Losing access to your wireless network key is a common occurrence, especially if you're connecting a new device and the old password is securely hidden in the router's memory or written down on an impossible-to-find piece of paper. In operating systems of the Linux This issue is solved quite elegantly thanks to file system transparency and powerful network management tools. You won't need third-party software, as all the necessary utilities are already built into the distribution.
There are several proven ways to extract this sensitive information: through the graphical interface if you're using a desktop environment, or through the command line, which is universal for all installations, including server versions without a graphical shell. The choice of method depends on your administrative skills and the current system configuration, but the result will always be the same: you'll gain access to your network's security key.
Before manipulating system files and the terminal, ensure you have the appropriate access rights. Most methods require superuser privileges, as storing WiFi passwords is a critical system security feature. Without root access You won't be able to read this data using any of the methods described below, so please be patient and use the sudo command.
⚠️ Important: Perform all of the described actions only on your own networks or with the owner's permission. Unauthorized access to other people's wireless networks is illegal.
Using the nmcli utility from the command line
The most modern and preferred method for most distributions such as Ubuntu, Fedora or Linux Mint, is the use of the utility nmcliThis is part of the NetworkManager package, which manages network connections by default. This method is advantageous because it doesn't require direct reading of configuration files and operates through the standard system API.
First, you need to know the exact name of your connection, as it may differ from the network's SSID. Enter the command nmcli connection show In the terminal. In the list of active and previously connected networks, find the line you need. The connection name is often the same as the network name, but can be changed manually by the user.
Once the name is found, use the following command to display all connection parameters, including the hidden password:
nmcli connection show "Your_Connection_Name" | grep 802-11-wireless-security.key-mgmt
However, to see the password itself, and not the encryption type, the command must be slightly different. Use the construction with wifi-sec.key:
sudo nmcli connection show "Your_Connection_Name" | grep wifi-sec.key
The system will ask for your user password to confirm administrator rights. After entering it, you'll see a line containing the security key in clear text. This is the most secure method, as it takes into account the specifics of modern versions of NetworkManager.
⚠️ Note: The command line interface may vary slightly between distributions. If the command doesn't produce a result, try replacing "connection" with "con" to shorten it.
Direct reading of wpa_supplicant configuration files
In cases where NetworkManager is not used or you are running a minimalistic system, the keys are often stored in the daemon's configuration file. wpa_supplicantThis method is classic and works on almost any Unix-like kernel, which implements support for wireless networks of the 802.11 standard.
The file containing passwords is usually located at the path /etc/wpa_supplicant/wpa_supplicant.confHowever, in modern systems with NetworkManager, the data may be stored in a directory /etc/NetworkManager/system-connections/To access the contents of these files, you will need root privileges, as they are read-only for the owner.
To view the contents of the wpa_supplicant file, run the command:
sudo cat /etc/wpa_supplicant/wpa_supplicant.conf
In the text that opens, look for blocks networkThere will be a parameter inside such a block. ssid (network name) and parameter psk (password). If the password is hashed, you'll see a long string of characters, but in most desktop scenarios, it's stored in cleartext.
If you're using NetworkManager, files are stored separately for each connection. Find the file with the corresponding name in the connections folder and read it:
sudo cat /etc/NetworkManager/system-connections/Your_Network.nmconnection
Inside the file, look for the section [wifi-security], where the line will be psk=YOUR_PASSWORDThis method is especially useful if the graphical interface does not start or works incorrectly.
Finding a password through the GNOME graphical interface
For users who prefer visual interaction with the system and use the environment GNOME (standard for Ubuntu and Fedora Workstation), there's a built-in key management tool. This method is the easiest for beginners and doesn't require memorizing terminal commands.
The process begins by opening the application menu and searching for the "Passwords and Keys" program (or seahorse). If you can't find it through search, open the terminal and enter the command seahorseto launch the utility directly. In the window that opens, select the "Passwords" or "Login" tab on the left.
In the list of saved objects, find the entry corresponding to your wireless network. It usually has the same name as the network's SSID. Double-click it to open its properties. In the window that appears, go to the "Password" tab and check the "Show password" box.
