Thanks Colin and Brian.
I will give creating a new snmpd (agent) user with the remote
(manager's) engine-id a try.
I was using net-snmp-create-v3-user from the libsnmp-dev package to add
users. Unfortunately, it does not support engine-id, so I'll have to
forgo that tool for this.
Does anyone
Bump please.
On 04-Jul-2020 10:11 AM, John Bize wrote:
>
> I have an embedded system running Debian 10 with snmpd v5.7.3.
>
> I'd like to configure SNMPv3 trapsess to send auth,priv informs. How
> is this done *without putting clear-text passwords *into the
> snmpd.conf file?
>
> Thanks.
>
Bump please.
On 07-Jul-2020 2:30 PM, John Bize wrote:
> I have an embedded system running Debian 10 with snmpd v5.7.3.
>
> I am using an agentX sub-agent to send traps to a client (send_v2trap).
>
> My /etc/snmp/snmpd.conf contains one trap sink:
>
> trap2sink 192.168.1.215 public
>
>
The authoritativeEngineID is specified on the createUser, not trapsess. See
http://www.net-snmp.org/docs/man/snmpd.conf.html
From: John Bize
Sent: Friday, July 17, 2020 1:37 PM
To: Atkins, Brian ; Colin Anderson
; net-snmp-users@lists.sourceforge.net
Subject: Re: SNMPv3 authPriv informs
Ok,
So it appears that I should add:
trapsess -e 0x80001F888001331F10B729FA5E -Ci -v3 -u
remoteUser -l authPriv 192.168.1.215
to /etc/snmp/snmpd.conf for v3 informs (without the -Ci for v3 traps), and:
createUser -e 0x80001F888001331F10B729FA5E remoteUser SHA
Ok, I did it wrong. I'm looking for valid examples.
For authPriv informs, what do the createUser and trapsess look like?
For authPriv traps, what do the createUser and trapsess look like?
On 17-Jul-2020 1:40 PM, Atkins, Brian wrote:
>
> Also, if you use traps, the authoritativeEngineID will
Your example is correct, although I would omit the quotes around the passwords.
I had trouble with the quotes being encoded as part of the password.
The example you have, with the -e option, works for INFORMs, as long as the
engineID is that of the receiving SNMP entity. For traps, just omit
Also, if you use traps, the authoritativeEngineID will be the one on the agent.
That is the default, so there will be no need to specify a -e argument on the
createUser call.
From: Atkins, Brian
Sent: Friday, July 17, 2020 1:38 PM
To: John Bize ; Colin Anderson
;
You will need to use createUser in your snmpd.conf file with passwords and hash
settings. On Debian 10, put then in /etc/snmp/snmpd.conf. The createUser
statements will be removed and encoded passwords will be added to
/var/lib/snmp/snmpd.conf in usmUser statements.
NOTE: since you want to
Looking at Colin’s reply, I realize you may need to add the createUser
statements to the /var/lib/snmp/snmpd.conf file directly, instead of
/etc/snmp/snmpd.conf (these are Debian 10 paths). It will replace them with
usmUser statements, so you shouldn’t need to delete anything.
From: John
Thanks Colin,
I'm trying to avoid the clear-text passwords on the trapsess line.
For traps, I have:
createUser trapUser SHA authPass AES privPass
in /var/lib/snmp/snmpd.conf, and
trapsess -v3 -u trapUser -l authPriv 192.168.1.215
in /etc/snmp/snmpd.conf.
And it works. The traps are
11 matches
Mail list logo
