[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Authentication failed after su-

On Tue 01 Mar 2022 at 11:59:47 (+0100), Stella Ashburne wrote:
> > From: "Sven Hartge" <sven@svenhartge.de>
> >
> > Use sudo.
> >
> > wpa_passphrase JupiterRising 1234567890 | sudo tee /etc/wpa_supplicant/wpa_supplicant.conf
> >
> Thanks for your tip.
> 
> Could you surf to https://wiki.debian.org/WiFi/HowToUse, look under the sub-heading "WPA-PSK and WPA2-PSK", paragraph 2 with the statement "Use the WPA passphrase to calculate the correct WPA PSK hash for your SSID by altering the following example:"
> 
> $ su -l -c "wpa_passphrase myssid my_very_secret_passphrase > /etc/wpa_supplicant/wpa_supplicant.conf"
> 
> The above command doesn't work in Debian 11. The output is:
> 
> su: Authentication failed.
> 
> In addition to yours, What are the valid commands? (I shall provide feedback to the people in charge of Debian Wiki's website.)

Substantively, they're all valid, but only under the circumstances of
the person who wrote them to the wiki. The same is true on this list.

So here, for example:

  $ su -l -c "foo … "

will be fine for anyone knowing their root password.

There's a case to be made that any wiki using the su construction should
be converted to:

  $ sudo foo …

or, here specifically, because of the redirection:

  $ foo … | sudo …

because that meshes in with Debian's current mechanism of root-password-less
installation. Then again, perhaps:

  # foo …

would be preferable, because it makes no assumptions¹, leaving users to
choose the appropriate mechanism for obtaining root on /their/ system.

As for the "people in charge of Debian Wiki's website", that's us, folks.

BTW, in general, I would not advise cutting and pasting anything from
a wiki (or debian-user, or random web pages) without checking what it
actually does. That usually means looking at man pages /and/
interpreting what you find there.

Just to illustrate, take the tip above, which I would expect to work
for you, judging from the rest of your posts. Now I'll try it:

  $ wpa_passphrase JupiterRising 1234567890 | sudo tee /etc/wpa_supplicant/wpa_supplicant.conf
  Sorry, auser is not allowed to execute '/usr/bin/tee /etc/wpa_supplicant/wpa_supplicant.conf' as root on laptop.corp.
  $ 

whereas:

  $ su -l -c "wpa_passphrase JupiterRising 1234567890 > /etc/wpa_supplicant/wpa_supplicant.conf"
  Password:     ← I typed the root password here
  $ 

Perfect, and:

  $ cat /etc/wpa_supplicant/wpa_supplicant.conf 
  network={
          ssid="JupiterRising"
          #psk="1234567890"
          psk=562a4993e8a8847d0fcd690a728951c184a831913649a3fd5f54181d41e0ab1c
  }
  $ 

(which, fortunately, is a file this system neither requires nor uses).
You don't need to guess that I have set a root password.

¹ beyond knowing that a # prompt means that you are now typing as root.
  Much of this thread, and its companion, seems to consist of footnote
  on footnote. Were they to qualify each statement with the particular
  circumstances they work under, wiki pages would begin to resemble
  legal documents.

Cheers,
David.
Reply to: