1*18a27dd6SAlexander Ziaee.\"- 2*18a27dd6SAlexander Ziaee.\" SPDX-License-Identifier: BSD-2-Clause 3*18a27dd6SAlexander Ziaee.\" 4079a8921SSam Leffler.\" Copyright (c) 2005 Sam Leffler <sam@errno.com> 5079a8921SSam Leffler.\" All rights reserved. 6079a8921SSam Leffler.\" 7079a8921SSam Leffler.\" Redistribution and use in source and binary forms, with or without 8079a8921SSam Leffler.\" modification, are permitted provided that the following conditions 9079a8921SSam Leffler.\" are met: 10079a8921SSam Leffler.\" 1. Redistributions of source code must retain the above copyright 11079a8921SSam Leffler.\" notice, this list of conditions and the following disclaimer. 12079a8921SSam Leffler.\" 2. Redistributions in binary form must reproduce the above copyright 13079a8921SSam Leffler.\" notice, this list of conditions and the following disclaimer in the 14079a8921SSam Leffler.\" documentation and/or other materials provided with the distribution. 15079a8921SSam Leffler.\" 16079a8921SSam Leffler.\" THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND 17079a8921SSam Leffler.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 18079a8921SSam Leffler.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 19079a8921SSam Leffler.\" ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE 20079a8921SSam Leffler.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 21079a8921SSam Leffler.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 22079a8921SSam Leffler.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 23079a8921SSam Leffler.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 24079a8921SSam Leffler.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 25079a8921SSam Leffler.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 26079a8921SSam Leffler.\" SUCH DAMAGE. 27079a8921SSam Leffler.\" 28*18a27dd6SAlexander Ziaee.Dd June 21, 2024 29079a8921SSam Leffler.Dt WPA_CLI 8 30079a8921SSam Leffler.Os 31079a8921SSam Leffler.Sh NAME 32079a8921SSam Leffler.Nm wpa_cli 33*18a27dd6SAlexander Ziaee.Nd console utility for WiFi authentication with wpa_supplicant 34079a8921SSam Leffler.Sh SYNOPSIS 354d0e06e6SSevan Janiyan.Nm wpa_cli 364d0e06e6SSevan Janiyan.Op Fl p Ar path_to_ctrl_sockets 374d0e06e6SSevan Janiyan.Op Fl i Ar ifname 384d0e06e6SSevan Janiyan.Op Fl hvB 394d0e06e6SSevan Janiyan.Op Fl a Ar action_file 404d0e06e6SSevan Janiyan.Op Fl P Ar pid_file 414d0e06e6SSevan Janiyan.Op Fl g Ar global_ctrl 424d0e06e6SSevan Janiyan.Op Fl G Ar ping_interval 434d0e06e6SSevan Janiyan.Ar command ... 44079a8921SSam Leffler.Sh DESCRIPTION 45e516c0d9SRuslan ErmilovThe 46079a8921SSam Leffler.Nm 47e516c0d9SRuslan Ermilovutility 48079a8921SSam Leffleris a text-based frontend program for interacting with 49e516c0d9SRuslan Ermilov.Xr wpa_supplicant 8 . 50e516c0d9SRuslan ErmilovIt is used to query current status, 51079a8921SSam Lefflerchange configuration, 52079a8921SSam Lefflertrigger events, 53079a8921SSam Lefflerand 54079a8921SSam Lefflerrequest interactive user input. 55079a8921SSam Leffler.Pp 56e516c0d9SRuslan ErmilovThe 57079a8921SSam Leffler.Nm 58e516c0d9SRuslan Ermilovutility 59079a8921SSam Lefflercan show the 60079a8921SSam Lefflercurrent authentication status, 61079a8921SSam Lefflerselected security 62079a8921SSam Lefflermode, dot11 and dot1x MIBs, etc. 63079a8921SSam LefflerIn addition, 64079a8921SSam Leffler.Nm 65079a8921SSam Lefflercan configure EAPOL state machine 66079a8921SSam Lefflerparameters and trigger events such as reassociation 67079a8921SSam Lefflerand IEEE 802.1X logoff/logon. 68079a8921SSam Leffler.Pp 69e516c0d9SRuslan ErmilovThe 70079a8921SSam Leffler.Nm 71e516c0d9SRuslan Ermilovutility 72079a8921SSam Lefflerprovides an interface to supply authentication information 737f9f6cadSChristian Brueffersuch as username and password when it is not provided in the 74e516c0d9SRuslan Ermilov.Xr wpa_supplicant.conf 5 75079a8921SSam Lefflerconfiguration file. 76079a8921SSam LefflerThis can be used, for example, to implement 77e516c0d9SRuslan Ermilovone-time passwords or generic token card 78079a8921SSam Lefflerauthentication where the authentication is based on a 79079a8921SSam Lefflerchallenge-response that uses an external device for generating the 80079a8921SSam Lefflerresponse. 81079a8921SSam Leffler.Pp 82e516c0d9SRuslan ErmilovThe 83079a8921SSam Leffler.Nm 84e516c0d9SRuslan Ermilovutility 85079a8921SSam Lefflersupports two modes: interactive and command line. 86079a8921SSam LefflerBoth modes share the same command set and the main difference 87079a8921SSam Leffleris in interactive mode providing access to unsolicited messages 88079a8921SSam Leffler(event messages, username/password requests). 89079a8921SSam Leffler.Pp 90079a8921SSam LefflerInteractive mode is started when 91079a8921SSam Leffler.Nm 92e516c0d9SRuslan Ermilovis executed without any parameters on the command line. 93079a8921SSam LefflerCommands are then entered from the controlling terminal in 94079a8921SSam Lefflerresponse to the 95079a8921SSam Leffler.Nm 96079a8921SSam Lefflerprompt. 97079a8921SSam LefflerIn command line mode, the same commands are 98079a8921SSam Lefflerentered as command line arguments. 99079a8921SSam Leffler.Pp 100079a8921SSam LefflerThe control interface of 101e516c0d9SRuslan Ermilov.Xr wpa_supplicant 8 102079a8921SSam Lefflercan be configured to allow 103079a8921SSam Lefflernon-root user access by using the 104e516c0d9SRuslan Ermilov.Va ctrl_interface_group 105e516c0d9SRuslan Ermilovparameter 106079a8921SSam Lefflerin the 107e516c0d9SRuslan Ermilov.Xr wpa_supplicant.conf 5 108079a8921SSam Lefflerconfiguration file. 109079a8921SSam LefflerThis makes it possible to run 110079a8921SSam Leffler.Nm 111079a8921SSam Lefflerwith a normal user account. 112079a8921SSam Leffler.Sh AUTHENTICATION PARAMETERS 113079a8921SSam LefflerWhen 114e516c0d9SRuslan Ermilov.Xr wpa_supplicant 8 115079a8921SSam Lefflerneeds authentication parameters, such as username and password, 116079a8921SSam Lefflerthat are not present in the configuration file, it sends a 117079a8921SSam Lefflerrequest message to all attached frontend programs, e.g., 118079a8921SSam Leffler.Nm 119079a8921SSam Lefflerin interactive mode. 120e516c0d9SRuslan ErmilovThe 121079a8921SSam Leffler.Nm 122e516c0d9SRuslan Ermilovutility 123079a8921SSam Lefflershows these requests with a 124*18a27dd6SAlexander Ziaee.Dq Li CTRL-REQ- Ns Ao Ar type Ac Ns Li - Ns Ao Ar id Ac : Ns Aq Ar text 125e516c0d9SRuslan Ermilovprefix, where 126e516c0d9SRuslan Ermilov.Aq Ar type 127e516c0d9SRuslan Ermilovis 128e516c0d9SRuslan Ermilov.Li IDENTITY , PASSWORD , 129e516c0d9SRuslan Ermilovor 130e516c0d9SRuslan Ermilov.Li OTP 1317f9f6cadSChristian Brueffer(One-Time Password), 132e516c0d9SRuslan Ermilov.Aq Ar id 133e516c0d9SRuslan Ermilovis a unique identifier for the current network, 134e516c0d9SRuslan Ermilov.Aq Ar text 1357f9f6cadSChristian Bruefferis a description of the request. 