The system will prompt you to confirm your identity by entering your user password. After successful authentication, the key field will become readable, allowing you to copy or rewrite it. This is a standard security mechanism. GNOME Keyring, which encrypts sensitive data.
| Method | Complexity | Requires GUI | Reliability |
|---|---|---|---|
| nmcli | Average | No | High |
| cat wpa_supplicant | Low | No | High |
| GNOME Keyring | Low | Yes | Average |
| KDE Wallet | Low | Yes | Average |
What to do if the password is hidden by asterisks?
In some rare cases, the graphical interface may not display the password. In this case, the correct solution is to use the terminal and the nmcli command, as it accesses the database directly, bypassing the interface restrictions.
Restoring access in the KDE Plasma environment
Distribution users Kubuntu, Manjaro KDE or OpenSUSE encounter a different system of storing secrets known as KDE Wallet (KWallet). The operating principles are similar to GNOME Keyring, but the interface and settings layout are different.
To view your password, open the application menu and find the "KWalletManager" or "Key Manager" utility. If you can't find it in the menu, launch it from the terminal with the command kwalletmanager5 or simply kwalletmanagerIn the program window, you will see a list of wallets; "kdewallet" is usually the active one.
Expand the folder list and find the "Wireless Network" or "Network Management" section. Inside, you'll see a list of all saved WiFi networks. Right-click the desired network and select "Show Contents" or "Edit."
In the properties window that opens, you'll see a password field. If it's hidden, click the "Show value" button. The system may request the wallet password, which is often the same as your login password unless you've changed your security settings.
This method is particularly convenient because it allows you to not only view but also edit connection parameters, such as network priority or encryption method, directly from the graphical interface.
⚠️ Note: The KWalletManager interface may vary depending on the KDE Plasma version. If you can't find the items you need, try using the search within the program window.
Troubleshooting file access issues
Sometimes users encounter situations where even with superuser privileges, file access is limited or commands return empty results. This may be due to file system features or disk encryption.
If the team cat It gives a "Permission denied" error even with sudo. Check the file permissions with the command ls -lIn rare cases, a file may be marked as immutable by file system attributes. To check, use the command lsattr /etc/wpa_supplicant/wpa_supplicant.conf.
If you see the attribute i (immutable), which means the file is protected from modification and reading even by root in normal mode. To remove protection (if necessary), use the command sudo chattr -i /path/to/file, but do it with caution.
It is also worth considering that in some corporate environments or specialized Linux builds, access to keys may be blocked by security policies. SELinux or AppArmor. In this case, in the system logs (/var/log/syslog or /var/log/messages) there will be records of access denials.
To diagnose problems with NetworkManager, you can use the command nmcli general logging level TRACEto enable verbose logging and then try reconnecting to the network. This will help you understand exactly where the issue is occurring.
Key security and storage
Understanding how Linux stores passwords is important not only for recovering them but also for ensuring the security of your system. By default, many distributions strive to store keys encrypted, tying them to the user account.
However, as we discovered, with physical access to the computer and root privileges, any user can extract this data. Therefore, it is critical to use complex passwords to log in and, if possible, encrypt the entire disk (for example, using LUKS).
If you're sending your computer for repair or selling it, simply deleting user files isn't enough. Secure data deletion or full encryption is required to ensure WiFi passwords are impossible to recover without the decryption key.
Regularly changing your WiFi router passwords and Linux account access keys reduces the risk of one of your devices being compromised. Remember that a saved Linux password is a potential entry point for an attacker who gains access to your PC.
Is it possible to find out a WiFi password without root rights?
In a standard Linux configuration, this is impossible. The security system is specifically designed to prevent ordinary users from reading sensitive data. Bypassing these restrictions would require exploits, which is a topic for security research, not standard exploitation.
Where are passwords stored in Arch Linux?
Arch Linux often uses the default wpa_supplicant directly or NetworkManagerThe down remains standard: /etc/wpa_supplicant/ or /etc/NetworkManager/system-connections/However, due to the minimalism of the distribution, configuration can be completely manual.
What should I do if I forgot my KDE Wallet password?
If you forget your KDE wallet password, recovering your WiFi passwords is technically impossible due to the encryption used. The only solution is to create a new wallet, but this will require you to re-enter all WiFi passwords the next time you connect to a network.
Is it safe to store passwords in wpa_supplicant.conf?
Storing passwords in cleartext wpa_supplicant.conf It's considered less secure than using secure key storage (Keyring/KWallet). For servers, this is often the only option, but for desktops, it's better to use managers integrated with the environment.