Updated on February 3, 2023
hostapd is a daemon for access point and authentication of wireless servers. It implements IEEE 802.11 access point management.
It was written by Jouni Malinen and contributors [1]. It dates back to 2002. There is a man page for it in Debian. I currently do not if it runs other distributions other than Debian.
hostapd.conf is the configuration file for hostapd. In it, you specify the authentication and wireless parameters. The documentation for hostapd.conf is in a sample hostpad.conf file by the author [2].
Below is the sample hostapd.conf file that is in the Raspberry Pi Configuration Documentation [3]:
country_code=GB
interface=wlan0
ssid=NameOfNetwork
hw_mode=g
channel=7
macaddr_acl=0
auth_algs=1
ignore_broadcast_ssid=0
wpa=2
wpa_passphrase=AardvarkBadgerHedgehog
wpa_key_mgmt=WPA-PSK
wpa_pairwise=TKIP
rsn_pairwise=CCMP
It is believed that this hostapd.conf file is for a Raspberry Pi Zero W or for early model RPi. At this point in time, no one should be using TKIP, which is part of WEP (Wired Equivalent Privacy). WEP (Wired Equivalent Privacy) can easily be cracked. Just delete or comment out (#) the wpa_pairwise=TKIP.
Below is a sample hostap.conf file for a Raspberry Pi 4 with an 802.11ac radio:
# the country code
country_code=US
# limit radio frequencies to those allowed in country
ieee80211d=1
interface=wlan1
# network name
ssid=hacker1
# a is the 5 GHz radio
hw_mode=a
# 801.11ac support
ieee80211ac=1
# 802.11n support
ieee80211n=1
# raido channel
channel=149
# QoS support, also required for full speed on 802.11n/ac/ax
wmm_enabled=1
# disable this to insure the AP is visible
ignore_broadcast_ssid=0
# ------ authentication and Encryption-------
# wep has been cracked - do not use 2 or 3
# 1=wpa, 2=wep, 3=both
auth_algs=1
# wpa=2 or wpa=3
wpa=2
wpa_key_mgmt=WPA-PSK
rsn_pairwise=CCMP
# network password
wpa_passphrase=misscoco
# mac address authentication list (macaddr_acl)
# macaddr_acl=0, accepts all mac address unless in hostapd.deny
# The location of hostapd.deny is specified via the line below, which is commented out.
#deny_mac_file=/etc/hostapd.deny
macaddr_acl=0
Rather than specifying a particular radio channel, there is an auto scan channel (ACS) mode, but the best I can determine, it does not currently work with the Raspberry Pi. I tried this with the onboard radio and with an external Wi-Fi Radio, Netgear AC1200 WiFi USB Adapter. [Add Reference]
To get hostapd to run on startup find: DAEMON_CONF="" in /etc/default/hostapd uncomment it, and change it to:
DAEMON_CONF="/etc/hostapd/hostapd.conf
hostapd.conf is very sensitive to syntax.
The official Raspberry Pi documentation says NOT to put quotes around the ssid or passphase. I too had problems with quotes here. However, hostapd author's sample hostapd.conf uses quotes.
If hostapd runs at start up, you need to stop it, and manually restart it to receive diagnostics.
To stop hostapd:
sudo killall hostapd
To start hostapd:
sudo /usr/sbin/hostapd /etc/hostapd/hostapd.conf
References:
There are several packages that can be used to run a DHCP server: