Connect to WPA/WPA2 Secured Wireless Network on Debian Using Command Line

Article applies to WPA-PSK/WPA2-PSK secured wireless networks. Note that WPA is deprecated, you should use WPA2 if possible. 


Yoy will need a client support for WPA and WPA2 (IEEE 802.11i) plus a wireless-tools package for manipulating Linux Wireless Extensions:

# which iwlist iwconfig | xargs dpkg -S
wireless-tools: /sbin/iwlist
wireless-tools: /sbin/iwconfig

Install packages:

# apt-get update && apt-get install wireless-tools wpasupplicant


First thing to do is to make sure the wireless card is detected:

# lspci | egrep -i 'wireless|network'
04:02.0 Network controller: Ralink corp. RT2500 Wireless 802.11bg (rev 01)

Activate the wlan0 interface:

# ifconfig wlan0 up

Assuming we know our SSID:

# iwlist wlan0 scan | grep -i random

We can generate a WPA PSK from an ASCII passphrase for our SSID RandomName:

# wpa_passphrase RandomName passphrase

If paranoid, create a file called e.g. temp.txt with the passphrase and then generate a WPA PSK by reading a passphrase from standard input:

# wpa_passphrase RandomName < temp.txt
# reading passphrase from stdin

Add the following lines to /etc/network/interfaces file:

iface wlan0 inet dhcp
 wpa-ssid RandomName
 #list of accepted authenticated key management protocols
 wpa-key-mgmt WPA-PSK
 #list of accepted group ciphers for WPA
 wpa-group CCMP TKIP
 #list of accepted pairwise ciphers for WPA
 wpa-pairwise CCMP TKIP
 #hexadecimal psk is encoded from a plaintext passphrase
 wpa-psk 9c695492ff1876aeb1455f1bb3b71681bd1fb2e3b5c9334c5cac0a3b4fde5a18

Note that the “wpa-psk” value is only valid if:

  1. It is a plaintext (ASCII) string between 8 and 63 characters in length, or
  2. It is a hexadecimal string of 64 characters

Restrict the permissions of /etc/network/interfaces, to prevent pre-shared key (PSK) disclosure:

# chmod 0600 /etc/network/interfaces

Bring the wlan0 network interfcace up:

# ifup wlan0

It should obtain settings via DHCP. Display wireless connection details:

# iwconfig wlan0
wlan0     IEEE 802.11bg  ESSID:"RandomName"  
          Mode:Managed  Frequency:2.422 GHz  Access Point: 00s:11:22:33:44:55
          Bit Rate=54 Mb/s   Tx-Power=20 dBm   
          Retry  long limit:7   RTS thr:off   Fragment thr:off
          Encryption key:off
          Power Management:on
          Link Quality=70/70  Signal level=-40 dBm  
          Rx invalid nwid:0  Rx invalid crypt:0  Rx invalid frag:0
          Tx excessive retries:83  Invalid misc:358   Missed beacon:0

Ping the default gateway (router) to verify network connectivity:

$ ping -c3 `netstat -r | grep def | awk '{print $2}'`

2 thoughts on “Connect to WPA/WPA2 Secured Wireless Network on Debian Using Command Line

  1. I have a rb751g-2hnd and I can’t seem to get my psk key to work, I see “unicast key exchange timeout” error in the log file. Have you experience any of this? If yes, how have you resolved it?

    • Hi, sorry, I no longer have access to rb751, upgraded my router to 2011UiAS-2HnD some time ago.

      Anything in Mikrotik logs? Which version of RouterOS?

Leave a Reply

Your email address will not be published. Required fields are marked *