5 years of support..!!??

gene heskett gheskett at wdtv.com
Fri Mar 2 18:10:25 UTC 2012


On Friday, March 02, 2012 12:46:04 PM Nils Kassube did opine:

> gene heskett wrote:
> > On Friday, March 02, 2012 08:10:01 AM Nils Kassube did opine:
> > > gene heskett wrote:
> > > > I think that is an excellent question.  I have a situation using
> > > > 10.04 LTS in my shop in that I cannot ssh into my cnc controller
> > > > from my laptop, both running 10.04 without opening a huge
> > > > security hole into my own local network when I power up the
> > > > router/ap out in that outbuilding, and its entirely related to
> > > > the version of wpa_supplicant that 10.04 LTS has 'frozen into'
> > > > 10.04, its incapable to doing anything more secure than WEP. The
> > > > rest of the world has had WPA2/AES etc abilities for nearly 2
> > > > years now, but we can't get it on 10.04 LTS?
> > > 
> > > Maybe I don't really understand your problem, but I'm using only
> > > WPA2 on my WLAN, running 10.04 on the client machines. Can you
> > > point to the bug report that describes the problem?
> > 
> > If you have WPA2/AES or TKIP working on 10.04, perhaps you can point
> > me to a tutorial?
> 
> Actually I didn't use a tutorial but the standard tools, i.e. it works
> with network-manager but I prefer wicd. Just make sure you don't have
> them both installed, otherwise they seem to fight for controlling the
> wireless interface ond none of them wins. So maybe it is a problem of
> your wireless hardware in the client machine? Here it is working with
> drivers ipw2200, ath5k, ath9k and ath9k_htc.
> 
> And there is a third option which I use also. You can set up the
> wireless interface in "/etc/network/interfaces" for a fixed IP address
> if you use a section like this:

printed, thanks! 

> auto wlan0
> iface wlan0 inet static
> # Configuration for WPA2 / CCMP
>     wpa-driver wext
>     wpa-ssid MYSSID
>     wpa-ap-scan 2
>     wpa-proto WPA2
>     wpa-pairwise CCMP
>     wpa-key-mgmt WPA-PSK
>     wpa-psk long hash phrase
>     # psk from the command "wpa_passphrase MYSSID passphrase"
>     address 192.168.2.59
>     network 192.168.2.0
>     netmask 255.255.255.0
>     broadcast 192.168.2.255
>     gateway 192.168.2.1

Interesting.

Where are the manpages that explain all these wpa-**** settings?

Obviously I need to learn more, lots more about this.  None of my man this 
or man that seems to have popped up any such references.

None of which is any great help with the builtin interface in that lappy, 
which I have disabled & am using a netgear usb dongle, which does work.  
Builtin in a BCM-4318, the most broken broadcom chipset ever IMO.  6 feet 
from the AP and it drops the connection it took 20 minutes of screwing 
around to establish, in about another 20 minutes.  BS is what that is.
 
> Of course you would replace interface name, SSID, psk and addresses
> according to your network. BTW: In 12.04 all three methods work as well.
> 
> > The newest wpa_supplicant is 6.9-3, and I have been repeatedly told
> > that full WPA2 support requires 7.3.
> 
> Interesting - then the question is what is missing in 6.9-3 which makes
> it work here but not for you. 12.04 comes with version 0.7.3 btw.
> 
> 
> Nils

Precisely my point Nils.  I have tried to build 7.3 on that machine, but 
there seem to be more dependencies than I could track at the time.

However, my interfaces file is much simpler than that, and I never heard of 
that command you used to generate the key hash.  Here, I have it setup 
using a phrase that could be the opening paragraph of a novel I'll likely 
never write, but which is easy enough for me to remember.  A neighbors 
frontier net connection went south just this past Monday & she brought her 
winders lappy over, I entered that 160+ character passphrase and it worked 
flawlessly.

Your recipe above, with mods because I too use fixed addresses on my home 
network, may be just what the doctor ordered, thank you very much for 
sharing.  I did wipe out that hash though, no use propagating that all over 
the cosmos leading to an exploit of your system.

Thank you very much Nils, this is a very educational msg on a subject that 
seems to depend on obscurity for the majority of its so-called security.

Cheers, Gene
-- 
"There are four boxes to be used in defense of liberty:
 soap, ballot, jury, and ammo. Please use in that order."
-Ed Howdershelt (Author)
My web page: <http://coyoteden.dyndns-free.com:85/gene>
Your boss climbed the corporate ladder, wrong by wrong.




More information about the kubuntu-users mailing list