa_cli supports two modes: interactive and command 58c1d255d3SCy Schubert line. Both modes share the same command set and the main 59c1d255d3SCy Schubert difference is in interactive mode providing access to unsolicited 60c1d255d3SCy Schubert messages (event messages, username/password requests).</para> 61c1d255d3SCy Schubert 62c1d255d3SCy Schubert <para>Interactive mode is started when wpa_cli is executed without 63c1d255d3SCy Schubert including the command as a command line parameter. Commands are 64c1d255d3SCy Schubert then entered on the wpa_cli prompt. In command line mode, the same 65c1d255d3SCy Schubert commands are entered as command line arguments for wpa_cli.</para> 66c1d255d3SCy Schubert </refsect1> 67c1d255d3SCy Schubert <refsect1> 68c1d255d3SCy Schubert <title>Interactive authentication parameters request</title> 69c1d255d3SCy Schubert 70c1d255d3SCy Schubert <para>When wpa_supplicant need authentication parameters, like 71c1d255d3SCy Schubert username and password, which are not present in the configuration 72c1d255d3SCy Schubert file, it sends a request message to all attached frontend programs, 73c1d255d3SCy Schubert e.g., wpa_cli in interactive mode. wpa_cli shows these requests 74c1d255d3SCy Schubert with "CTRL-REQ-<type>-<id>:<text>" 75c1d255d3SCy Schubert prefix. <type> is IDENTITY, PASSWORD, or OTP 76c1d255d3SCy Schubert (one-time-password). <id> is a unique identifier for the 77c1d255d3SCy Schubert current network. <text> is description of the request. In 78c1d255d3SCy Schubert case of OTP request, it includes the challenge from the 79c1d255d3SCy Schubert authentication server.</para> 80c1d255d3SCy Schubert 81c1d255d3SCy Schubert <para>The reply to these requests can be given with 82c1d255d3SCy Schubert <emphasis>identity</emphasis>, <emphasis>password</emphasis>, and 83c1d255d3SCy Schubert <emphasis>otp</emphasis> commands. <id> needs to be copied from 84c1d255d3SCy Schubert the matching request. <emphasis>password</emphasis> and 85c1d255d3SCy Schubert <emphasis>otp</emphasis> commands can be used regardless of whether 86c1d255d3SCy Schubert the request was for PASSWORD or OTP. The main difference between these 87c1d255d3SCy Schubert two commands is that values given with <emphasis>password</emphasis> are 88c1d255d3SCy Schubert remembered as long as wpa_supplicant is running whereas values given 89c1d255d3SCy Schubert with <emphasis>otp</emphasis> are used only once and then forgotten, 90c1d255d3SCy Schubert i.e., wpa_supplicant will ask frontend for a new value for every use. 91c1d255d3SCy Schubert This can be used to implement one-time-password lists and generic token 92c1d255d3SCy Schubert card -based authentication.</para> 93c1d255d3SCy Schubert 94c1d255d3SCy Schubert <para>Example request for password and a matching reply:</para> 95c1d255d3SCy Schubert 96c1d255d3SCy Schubert<blockquote><programlisting> 97c1d255d3SCy SchubertCTRL-REQ-PASSWORD-1:Password needed for SSID foobar 98c1d255d3SCy Schubert> password 1 mysecretpassword 99c1d255d3SCy Schubert</programlisting></blockquote> 100c1d255d3SCy Schubert 101c1d255d3SCy Schubert <para>Example request for generic token card challenge-response:</para> 102c1d255d3SCy Schubert 103c1d255d3SCy Schubert<blockquote><programlisting> 104c1d255d3SCy SchubertCTRL-REQ-OTP-2:Challenge 1235663 needed for SSID foobar 105c1d255d3SCy Schubert> otp 2 9876 106c1d255d3SCy Schubert</programlisting></blockquote> 107c1d255d3SCy Schubert 108c1d255d3SCy Schubert </refsect1> 109c1d255d3SCy Schubert <refsect1> 110c1d255d3SCy Schubert <title>Command Arguments</title> 111c1d255d3SCy Schubert <variablelist> 112c1d255d3SCy Schubert <varlistentry> 113c1d255d3SCy Schubert <term>-p path</term> 114c1d255d3SCy Schubert 115c1d255d3SCy Schubert <listitem><para>Change the path where control sockets should 116c1d255d3SCy Schubert be found.