How to Connect to Wi-Fi via the Linux Terminal: From Beginner to Pro

Working with the Linux operating system often requires going beyond the graphical interface, especially when it comes to diagnosing network problems or setting up servers without a graphical shell. Many users perceive the command line as something intimidating and complex, but it's precisely terminal Provides the most comprehensive and flexible control over your computer's network interfaces. Unlike graphical utilities, console commands allow you to fine-tune connection settings that may not be available in the standard settings menu.

Connecting to a wireless network Wi-Fi Using the terminal is a fundamental skill for any system administrator or enthusiast working with distributions like Ubuntu, Debian, or Arch Linux. This method is indispensable when the graphical interface freezes, drivers are not working correctly, or you are managing a remote server. Understanding how network utilities work in the console will give you the confidence to solve any networking problem.

In this article, we'll cover several connection methods in detail: from modern and user-friendly tools like NetworkManager to lower-level utilities like wpa_supplicant. You'll learn how to scan the airwaves, enter passwords, configure static IP addresses, and diagnose connection issues using only a keyboard and screen.

Preparing the environment and checking the network status

Before attempting to connect to an access point, you must ensure that your wireless adapter is physically turned on and recognized by the system. Users often forget that airplane mode may be enabled on laptops, or the hardware Wi-Fi switch may be disabled. The first step should always be checking the interface status using a utility. ip or nmcli.

Enter the command ip linkto see a list of all network interfaces. Wireless adapters typically have names starting with "wl," such as wlp2s0 or wlan0If you see the status NO-CARRIER or the interface is marked as DOWN, it needs to be raised. To do this, use the command sudo ip link set dev interface_name upIf the interface is not displayed at all, the necessary drivers may be missing.

It is also important to check whether the wireless module is blocked by software or hardware. Utility rfkill allows you to manage radio interface locks. Perform rfkill listto see the status of all devices. If you see the line "Soft blocked: yes," it means the blocking is software-based and can be removed with the command rfkill unblock wifi.

⚠️ Important: If you're using a virtual machine, make sure the USB Wi-Fi adapter is forwarded to the guest OS. Virtual network cards typically work through the host's NAT and don't require separate Wi-Fi configuration within the guest OS.

  • 📡 Check for the presence of a wireless interface with the command ip link.
  • 🔓 Remove software lock via rfkill unblock wifi.
  • 🔌 Make sure the drivers are installed and the kernel module is loaded.
  • 🆙 Bring up the interface with the command sudo ip link set dev interface up.
How do I find out the name of my wireless interface?

The interface name can be found by running the command ip link or iw devThese are usually lines like wlan0, wlp3s0, or similar. Older systems may use eth1.

Using NetworkManager (nmcli) for quick connection

The most common and convenient tool for network management in modern Linux distributions is NetworkManagerIts console utility nmcli (NetworkManager Command Line Interface) allows you to perform all necessary actions without writing complex configuration files. It's an ideal choice for desktop systems such as Ubuntu, Fedora, or Linux Mint.

To get started, you need to scan available networks. Command nmcli dev wifi list will display a list of all visible access points, including their SSID, signal strength, and security status. If the list is empty, try restarting the network service or checking access rights. Once you've found the desired network, connecting is a simple matter of typing.

nmcli dev wifi connect "Network_Name" password "Your_Password"

This command will automatically create a connection profile, attempt to obtain an IP address via DHCP, and configure DNS. If the connection is successful, you will see the message "Connection successfully activated." In the future, the system will automatically connect to this network when it is detected. For hidden networks (those that do not broadcast their SSID), you will need to add a flag. hidden yes.

📊 Which Linux distribution do you use most often?
Ubuntu/Debian
Arch/Manjaro
Fedora/CentOS
Other (Gentoo, Slackware)
I'm just planning to switch to Linux.

Saved profiles can also be managed through the terminal. You can view them with the command nmcli connection showIf you need to delete an old profile, use nmcli connection delete "Profile_Name"This is useful if you've changed your router password or moved to a new office, and the old settings are preventing automatic connection.

  • 🔍 Network scanning: nmcli dev wifi list.
  • 🔗 Connection: nmcli dev wifi connect "SSID" password "PASS".
  • 🗑️ Deleting a profile: nmcli connection delete "ProfileName".
  • 📝 View all connections: nmcli connection show.

Setting up a connection via wpa_supplicant and wpa_cli

In more minimalist environments or on servers where NetworkManager is not installed, the main tool remains the bundle wpa_supplicant And wpa_cliThis approach is more "low-level" and provides complete control over the access point association process and traffic encryption. It is the de facto standard for many embedded systems and server builds.

The process begins by starting the wpa_supplicant daemon in the background. You need to specify the interface and driver. The driver is typically used. nl80211After starting the daemon, you can interact with it through the utility wpa_cliThis is an interactive mode that allows you to scan and connect step by step.

sudo wpa_supplicant -i wlan0 -D nl80211 -c /etc/wpa_supplicant/wpa_supplicant.conf

In wpa_cli interactive mode you can run scan to search for networks and scan_results to view the results. To connect, use the command add_network, which will return the network number (usually 0). Then you need to set the SSID and password using the commands set_network 0 ssid "Name" And set_network 0 psk "Password"After setting up the parameters, the network is activated by the command enable_network 0.

⚠️ Important: When using wpa_cli in interactive mode, all entered commands are applied immediately. Incorrect configuration may terminate an existing connection, so be careful when entering security settings.

