Working with the Linux operating system often requires interaction with the command line, especially when the graphical interface is unavailable or overloaded. Connecting to a wireless network Terminal-based networking is a fundamental skill for system administrators and advanced users, allowing them to manage connections with minimal resource consumption. Unlike graphical shells, CLI tools provide direct access to network card drivers, which is critical when diagnosing problems or configuring headless servers.
There are several proven methods of network authorization, each of which has its own advantages depending on the distribution and network manager used. Nmcli, iwctl and classic wpa_supplicant Cover the vast majority of use cases. The choice of a specific tool often depends on whether the NetworkManager service is running on the system or whether you're working in a minimalist environment where every megabyte of RAM counts.
In this guide, we'll detail the steps for each popular tool, so you can feel confident in any situation. Whether you're using Ubuntu, Arch Linux, or Debian, the principles of using the radio module remain similar. The key is to understand the logic behind airwave scanning and encryption key transmission.
Diagnosing and checking the status of the network adapter
The first step before attempting a connection should always be checking the physical status of the device and its drivers. If the system doesn't detect the wireless card, further password entry is pointless. First, ensure the interface is active and not blocked by software or hardware switches.
Use the command ip link or iw devto display a list of available network interfaces. Wireless adapters typically have names starting with wlan, wlp or wi, while wired ones are designated as eth or enThe absence of a wireless interface in the list may indicate missing drivers or a disabled module.
Often users encounter a situation where the interface is there, but it is marked as DOWNIn this case, it must be raised manually. It's also worth checking the radio module's lock status using the utility. rfkill, which shows the status of Wi-Fi and Bluetooth modules.
- 🔍 Enter
ip link showto display the status of all network cards in the system. - 🚫 Use
rfkill listto check if WiFi is blocked by hardware. - ⬆️ Apply
sudo ip link set wlan0 upto activate the interface if it is disabled. - 📡 Make sure the driver is loaded with the command
lsmod | grep wifi(replace wifi with part of your driver name).
⚠️ Attention: If the team rfkill If the module shows a "hard blocked" status, software unlocking won't help. You'll need to find a physical switch on the laptop case or use a key combination (usually Fn + antenna) to enable the module.
Once the interface is raised, the system is ready to scan the surrounding space.
Using Nmcli to Manage NetworkManager
Most modern distributions, such as Ubuntu, Fedora, and Linux Mint, use NetworkManager by default. Its console client nmcli Provides a powerful and relatively intuitive interface for managing connections. This is the preferred method for desktop systems, as it saves settings in configuration files accessible to the graphical user interface.
The connection process begins with a scan for available access points. The command nmcli dev wifi list will display a list of networks within range, their signal strength, and security type. If the list is empty, scanning may be blocked or you are out of range.
To connect to a network with a known password, use a simple command specifying the network name (SSID) and security key. The system will automatically detect the encryption type (WPA2/WPA3) and attempt to obtain an IP address via DHCP.
sudo nmcli dev wifi connect "Network_Name" password "Your_Password"
If the connection was successful, nmcli will create a new connection profile that will automatically activate whenever this network appears in the future. This is convenient for mobile devices that move between different access points.
☑️ Check before connecting via nmcli
In some cases, automatic parameter detection may not work correctly, especially in corporate networks with hidden SSIDs or specific security settings. In these cases, you must manually create a connection, specifying the parameters one by one.
- 📝 Create a profile:
nmcli con add type wifi con-name"MyHome" ifname wlan0 ssid"HomeWiFi". - 🔐 Set up security:
nmcli con modify"MyHome" wifi-sec.key-mgmt wpa-psk wifi-sec.psk"password". - 🚀 Activate the connection:
nmcli con up"MyHome". - 🗑️ Delete your profile if you encounter any errors:
nmcli con delete"MyHome".
⚠️ Warning: When entering a password on the command line, it may appear in your bash command history. For increased security, use interactive input or escape special characters in your password.
Using the Iwctl Utility in Arch Linux and systemd-networkd
For users of minimalist builds such as Arch Linux, or those who prefer systemd-networkd, the ideal solution is a utility iwctlIt is an interactive client for iwd (iNet Wireless Daemon), which is a modern replacement for the classic wpa_supplicant. The iwctl interface resembles the Cisco IOS command line, making it convenient for network engineers.
The launch is performed by the command iwctl, after which you get into an interactive shell with a hint [iwd]#Commands for device management, scanning, and connection are available here. The syntax is based on the following principle: device command argument.
The first thing you need to do is to check the available devices and make sure that your wireless device (eg. wlan0) is displayed in the list. If the device is not visible, check if the service is running. iwd.
[iwd]# device list[iwd]# station wlan0 scan
[iwd]# station wlan0 get-networks
After scanning, you will see a list of networks. To connect, use the command station wlan0 connect"SSID"The system will prompt for a password if the network is secure. Unlike nmcli, there's no need to remember long, one-line commands, as the process is interactive.
An important feature iwd is storing passwords in clear text in configuration files /var/lib/iwd/This can be both an advantage for quickly backing up settings, and a security risk if attackers gain access to the file system.
- 🔌 Connect to the network:
station wlan0 connect HomeNetwork. - 📂 Check the saved profiles in the directory
/var/lib/iwd/. - 🔄 Reconnect to a known network:
station wlan0 disconnectthenconnect. - ℹ️ Get IP information:
station wlan0 get-current-connection.
⚠️ Important: The iwctl utility only works in conjunction with the iwd service. If your system uses wpa_supplicant by default, running iwctl will cause a dbus connection error. Make sure there are no conflicting services.
