I just need to know if this is correct behaviour for the log file :
within this entry of the system log
daemon.notice hostapd: Configuration file: data: driver=... etc
Further along the entry is the passphrase written in-the-clear
apsd_advertisement_enabled=1 utf8_ssid=1 multi_ap=0
wpa_passphrase=(my passphrase redacted)
wpa_psk_file=/var/run/hostapd-phy1-ap0
why is the logfile even getting this passphrase information?
Is there anything I can do to stop hostapd from logging that info?
Please connect to your OpenWrt device using ssh and copy the output of the following commands and post it here using the "Preformatted text </> " button:
Remember to redact passwords, MAC addresses and any public IP addresses you may have:
It appears you are using firmware that is not from the official OpenWrt project.
When using forks/offshoots/vendor-specific builds that are "based on OpenWrt", there may be many differences compared to the official versions (hosted by OpenWrt.org). Some of these customizations may fundamentally change the way that OpenWrt works. You might need help from people with specific/specialized knowledge about the firmware you are using, so it is possible that advice you get here may not be useful.
Ask for help from the maintainer(s) or user community of the specific firmware that you are using.
Provide the source code for the firmware so that users on this forum can understand how your firmware works (OpenWrt forum users are volunteers, so somebody might look at the code if they have time and are interested in your issue).
If you believe that this specific issue is common to generic/official OpenWrt and/or the maintainers of your build have indicated as such, please feel free to clarify.
lleachii, thank you very much for replying so promptly. After running the commands you requested I found something that is a little strange.
I just want to investigate that a while.
strange ip addresses in the firewall config
Post the basics so we know where to start? ubus call system board
If it is OpenWRT you can always sysupgrade wiping old configuration and have a clean staert.
If upgrade hides passphrase just say so and clap this out. Strange that was not in release logs.
Other fil#s more to see that you get internet or to make proper config guidance for bigger change.
Unfortunately the upgrade did not stop the behaviour, however, I am wondering whether it is even a problem. When I think about it who is going to see it, and I dont think anyone is waiting outside trying to hack my networks. It may simply be hostapd informing the log of its settings. It would worry me if it were a router in a business setting with tech-savy employees, but its just a home network
Just incase it is a problem I should worry about these are the steps I took to upgrade.
Used a pin on the reset button at the back of the router
accessed the router and used the reset button inside Luci
got the correct upgrade
flashed the router with it.
Saw that the behaviour occurred again - reset router - reconfigured
wondered if it really was a problem
If anyone would like to see the config files, please let me know. Maybe it is a problem I can help solve
I solved it myself, actually.
The passphrase appears in the clear in at least one other place
The wireless config file.
For me, it isnt a problem. If anyone has access to the router through SSH they will find the passphrase, and they can get access through SSH, if they have access to Luci. The issue then, is no longer that it shows in the logs but that one must be careful who can access the router.
Thanks for indulging me on this one. You guys are stars ! Thank you
I think that hostapd still creates a log item with the full hostapd config items of the radio listed, including the passphrase.
BUT, with newer 802.11ax routers (new ath11k, mt76 etc.) the capabilities list like he_mu_edca_ac_be_aifsn=8 is so long that the passphrase doesn't fit into the first 1024 character logged...
Instead, the log row's max size is reached and the passphrase gets left out:
(intentionally formatted to be narrow here)
(I don't have my R7800 on right now, so I can't test if it still is in the current main/master but likely so.)
Curiously, I do not see that in an old R7800 bootlog from 2021. There is a just the configuration file name logged, but no content.
Sat Oct 30 11:24:34 2021 daemon.notice hostapd: Configuration file: /var/run/hostapd-phy1.conf (phy wlan1) --> new PHY
This logging is probably a newish feature in hostapd that has surfaced in 2021-2023. Or it might have been introduced by OpenWrt. I haven't checked, yet.
EDIT:
The level of details may also be related to the optional /etc/config/wireless debug parameters like option log_level '1'
If I set that to log level 3 would that solve it? I will try that actually and will go through all the config files to see what debug level the logs are set at
I think that may be the answer, its because logging may be set to debug.
Strangely, I noticed that myself when i set the log output level to "warning" and above. When I rebooted the router it returned to log level "Debug"
I will do some tests later