1367f9f6cadSChristian BruefferIn the case of an 137e516c0d9SRuslan Ermilov.Li OTP 1387f9f6cadSChristian Brueffer(One-Time Password) request, 139079a8921SSam Lefflerit includes the challenge from the authentication server. 140079a8921SSam Leffler.Pp 141079a8921SSam LefflerA user must supply 142e516c0d9SRuslan Ermilov.Xr wpa_supplicant 8 143079a8921SSam Lefflerthe needed parameters in response to these requests. 144079a8921SSam Leffler.Pp 145079a8921SSam LefflerFor example, 146e516c0d9SRuslan Ermilov.Bd -literal -offset indent 147079a8921SSam LefflerCTRL-REQ-PASSWORD-1:Password needed for SSID foobar 148079a8921SSam Leffler> password 1 mysecretpassword 149079a8921SSam Leffler 150079a8921SSam LefflerExample request for generic token card challenge-response: 151079a8921SSam Leffler 152079a8921SSam LefflerCTRL-REQ-OTP-2:Challenge 1235663 needed for SSID foobar 153079a8921SSam Leffler> otp 2 9876 154079a8921SSam Leffler.Ed 1554d0e06e6SSevan Janiyan.Sh OPTIONS 1564d0e06e6SSevan JaniyanThese options are available: 1574d0e06e6SSevan Janiyan.Bl -tag -width indent 1584d0e06e6SSevan Janiyan.It Fl p Ar path 1594d0e06e6SSevan JaniyanControl sockets path. 1604d0e06e6SSevan JaniyanThis should match the 1614d0e06e6SSevan Janiyan.Ic ctrl_interface 1624d0e06e6SSevan Janiyanin 1634d0e06e6SSevan Janiyan.Xr wpa_supplicant.conf 5 . 1644d0e06e6SSevan JaniyanThe default path is 1654d0e06e6SSevan Janiyan.Pa /var/run/wpa_supplicant . 1664d0e06e6SSevan Janiyan.It Fl i Ar ifname 1674d0e06e6SSevan JaniyanInterface to be configured. 1684d0e06e6SSevan JaniyanBy default, the first interface found in the socket path is used. 1694d0e06e6SSevan Janiyan.It Fl h 1704d0e06e6SSevan JaniyanShow help. 1714d0e06e6SSevan Janiyan.It Fl v 1724d0e06e6SSevan JaniyanShow version information. 1734d0e06e6SSevan Janiyan.It Fl B 1744d0e06e6SSevan JaniyanRun the daemon in the background. 1754d0e06e6SSevan Janiyan.It Fl a Ar action_file 1764d0e06e6SSevan JaniyanRun in daemon mode, executing the action file based on events from 1774d0e06e6SSevan Janiyan.Xr wpa_supplicant 8 . 1784d0e06e6SSevan Janiyan.It Fl P Ar pid_file 1794d0e06e6SSevan JaniyanPID file location. 1804d0e06e6SSevan Janiyan.It Fl g Ar global_ctrl 1814d0e06e6SSevan JaniyanUse a global control interface to 1824d0e06e6SSevan Janiyan.Xr wpa_supplicant 8 1834d0e06e6SSevan Janiyanrather than the default Unix domain sockets. 1844d0e06e6SSevan Janiyan.It Fl G Ar ping_interval 1854d0e06e6SSevan JaniyanWait 1864d0e06e6SSevan Janiyan.Dq ping_interval 1874d0e06e6SSevan Janiyanseconds before sending each ping to 1884d0e06e6SSevan Janiyan.Xr wpa_supplicant 8 . 1894d0e06e6SSevan JaniyanSee the 1904d0e06e6SSevan Janiyan.Ic ping 1914d0e06e6SSevan Janiyancommand. 1924d0e06e6SSevan Janiyan.It command 1934d0e06e6SSevan JaniyanSee available commands in the next section. 1944d0e06e6SSevan Janiyan.El 195079a8921SSam Leffler.Sh COMMANDS 1964d0e06e6SSevan JaniyanThese commands can be supplied on the command line 197079a8921SSam Leffleror at a prompt when operating interactively. 198079a8921SSam Leffler.Bl -tag -width indent 199e516c0d9SRuslan Ermilov.It Ic status 200079a8921SSam LefflerReport the current WPA/EAPOL/EAP status for the current interface. 