</para></listitem> 117c1d255d3SCy Schubert </varlistentry> 118c1d255d3SCy Schubert 119c1d255d3SCy Schubert <varlistentry> 120c1d255d3SCy Schubert <term>-g control socket path</term> 121c1d255d3SCy Schubert 122c1d255d3SCy Schubert <listitem><para>Connect to the global control socket at the 123c1d255d3SCy Schubert indicated path rather than an interface-specific control 124c1d255d3SCy Schubert socket.</para></listitem> 125c1d255d3SCy Schubert </varlistentry> 126c1d255d3SCy Schubert 127c1d255d3SCy Schubert <varlistentry> 128c1d255d3SCy Schubert <term>-i ifname</term> 129c1d255d3SCy Schubert 130c1d255d3SCy Schubert <listitem><para>Specify the interface that is being 131c1d255d3SCy Schubert configured. By default, choose the first interface found with 132c1d255d3SCy Schubert a control socket in the socket path.</para></listitem> 133c1d255d3SCy Schubert </varlistentry> 134c1d255d3SCy Schubert 135c1d255d3SCy Schubert <varlistentry> 136c1d255d3SCy Schubert <term>-h</term> 137c1d255d3SCy Schubert <listitem><para>Help. Show a usage message.</para></listitem> 138c1d255d3SCy Schubert </varlistentry> 139c1d255d3SCy Schubert 140c1d255d3SCy Schubert 141c1d255d3SCy Schubert <varlistentry> 142c1d255d3SCy Schubert <term>-v</term> 143c1d255d3SCy Schubert <listitem><para>Show version information.</para></listitem> 144c1d255d3SCy Schubert </varlistentry> 145c1d255d3SCy Schubert 146c1d255d3SCy Schubert 147c1d255d3SCy Schubert <varlistentry> 148c1d255d3SCy Schubert <term>-B</term> 149c1d255d3SCy Schubert <listitem><para>Run as a daemon in the background.</para></listitem> 150c1d255d3SCy Schubert </varlistentry> 151c1d255d3SCy Schubert 152c1d255d3SCy Schubert <varlistentry> 153c1d255d3SCy Schubert <term>-a file</term> 154c1d255d3SCy Schubert 155c1d255d3SCy Schubert <listitem><para>Run in daemon mode executing the action file 156c1d255d3SCy Schubert based on events from wpa_supplicant. The specified file will 157c1d255d3SCy Schubert be executed with the first argument set to interface name and 158c1d255d3SCy Schubert second to "CONNECTED" or "DISCONNECTED" depending on the event. 159c1d255d3SCy Schubert This can be used to execute networking tools required to configure 160c1d255d3SCy Schubert the interface.</para> 161c1d255d3SCy Schubert 162c1d255d3SCy Schubert <para>Additionally, three environmental variables are available to 163c1d255d3SCy Schubert the file: WPA_CTRL_DIR, WPA_ID, and WPA_ID_STR. WPA_CTRL_DIR 164c1d255d3SCy Schubert contains the absolute path to the ctrl_interface socket. WPA_ID 165c1d255d3SCy Schubert contains the unique network_id identifier assigned to the active 166c1d255d3SCy Schubert network, and WPA_ID_STR contains the content of the id_str option. 167c1d255d3SCy Schubert </para></listitem> 168c1d255d3SCy Schubert </varlistentry> 169c1d255d3SCy Schubert 170c1d255d3SCy Schubert <varlistentry> 171c1d255d3SCy Schubert <term>-P file</term> 172c1d255d3SCy Schubert 173c1d255d3SCy Schubert <listitem><para>Set the location of the PID 174c1d255d3SCy Schubert file.</para></listitem> 175c1d255d3SCy Schubert </varlistentry> 176c1d255d3SCy Schubert 177c1d255d3SCy Schubert <varlistentry> 178c1d255d3SCy Schubert <term>-G ping interval</term> 179c1d255d3SCy Schubert 180c1d255d3SCy Schubert <listitem><para>Set the interval (in seconds) at which 181c1d255d3SCy Schubert wpa_cli pings the supplicant.</para></listitem> 182c1d255d3SCy Schubert </varlistentry> 183c1d255d3SCy Schubert 184c1d255d3SCy Schubert <varlistentry> 185c1d255d3SCy Schubert <term>command</term> 186c1d255d3SCy Schubert 187c1d255d3SCy Schubert <listitem><para>Run a command. The available commands are 188c1d255d3SCy Schubert listed in the next section.