wpa_supplicant - detecting that my password is incorrect?1favoriteIf I specify the wrong password for an SSID is there anyway to detect this is the issue when switching to a network?E.g. here I add a network but deliberately specify the wrong password. If I check the status I just see that it's SCANNING# wpa_cli add_networkSelected interface 'wlan0'1# wpa_cli set_network 1 ssid \"MyPlace\"Selected interface 'wlan0'OK# wpa_cli set_network 1 psk \"SuperSecret\"Selected interface 'wlan0'OK# wpa_cli select_network 1Selected interface 'wlan0'OK# wpa_cli statusSelected interface 'wlan0'wpa_state=SCANNINGp2p_device_address=fe:c2:de:37:93:11address=fc:c2:de:37:93:11If I write a script to run wpa_cli status repeatedly after selecting the network I can see it goes through the phases:SCANNINGASSOCIATING4WAY_HANDSHAKEDISCONNECTEDSCANNINGSo is there some way to discover that the association/handshake phase failed due to an incorrect password? E.g. does the disconnect event report some reason that's stored and which I can then query?linux wireless-networking wpa-supplicant wpa2-pskshareimprove this questionasked Apr 19 '15 at 16:31

George Hawkins6881 Answeractiveoldestvotes1acceptedIf we look at wpa_supplicant/events.c:2326 we see:if (could_be_psk_mismatch(wpa_s, reason_code, locally_generated)) { wpa_msg(wpa_s, MSG_INFO, "WPA: 4-Way Handshake failed - " "pre-shared key may be incorrect"); if (wpas_p2p_4way_hs_failed(wpa_s) > 0) return; /* P2P group removed */ wpas_auth_failed(wpa_s, "WRONG_KEY");}So when this logic is hit it logs WPA: 4-Way Handshake failed - pre-shared key may be incorrect.Then it carries on to wpa_supplicant/wpa_supplicant.c:5136 and we see:wpa_msg(wpa_s, MSG_INFO, WPA_EVENT_TEMP_DISABLED "id=%d ssid=\"%s\" auth_failures=%u duration=%d reason=%s", ssid->id, wpa_ssid_txt(ssid->ssid, ssid->ssid_len), ssid->auth_failures, dur, reason);So here <3>CTRL-EVENT-SSID-TEMP-DISABLED id=0 ssid="MyPlace" auth_failures=1 duration=10 reason=WRONG_KEY is logged.So I can either ensure that wpa_supplicant is started such that it logs its output to a file and then grep for such messages.Or I can run wpa_cli in interactive mode - when it's in this mode it will subscribe for and output anywpa_supplicant messages.So the very hacky solution I came up with was to run wpa_cli in a script and fool it into thinking it's in interactive mode:#!/bin/bashfunction poke { while true do printf '\n' sleep 1 done}function watch { (poke) | wpa_cli | while read line do case "$line" in *'4-Way Handshake failed'*) echo "incorrect key" return ;; *'CTRL-EVENT-CONNECTED'*) echo "connected" return ;; esac done}wpa_cli disable_network 0 > /dev/nullwpa_cli enable_network 0 > /dev/nullwatchwpa_cli will only output any messages it has received after some user input has occurred, so the poke function provides this.This script enables the 0th network and looks at what wpa_supplicant outputs while doing this.Like I said this is pretty hacky but it works.shareimprove this answeredited Apr 20 '15 at 18:28answered Apr 20 '15 at 17:40

George Hawkins688