2014d0e06e6SSevan Janiyan.It Ic ifname 2024d0e06e6SSevan JaniyanShow the current interface name. 2034d0e06e6SSevan JaniyanThe default interface is the first interface found in the socket path. 2044d0e06e6SSevan Janiyan.It Ic ping 2054d0e06e6SSevan JaniyanPing the 2064d0e06e6SSevan Janiyan.Xr wpa_supplicant 8 2074d0e06e6SSevan Janiyanutility. 2084d0e06e6SSevan JaniyanThis command can be used to test the status of the 2094d0e06e6SSevan Janiyan.Xr wpa_supplicant 8 2104d0e06e6SSevan Janiyandaemon. 211e516c0d9SRuslan Ermilov.It Ic mib 212079a8921SSam LefflerReport MIB variables (dot1x, dot11) for the current interface. 213e516c0d9SRuslan Ermilov.It Ic help 214079a8921SSam LefflerShow usage help. 215e516c0d9SRuslan Ermilov.It Ic interface Op Ar ifname 216079a8921SSam LefflerShow available interfaces and/or set the current interface 2174d0e06e6SSevan Janiyanwhen multiple interfaces are available. 218e516c0d9SRuslan Ermilov.It Ic level Ar debug_level 219079a8921SSam LefflerChange the debugging level in 220e516c0d9SRuslan Ermilov.Xr wpa_supplicant 8 . 221079a8921SSam LefflerLarger numbers generate more messages. 222e516c0d9SRuslan Ermilov.It Ic license 2234d0e06e6SSevan JaniyanDisplay the full license for 224079a8921SSam Leffler.Nm . 225e516c0d9SRuslan Ermilov.It Ic logoff 226e516c0d9SRuslan ErmilovSend the IEEE 802.1X EAPOL state machine into the 227e516c0d9SRuslan Ermilov.Dq logoff 228e516c0d9SRuslan Ermilovstate. 229e516c0d9SRuslan Ermilov.It Ic logon 230e516c0d9SRuslan ErmilovSend the IEEE 802.1X EAPOL state machine into the 231e516c0d9SRuslan Ermilov.Dq logon 232e516c0d9SRuslan Ermilovstate. 233e516c0d9SRuslan Ermilov.It Ic set Op Ar settings 234079a8921SSam LefflerSet variables. 235e516c0d9SRuslan ErmilovWhen no arguments are supplied, the known variables and their settings 236079a8921SSam Lefflerare displayed. 237e516c0d9SRuslan Ermilov.It Ic pmksa 238079a8921SSam LefflerShow the contents of the PMKSA cache. 239e516c0d9SRuslan Ermilov.It Ic reassociate 240079a8921SSam LefflerForce a reassociation to the current access point. 241e516c0d9SRuslan Ermilov.It Ic reconfigure 242079a8921SSam LefflerForce 243e516c0d9SRuslan Ermilov.Xr wpa_supplicant 8 244079a8921SSam Lefflerto re-read its configuration file. 245e516c0d9SRuslan Ermilov.It Ic preauthenticate Ar BSSID 246e516c0d9SRuslan ErmilovForce preauthentication of the specified 247e516c0d9SRuslan Ermilov.Ar BSSID . 248e516c0d9SRuslan Ermilov.It Ic identity Ar network_id identity 249079a8921SSam LefflerConfigure an identity for an SSID. 250e516c0d9SRuslan Ermilov.It Ic password Ar network_id password 251079a8921SSam LefflerConfigure a password for an SSID. 2524d0e06e6SSevan Janiyan.It Ic new_password Ar network_id password 2534d0e06e6SSevan JaniyanChange the password for an SSID. 2544d0e06e6SSevan Janiyan.It Ic PIN Ar network_id pin 2554d0e06e6SSevan JaniyanConfigure a PIN for an SSID. 2564d0e06e6SSevan Janiyan.It Ic passphrase Ar network_id passphrase 2574d0e06e6SSevan JaniyanConfigure a private key passphrase for an SSID. 2584d0e06e6SSevan Janiyan.It Ic bssid Ar network_id bssid 2594d0e06e6SSevan JaniyanSet a preferred BSSID for an SSID 2604d0e06e6SSevan Janiyan.It Ic blacklist Op Ar bssid | clear 2614d0e06e6SSevan JaniyanAdd a BSSID to the blacklist. 2624d0e06e6SSevan JaniyanWhen invoked without any extra arguments, display the blacklist. 2634d0e06e6SSevan JaniyanSpecifying 2644d0e06e6SSevan Janiyan.Ar clear 2654d0e06e6SSevan Janiyancauses 2664d0e06e6SSevan Janiyan.Nm 2674d0e06e6SSevan Janiyanto clear the blacklist. 