</para></listitem> 189c1d255d3SCy Schubert 190c1d255d3SCy Schubert </varlistentry> 191c1d255d3SCy Schubert </variablelist> 192c1d255d3SCy Schubert </refsect1> 193c1d255d3SCy Schubert <refsect1> 194c1d255d3SCy Schubert <title>Commands</title> 195c1d255d3SCy Schubert <para>The following commands are available:</para> 196c1d255d3SCy Schubert 197c1d255d3SCy Schubert <variablelist> 198c1d255d3SCy Schubert <varlistentry> 199c1d255d3SCy Schubert <term>status</term> 200c1d255d3SCy Schubert <listitem> 201c1d255d3SCy Schubert <para>get current WPA/EAPOL/EAP status</para> 202c1d255d3SCy Schubert </listitem> 203c1d255d3SCy Schubert </varlistentry> 204c1d255d3SCy Schubert 205c1d255d3SCy Schubert <varlistentry> 206c1d255d3SCy Schubert <term>mib</term> 207c1d255d3SCy Schubert <listitem> 208c1d255d3SCy Schubert <para>get MIB variables (dot1x, dot11)</para> 209c1d255d3SCy Schubert </listitem> 210c1d255d3SCy Schubert </varlistentry> 211c1d255d3SCy Schubert 212c1d255d3SCy Schubert <varlistentry> 213c1d255d3SCy Schubert <term>help</term> 214c1d255d3SCy Schubert <listitem> 215c1d255d3SCy Schubert <para>show this usage help</para> 216c1d255d3SCy Schubert </listitem> 217c1d255d3SCy Schubert </varlistentry> 218c1d255d3SCy Schubert 219c1d255d3SCy Schubert <varlistentry> 220c1d255d3SCy Schubert <term>interface [ifname]</term> 221c1d255d3SCy Schubert <listitem> 222c1d255d3SCy Schubert <para>show interfaces/select interface</para> 223c1d255d3SCy Schubert </listitem> 224c1d255d3SCy Schubert </varlistentry> 225c1d255d3SCy Schubert 226c1d255d3SCy Schubert <varlistentry> 227c1d255d3SCy Schubert <term>level <debug level></term> 228c1d255d3SCy Schubert <listitem> 229c1d255d3SCy Schubert <para>change debug level</para> 230c1d255d3SCy Schubert </listitem> 231c1d255d3SCy Schubert </varlistentry> 232c1d255d3SCy Schubert 233c1d255d3SCy Schubert <varlistentry> 234c1d255d3SCy Schubert <term>license</term> 235c1d255d3SCy Schubert <listitem> 236c1d255d3SCy Schubert <para>show full wpa_cli license</para> 237c1d255d3SCy Schubert </listitem> 238c1d255d3SCy Schubert </varlistentry> 239c1d255d3SCy Schubert 240c1d255d3SCy Schubert <varlistentry> 241c1d255d3SCy Schubert <term>logoff</term> 242c1d255d3SCy Schubert <listitem> 243c1d255d3SCy Schubert <para>IEEE 802.1X EAPOL state machine logoff</para> 244c1d255d3SCy Schubert </listitem> 245c1d255d3SCy Schubert </varlistentry> 246c1d255d3SCy Schubert 247c1d255d3SCy Schubert <varlistentry> 248c1d255d3SCy Schubert <term>logon</term> 249c1d255d3SCy Schubert <listitem> 250c1d255d3SCy Schubert <para>IEEE 802.1X EAPOL state machine logon</para> 251c1d255d3SCy Schubert </listitem> 252c1d255d3SCy Schubert </varlistentry> 253c1d255d3SCy Schubert 254c1d255d3SCy Schubert <varlistentry> 255c1d255d3SCy Schubert <term>set</term> 256c1d255d3SCy Schubert <listitem> 257c1d255d3SCy Schubert <para>set variables (shows list of variables when run without arguments)</para> 258c1d255d3SCy Schubert </listitem> 259c1d255d3SCy Schubert </varlistentry> 260c1d255d3SCy Schubert <varlistentry> 261c1d255d3SCy Schubert <term>pmksa</term> 262c1d255d3SCy Schubert <listitem> 263c1d255d3SCy Schubert <para>show PMKSA cache</para> 264c1d255d3SCy Schubert </listitem> 265c1d255d3SCy Schubert </varlistentry> 266c1d255d3SCy Schubert <varlistentry> 267c1d255d3SCy Schubert <term>reassociate</term> 268c1d255d3SCy Schubert <listitem> 269c1d255d3SCy Schubert <para>force reassociation</para> 270c1d255d3SCy Schubert </listitem> 271c1d255d3SCy Schubert </varlistentry> 272c1d255d3SCy Schubert <varlistentry> 273c1d255d3SCy Schubert <term>reconfigure</term> 274c1d255d3SCy Schubert <listitem> 275c1d255d3SCy Schubert <para>force wpa_supplicant to re-read its configuration file</para> 