# wireless - hidden ssid

## pigeon768

I can't get wpa_supplicant to connect to a wireless network with a hidden ssid. Two different laptops, same symptoms. Both laptops have no trouble connecting to a network without hidden ssids, so I know the problem isn't with my kernel config or /etc/conf.d/net (which is blank). The laptop with windows installed on it works while in windows, so I know the problem isn't that I have the wrong ssid/psk.

/etc/wpa_supplicant/wpa_supplicant.conf: 

```
network={

        ssid="<hidden ssid>"

        bssid=xx:xx:xx:xx:xx:xx

        key_mgmt=WPA-PSK

        psk="<hidden alphanumeric psk>"

        scan_ssid=1

}

network={

        ssid="<plaintext ssid>"

        key_mgmt=WPA-PSK

        psk=<hidden hex psk>

}
```

 The second network={} block works. The first one does not. I've tried without the bssid= and the scan_ssid= option, still no joy. If I add ap_scan=1 wpa_supplicant fails to start, with an error.

I do not control the AP so cannot disable hidden ssids.

edit: tried with: 

```
ap_scan=2

network={

        ssid="<hidden ssid>"

        bssid=xx:xx:xx:xx:xx:xx

        key_mgmt=WPA-PSK                                                             

        psk="<alphanumeric psk>"

        scan_ssid=1

}
```

 still doesn't work. Also tried deleting the explicit ssid= line, and with ap_scan=1. No combination works. 'iwlist wlan0 scan' is able to find the "hidden" ssid. (which is why hidden ssids is so infuriating)

----------

## nixnut

This works for me with my ap with hidden ssid:

```
ctrl_interface=/var/run/wpa_supplicant

ctrl_interface_group=0

eapol_version=1

ap_scan=1

fast_reauth=1

network={

        ssid="foobar"

        scan_ssid=1

        psk="boofar"

}
```

----------

## pigeon768

no dice. Also tried ap_scan=2

----------

## Jaglover

http://blogs.zdnet.com/Ou/index.php?p=43

Sorry, couldn't resist.   :Sad: 

----------

## pigeon768

Tell me about it. The worst part is, they're using hidden ssids for the purposes of security, but the WPA key is 12 letters, all lowercase.

----------

## NeddySeagoon

pigeon768,

First, hidden SSIDs are broken by design - they are against the standard.

However, they work with some drivers and not others.

Hiding the SSID is not a security feature either - it only removes ther SSID from the becon messages - not from all the other packets.

----------

## pigeon768

Trust me, I'm fully aware of everything that's wrong with "hiding" the SSID. Unfortunately I am unable to fix it; I do not control the AP.

----------

## sgao

Here is my setting for wpa_supplicant: 

```
ctrl_interface=/var/run/wpa_supplicant

ctrl_interface_group=0

eapol_version=1

# If given specific ESSID, then no need to enable AP scan

#ap_scan=1

network={

  ssid="<your hidden ESSID>"

  scan_ssid=1

  proto=WPA

  key_mgmt=WPA-PSK

  pairwise=TKIP

  group=TKIP

  #To use regular character string, the string must be quoted

  #psk="this is my passcode"

  #Don't use hex string with quotes

  psk=6406f396k83sisd9i930liasdiuiousladfkjsdalkfaldskfj

  priority=5

}
```

Simon

----------

## d2_racing

 *NeddySeagoon wrote:*   

> pigeon768,
> 
> First, hidden SSIDs are broken by design - they are against the standard.
> 
> However, they work with some drivers and not others.
> ...

 

In fact, I can tell that with my iwl3945, sometimes I can connect to my AP and later I can't.

So nowadays, I use an standard AP with a good passphrase.

----------

## cach0rr0

Out of curiosity, you have the aircrack-ng suite on that laptop?

Twas thinking:

```

aireplay-ng -1 10 -a <bssid of AP> <wireless interface>

```

See if it spits out any useful output. 

Would also be keen to see your dmesg && /var/log/messages for any sign of a timeout, failed association, etc 

Right now we don't know if it's failed auth, failed association, failed dhcp, or which.

----------

## d2_racing

In fact, we can use some hacking programs to debug your AP  :Razz: 

----------

## Cyker

Accessing hidden SSID's is a right PITA in Linux atm. It's one of the few areas where ideology seems to trump practicability (Yes, we know hidden SSIDs are a terrible hack job; So is the entire PC platform!! We don't care!!!  :Evil or Very Mad:  )

TBH, the easiest way to get it working right now is to find out what WiFi cards people are using where it DOES work, and try and get one of those.

It seems that some hardware just isn't capable at all of accessing hidden SSIDs in Linux, even if they work perfectly in Windows. The easiest ones to get working tend to be a) Ones with well documented hardware/OEM provided open source drivers and b) Ones with proprietary drivers.

Cards that use reverse-engineered drivers or drivers with really crap documentation are nigh impossible to get working with hidden SSIDs.

I have an Atheros and a RALink based WiFi chipset in my two lappys and both can access hidden SSIDs in Windows (Although I need SP3 for the Atheros one to work), but the RALink can only access hidden WEP-based SSIDs, not WPA ones in Linux, and the Atheros won't access hidden SSIDs at all  :Sad: 

----------

## mikegpitt

I would recommend removing the ap_scan line.  I used to include that myself, but found better luck without it after some point.  You will definitly need scan_ssid=1.

These are the relevant parts of my wpa_supplicant.conf, for one ap I use that is hidden:

```
ctrl_interface=/var/run/wpa_supplicant

ctrl_interface_group=0

update_config=1

network={

        ssid="myap"

        scan_ssid=1

        bssid=00:XX:XX:XX:XX:XX

        key_mgmt=NONE

        priority=9

        disabled=1

}

```

Have you had any luck configuring and connecting while using wpa_gui?

----------

## cach0rr0

 *Cyker wrote:*   

> 
> 
> I have an Atheros and a RALink based WiFi chipset in my two lappys and both can access hidden SSIDs in Windows (Although I need SP3 for the Atheros one to work), but the RALink can only access hidden WEP-based SSIDs, not WPA ones in Linux, and the Atheros won't access hidden SSIDs at all 

 

Thankfully the Atheros supports packet injection very well, so while you may not be able to connect to the hidden essid....

----------

## pigeon768

 *mikegpitt wrote:*   

> Have you had any luck configuring and connecting while using wpa_gui?

  Nope.

Worth mentioning - it's a rt2860 ... driver is in staging. =\ I also bring that up because suspend breaks the wireless and I don't want to reboot yet. (reloading the module doesn't help) I'll have more info in a few days.

----------

## Xanadu

I just wanted to jump in and say "THANK YOU!"  This works perfectly, so:

THANK YOU!

 :Smile: 

M.

 *sgao wrote:*   

> Here is my setting for wpa_supplicant: 
> 
> ```
> ctrl_interface=/var/run/wpa_supplicant
> 
> ...

 

----------

