How do I, from the command line, confirm on the host that the wireless network connection uses WPA2?
The wireless router is set to use WPA2 Personal (WPA2 with a pre-shared key) and AES on the network, and I have added wpa-ssid, wpa-psk and wpa-proto RSN to /etc/network/interfaces, but iwconfig prints Encryption key:off. I am running Debian Wheezy/7.0. I checked the system logs but saw nothing of relevance, and the only current wpa_supplicant.conf on my system is one for D-Bus.
You can check what the access point is broadcasting in its beacons by doing this (you'll need the wireless-tools package):
$ sudo iwlist wlan0 scanning The output varies by device, and will display every SSID the interface can see. My WPA2 access point gives this (from iwlist's very verbose output):
IE: IEEE 802.11i/WPA2 Version 1 Group Cipher : TKIP Pairwise Ciphers (2) : CCMP TKIP Authentication Suites (1) : PSK You can also interrogate wpa_supplicant directly, which might be more what you're after:
$ sudo wpa_cli status Selected interface 'wlan0' bssid=c8:d7:19:01:02:03 ssid=whatever-SSID-you-are-using id=0 mode=station pairwise_cipher=CCMP group_cipher=TKIP <-- cipher key_mgmt=WPA2-PSK <-- key mode wpa_state=COMPLETED ip_address=10.20.30.4 address=88:53:2e:01:02:03 
pairwise_cipher=CCMP, group_cipher=CCMP and key_mgmt=WPA2-PSK, and looking at Wikipedia, "CCMP is the standard encryption protocol for use with the WPA2 standard and is much more secure than the WEP protocol and TKIP protocol of WPA." iwlist scanning says only CCMP and PSK are available. That sounds good enough for me!