276c1d255d3SCy Schubert </listitem> 277c1d255d3SCy Schubert </varlistentry> 278c1d255d3SCy Schubert 279c1d255d3SCy Schubert <varlistentry> 280c1d255d3SCy Schubert <term>preauthenticate <BSSID></term> 281c1d255d3SCy Schubert <listitem> 282c1d255d3SCy Schubert <para>force preauthentication</para> 283c1d255d3SCy Schubert </listitem> 284c1d255d3SCy Schubert </varlistentry> 285c1d255d3SCy Schubert 286c1d255d3SCy Schubert <varlistentry> 287c1d255d3SCy Schubert <term>identity <network id> <identity></term> 288c1d255d3SCy Schubert <listitem> 289c1d255d3SCy Schubert <para>configure identity for an SSID</para> 290c1d255d3SCy Schubert </listitem> 291c1d255d3SCy Schubert </varlistentry> 292c1d255d3SCy Schubert 293c1d255d3SCy Schubert <varlistentry> 294c1d255d3SCy Schubert <term>password <network id> <password></term> 295c1d255d3SCy Schubert <listitem> 296c1d255d3SCy Schubert <para>configure password for an SSID</para> 297c1d255d3SCy Schubert </listitem> 298c1d255d3SCy Schubert </varlistentry> 299c1d255d3SCy Schubert 300c1d255d3SCy Schubert <varlistentry> 301c1d255d3SCy Schubert <term>pin <network id> <pin></term> 302c1d255d3SCy Schubert <listitem> 303c1d255d3SCy Schubert <para>configure pin for an SSID</para> 304c1d255d3SCy Schubert </listitem> 305c1d255d3SCy Schubert </varlistentry> 306c1d255d3SCy Schubert 307c1d255d3SCy Schubert <varlistentry> 308c1d255d3SCy Schubert <term>otp <network id> <password></term> 309c1d255d3SCy Schubert <listitem> 310c1d255d3SCy Schubert <para>configure one-time-password for an SSID</para> 311c1d255d3SCy Schubert </listitem> 312c1d255d3SCy Schubert </varlistentry> 313c1d255d3SCy Schubert 314c1d255d3SCy Schubert <varlistentry> 315c1d255d3SCy Schubert <term>bssid <network id> <BSSID></term> 316c1d255d3SCy Schubert <listitem> 317c1d255d3SCy Schubert <para>set preferred BSSID for an SSID</para> 318c1d255d3SCy Schubert </listitem> 319c1d255d3SCy Schubert </varlistentry> 320c1d255d3SCy Schubert 321c1d255d3SCy Schubert <varlistentry> 322c1d255d3SCy Schubert <term>list_networks</term> 323c1d255d3SCy Schubert <listitem> 324c1d255d3SCy Schubert <para>list configured networks</para> 325c1d255d3SCy Schubert </listitem> 326c1d255d3SCy Schubert </varlistentry> 327c1d255d3SCy Schubert 328c1d255d3SCy Schubert <varlistentry> 329c1d255d3SCy Schubert <term>terminate</term> 330c1d255d3SCy Schubert <listitem> 331c1d255d3SCy Schubert <para>terminate <command>wpa_supplicant</command></para> 332c1d255d3SCy Schubert </listitem> 333c1d255d3SCy Schubert </varlistentry> 334c1d255d3SCy Schubert 335c1d255d3SCy Schubert <varlistentry> 336c1d255d3SCy Schubert <term>quit</term> 337c1d255d3SCy Schubert <listitem><para>exit wpa_cli</para></listitem> 338c1d255d3SCy Schubert </varlistentry> 339c1d255d3SCy Schubert </variablelist> 340c1d255d3SCy Schubert </refsect1> 341c1d255d3SCy Schubert <refsect1> 342c1d255d3SCy Schubert <title>See Also</title> 343c1d255d3SCy Schubert <para> 344c1d255d3SCy Schubert <citerefentry> 345c1d255d3SCy Schubert <refentrytitle>wpa_supplicant</refentrytitle> 346c1d255d3SCy Schubert <manvolnum>8</manvolnum> 347c1d255d3SCy Schubert </citerefentry> 348c1d255d3SCy Schubert </para> 349c1d255d3SCy Schubert </refsect1> 350c1d255d3SCy Schubert <refsect1> 351c1d255d3SCy Schubert <title>Legal</title> 352*ec080394SCy Schubert <para>wpa_supplicant is copyright (c) 2003-2022, 353c1d255d3SCy Schubert Jouni Malinen <email>j@w1.fi</email> and 354c1d255d3SCy Schubert contributors. 355c1d255d3SCy Schubert All Rights Reserved.</para> 356c1d255d3SCy Schubert 357c1d255d3SCy Schubert <para>This program is licensed under the BSD license (the one with 358c1d255d3SCy Schubert advertisement clause removed).</para> 359c1d255d3SCy Schubert </refsect1> 360c1d255d3SCy Schubert</refentry> 361