For permanent storage of settings, a configuration file /etc/wpa_supplicant/wpa_supplicant.conf can be edited manually. A block is added to it network with a hashed password. To generate a secure password hash (PSK), use the utility wpa_passphrase, which will output a ready-made block for insertion into the config without storing the password in clear text.

  • 🚀 Starting the daemon: wpa_supplicant -i interface -D driver.
  • 🎛 Interactive control: wpa_cli.
  • 🔐 Hash generation: wpa_passphrase "SSID" "PASS".
  • ⚙️ Configuration: /etc/wpa_supplicant/wpa_supplicant.conf.
Why is it better to use a hash instead of a cleartext password?

Using plaintext passwords in configuration files is less secure, as anyone with read access to the file can see the key. A PSK hash hides the password itself, but allows connection to the network. However, for WPA3, using a hash is a requirement in some implementations.

Manually setting IP address and DNS after connection

After successfully associating with the access point (when the link is up), your computer may still lack an IP address to access the internet. In most cases, this is handled by the DHCP client, which automatically requests settings from the router. However, in server environments or if there are issues with DHCP, it may be necessary manual tuning static IP.

To obtain the address automatically, a daemon is most often used. dhcpcd or built-in client dhclient. Team sudo dhclient wlan0 will start the address request process. If the address isn't received within a minute, you should check the logs or try restarting the service. In modern systems with systemd, this is often used. systemd-networkd.

If automatic distribution does not work or a fixed address is required, use the command ip addr. For example: sudo ip addr add 192.168.1.50/24 dev wlan0. Here 192.168.1.50 - your IP, and /24 — subnet mask (255.255.255.0). After assigning the address, you must specify the default gateway through which traffic to the external network will flow.

sudo ip route add default via 192.168.1.1

Don't forget about DNS servers, otherwise you won't be able to open websites using domain names. DNS settings are configured in the file /etc/resolv.conf. Add the following lines there. nameserver 8.8.8.8 (Google) or nameserver 1.1.1.1 (Cloudflare). Keep in mind that some distributions overwrite this file automatically, so for permanent changes, it's best to use NetworkManager or systemd-resolved configuration.

☑️ Check network settings

Completed: 0 / 4

The table below shows the differences between the automatic and manual setup methods:

Parameter Automatic (DHCP) Manually (Static)
IP address Issued by the router Set by the administrator
Gateway Automatically Team ip route
DNS From the provider/router File resolv.conf
Complexity Low Medium/High

Troubleshooting and signal quality analysis

Even with the correct settings, the connection may be unstable or even absent. Linux diagnostics are provided by a powerful set of tools. The first step is to check the signal strength and connection quality. The utility iwlist or iw dev Allows you to get detailed information about the current connection, including channel frequency and noise level.

Team iw dev wlan0 link Shows the current connection status, including the tx rate and signal strength. The signal is measured in dBm and is a negative number. Values ​​closer to 0 (e.g., -40 dBm) indicate an excellent signal, while values ​​below -80 dBm indicate very weak reception, leading to dropouts.

⚠️ Warning: Wi-Fi interfaces in Linux can enter power-saving mode, which sometimes causes connection drops. If you experience instability, try disabling this mode through the driver settings or nmcli (wifi.powersave parameter).

To check the availability of remote nodes, use ping. Launch ping -c 4 8.8.8.8 will send 4 packets to the Google server. If packets are lost, the problem may be radio interference or channel congestion. Also useful traceroute (or tracepath), which shows the packet's path to the destination and helps identify where the bottleneck occurs in the network.

  • 📶 Signal level: iw dev wlan0 link.
  • 📡 Channel scanning: iwlist wlan0 scanning.
  • 🏓 Availability check: ping 8.8.8.8.
  • 🛣 Path tracing: tracepath google.com.

Wireless connection security in the terminal

Security when working through a terminal is critical, especially when using public networks. Protocol WPA3 is the modern standard, but many networks still use WPA2. When connecting via a terminal, it's important to understand which encryption protocols are used. The utility wpa_cli Allows you to check the security status of the current connection.

Avoid transmitting passwords in plaintext in your command history. As mentioned earlier, use stealth flags or generate hashes in advance. Also, be aware of the risks of using open Wi-Fi networks. In such cases, it is highly recommended to use VPN tunneling to encrypt all traffic to protect your data from interception.

Monitoring network activity is also possible through the terminal. Utilities such as tcpdump or wireshark (in console mode tshark) allow you to analyze passing packets. This is an advanced tool, but it's essential for in-depth diagnostics of security issues or searching for data leaks on a local network.

Update your network related packages regularly (networkmanager, wpa_supplicant, firmware) to patch vulnerabilities. In Debian-based distributions, this is done through apt update && apt upgradeCurrent drivers often contain fixes for critical security holes in wireless chips.

  • 🔒 Use WPA3 where possible.
  • 🕵️ Hide passwords in bash history.
  • 🛡 Use a VPN on public networks.
  • 🔄 Update your Wi-Fi adapter firmware.
How secure is it to store Wi-Fi passwords in configuration files?

Configuration files in Linux are typically readable only by the root user. If your computer is physically secure and users don't have superuser privileges, storing the password as a hash in /etc/wpa_supplicant/ is perfectly safe.

Is it possible to connect to Wi-Fi without a graphical shell?

Yes, absolutely. Terminal utilities (nmcli, wpa_cli) operate independently of the graphical interface (X11, Wayland) and are the primary way to configure servers.

What to do if nmcli command is not found?

This means the NetworkManager package is not installed or added to your PATH. Try installing it through your package manager (apt, dnf, pacman) or use the wpa_supplicant alternative.