Wireless Network Key

Mark Haney mhaney at ercbroadband.org
Wed Aug 6 15:10:05 UTC 2008


Leo Cacciari wrote:

>>
> This is excessively bad advice, and you even tell why it is bad. This is
> done already by the gnome network manager. If n-m is installed and it
> does not work, then it is another problem, but normally in ubuntu
> wireless network works like that out of the box.
> 
> By the way, your is bad advice even if the OP has not n-m installed and
> does not wish to install it, as then standard scripts like if-up
> *already* have a much more secure (well, less insecure at least) way to
> do that by writing the key in the 
> /etc/network/interfaces file
> 
> 
> Enjoy
> 

<soapbox>

I totally disagree.  You really think having the key in 
/etc/network/interfaces is any safer?  Or having it in NM is safer? 
You're out of your mind.  Anyone who gets root access can dig it up and 
steal it from anywhere those files are stored.

I never said anything other than a shell script CAN be used.  I also 
warn that it's a security risk and to lock it down tight.  Do you really 
think I don't know that?   I deal with network security on a daily 
basis.  I have 100K users on our network that I have to keep safe.

The point is (and MY point is) this method is possible, but NOT 
encouraged.  He doesn't want to have to enter the key every time. 
Entering the key every time IS the preferred and secure method of doing 
this.

It's sort of like not wanting to key in a password everytime and setting 
autologin.  That's just as insecure (from a network security standpoint) 
and scripting the wireless key.

I don't see the advice is /bad/, so much as it isn't recommend and it 
does include the disclaimer that it's not recommended.  It's up to the 
OP to determine if that is an acceptable risk.  It is not for me to 
decide that and withold my information because I think it's a bad idea.

Now, had I simply said 'sure throw it in a shell script' and NOT warned 
the OP of the security risk, then you have every right to point that 
out.  However, I believe in offering all alternatives ALONG with any 
potential hazards therein.

So, flame all you want.  I stand by my post in that it gives the OP him 
an alternative and a caveat to that so he can make up his own mind. 
He's not a child (AFAIK) and can use that if he wishes.  It's not up to 
YOU to determine what's bad advice.

</soapbox>

-- 
Libenter homines id quod volunt credunt -- Caius Julius Caesar


Mark Haney
Sr. Systems Administrator
ERC Broadband
(828) 350-2415

Call (866) ERC-7110 for after hours support




More information about the ubuntu-users mailing list