Classic method via Wpa_supplicant
Method using wpa_supplicant It's considered a classic and the most universal, as it runs on virtually any Linux distribution, even the most ancient ones. It doesn't require heavy daemons like NetworkManager and is ideal for servers. However, setup requires editing configuration files and manually starting processes.
The main difficulty lies in generating a hashed WPA key, as storing the password in plaintext in the configuration file is insecure (although possible). A utility is used to generate the hash. wpa_passphraseYou pass it the SSID and password, and it returns a ready-made configuration block.
wpa_passphrase"MySSID""MyPassword" >> /etc/wpa_supplicant/wpa_supplicant.conf
After preparing the configuration file, you need to start the daemon itself, specifying the interface and path to the settings file. At the same time, you need to run the DHCP client to obtain an IP address, as wpa_supplicant only handles authorization, not address assignment.
| Team | Purpose | Example of use |
|---|---|---|
wpa_passphrase |
Generating a password hash | wpa_passphrase SSID PASS |
wpa_supplicant |
Starting the authorization process | -i wlan0 -c /etc/wpa.conf |
dhcpcd |
Obtaining IP (DHCP client) | dhcpcd wlan0 |
ip addr |
Checking the received IP | ip addr show wlan0 |
This method provides complete control over the connection process, allowing you to set complex parameters such as network priorities, certificate paths for WPA-Enterprise, and reconnection timeouts. However, each time you change networks, you must manually edit the configuration or create new files.
To use this method consistently, it is recommended to configure systemd units so that the connection is restored automatically after a reboot. Modern systems often use the following pattern: wpa_supplicant@.service.
- 🛠️ Create a minimalistic config:
ctrl_interface=/var/run/wpa_supplicant. - 🔑 Add a network block with your SSID and password hash.
- ▶️ Run:
sudo wpa_supplicant -B -i wlan0 -c /etc/wpa_supplicant/wpa_supplicant.conf. - 🌐 Get the address:
sudo dhcpcd wlan0.
Setting up a static IP address in the terminal
In server environments, it's often necessary to abandon dynamic address allocation (DHCP) in favor of static IP addressing. This ensures addressing predictability and allows for configuring access to the server via a fixed address. In Linux, this is done using the utility ip from the package iproute2.
After successful authentication to the WiFi network (via nmcli, iwctl, or wpa_supplicant), the interface receives the "connected" status, but the IP address may not yet be assigned or may be dynamically assigned. To set a static address, you must first delete any existing addresses and assign a new one.
Team ip addr add Allows you to specify the address, subnet mask, and broadcast address. Then, you must specify the default gateway through which traffic to the external network (the Internet) will flow.
sudo ip addr add 192.168.1.50/24 dev wlan0sudo ip link set wlan0 up
sudo ip route add default via 192.168.1.1
It's important not to forget about DNS, otherwise the system will be connected to the network but won't be able to resolve domain names. DNS configuration is done by editing the file /etc/resolv.conf, where server addresses are written (for example, Google 8.8.8.8 or Cloudflare 1.1.1.1).
The static setting is not saved after reboot unless it is included in the distribution configuration files (for example, /etc/network/interfaces (in Debian or Netplan in Ubuntu). For temporary tasks or testing, manual input is quite sufficient.
- 📍 Assign IP:
ip addr add 192.168.x.x/24 dev wlan0. - 🚪 Specify gateway:
ip route add default via 192.168.x.1. - 📝 Register DNS in
/etc/resolv.conf:nameserver 8.8.8.8. - ✅ Check access:
ping 8.8.8.8.
⚠️ Important: When setting up a static IP, make sure the address you select is not within your router's DHCP range, otherwise an IP address conflict will occur and one of the devices will lose network connectivity.
Common mistakes and how to fix them
Even if you strictly follow the instructions, errors related to drivers, regional settings, or security standard incompatibilities may still occur. Understanding error codes significantly speeds up the diagnostic process. Often, the problem lies not with the password, but with the wireless card's operating mode.
One common issue is an incorrectly set region (Country Code). If the driver thinks you're in a country with a restricted frequency range, it may not see networks operating on restricted channels. You can change the region using the command iw reg set.
It is also worth mentioning the problem with drivers for Realtek and Broadcom cards, which often require the installation of proprietary packages (firmware-linux-nonfree (or similar). Without them, the card may be detected, but will not be able to enter operational mode.
A critical point is support for the WPA3 standard: older versions of wpa_supplicant (below 2.7) may not support new routers that require mandatory use of WPA3, which will lead to an endless loop of connection attempts.For debugging, use the system logs. Command dmesg | grep wlan or journalctl -u NetworkManager will show a detailed process of the connection attempt and indicate the exact reason for the failure (timeout, invalid key, association failure).
- 🌍 Change region:
sudo iw reg set US(or your country code). - 📜 Read the logs:
journalctl -fduring a connection attempt. - 🔄 Restart the service:
systemctl restart NetworkManager. - 💾 Check for firmware availability in
/lib/firmware.
Questions and Answers (FAQ)
How do I find out the name of my wireless interface if the command line is empty?
Use the command ip link or ls /sys/class/netWireless interfaces often start with wl, wlan or wifiIf the list is empty, the kernel module for your card may not be loaded.
Is it possible to connect to a hidden network (Hidden SSID) via terminal?
Yes, it is possible. In nmcli must be specified hidden yes when creating a connection. In wpa_supplicant add a line scan_ssid=1 in the network block of the configuration file.
Why does the terminal say "Operation not permitted" when trying to connect?
Most likely you forgot the prefix sudoManaging network interfaces requires root privileges. Also, check if the interface is blocked by the command rfkill.
How do I save my WiFi password so I don't have to enter it every time?
When using nmcli And iwd Passwords are saved automatically after the first successful connection. When using wpa_supplicant The password is stored in a configuration file that you create or edit.