2684d0e06e6SSevan Janiyan.It Ic list_networks 2694d0e06e6SSevan JaniyanList configured networks. 2704d0e06e6SSevan Janiyan.It Ic select_network Ar network_id 2714d0e06e6SSevan JaniyanSelect a network and disable others. 2724d0e06e6SSevan Janiyan.It Ic enable_network Ar network_id 2734d0e06e6SSevan JaniyanEnable a network. 2744d0e06e6SSevan Janiyan.It Ic disable_network Ar network_id 2754d0e06e6SSevan JaniyanDisable a network. 2764d0e06e6SSevan Janiyan.It Ic add_network 2774d0e06e6SSevan JaniyanAdd a network. 2784d0e06e6SSevan Janiyan.It Ic remove_network Ar network_id 2794d0e06e6SSevan JaniyanRemove a network. 2804d0e06e6SSevan Janiyan.It Ic set_network Op Ar network_id variable value 2814d0e06e6SSevan JaniyanSet network variables. 2824d0e06e6SSevan JaniyanShows a list of variables when run without arguments. 2834d0e06e6SSevan Janiyan.It Ic get_network Ar network_id variable 2844d0e06e6SSevan JaniyanGet network variables. 2854d0e06e6SSevan Janiyan.It Ic disconnect 2864d0e06e6SSevan JaniyanDisconnect and wait for reassociate/reconnect command before connecting. 2874d0e06e6SSevan Janiyan.It Ic reconnect 2884d0e06e6SSevan JaniyanSimilar to 2894d0e06e6SSevan Janiyan.Ic reassociate , 2904d0e06e6SSevan Janiyanbut only takes effect if already disconnected. 2914d0e06e6SSevan Janiyan.It Ic scan 2924d0e06e6SSevan JaniyanRequest new BSS scan. 2934d0e06e6SSevan Janiyan.It Ic scan_results 2944d0e06e6SSevan JaniyanGet the latest BSS scan results. 2954d0e06e6SSevan JaniyanThis command can be invoked after running a BSS scan with 2964d0e06e6SSevan Janiyan.Ic scan . 2974d0e06e6SSevan Janiyan.It Ic bss Op Ar idx | bssid 2984d0e06e6SSevan JaniyanGet a detailed BSS scan result for the network identified by 2994d0e06e6SSevan Janiyan.Dq bssid 3004d0e06e6SSevan Janiyanor 3014d0e06e6SSevan Janiyan.Dq idx . 302e516c0d9SRuslan Ermilov.It Ic otp Ar network_id password 303e516c0d9SRuslan ErmilovConfigure a one-time password for an SSID. 304e516c0d9SRuslan Ermilov.It Ic terminate 305079a8921SSam LefflerForce 306e516c0d9SRuslan Ermilov.Xr wpa_supplicant 8 307079a8921SSam Lefflerto terminate. 3084d0e06e6SSevan Janiyan.It Ic interface_add Ar ifname Op Ar confname driver ctrl_interface driver_param bridge_name 3094d0e06e6SSevan JaniyanAdd a new interface with the given parameters. 3104d0e06e6SSevan Janiyan.It Ic interface_remove Ar ifname 3114d0e06e6SSevan JaniyanRemove the interface. 3124d0e06e6SSevan Janiyan.It Ic interface_list 3134d0e06e6SSevan JaniyanList available interfaces. 314e516c0d9SRuslan Ermilov.It Ic quit 315079a8921SSam LefflerExit 316079a8921SSam Leffler.Nm . 317079a8921SSam Leffler.El 318079a8921SSam Leffler.Sh SEE ALSO 319e516c0d9SRuslan Ermilov.Xr wpa_supplicant.conf 5 , 320e516c0d9SRuslan Ermilov.Xr wpa_supplicant 8 321079a8921SSam Leffler.Sh HISTORY 322079a8921SSam LefflerThe 323079a8921SSam Leffler.Nm 324079a8921SSam Lefflerutility first appeared in 325079a8921SSam Leffler.Fx 6.0 . 326079a8921SSam Leffler.Sh AUTHORS 327079a8921SSam LefflerThe 328079a8921SSam Leffler.Nm 329079a8921SSam Lefflerutility was written by 33001c2b8acSBaptiste Daroussin.An Jouni Malinen Aq Mt j@w1.fi . 331e516c0d9SRuslan ErmilovThis manual page is derived from the 332e516c0d9SRuslan Ermilov.Pa README 3334d0e06e6SSevan Janiyanand 3344d0e06e6SSevan Janiyan.Pa wpa_cli.c 3354d0e06e6SSevan Janiyanfiles included in the 336e516c0d9SRuslan Ermilov.Nm wpa_supplicant 337079a8921SSam Lefflerdistribution. 338