'proxy' directive takes v3 user password in clear.

Thu, 08 Nov 2012 04:03:42 -0800 

Hello,

We are planning to use net-snmp to monitor our applications running on Ubuntu 
servers.
We use NET-SNMP version:  5.4.2.1 (the version that gets installed by apt-get 
install snmpd)

We are under obligation to secure access to our servers (we are audited 
regularly) so v3 is our only option.
Our application is deployed in multiple Ubuntu servers and they are pretty much 
locked down. Access to these servers are controlled by an edge device, another 
Ubuntu server. The desire here is to prevent through traffic from the outside 
world in to our secure zone as much as possible (other than the ones we expect 
to serve obviously).

The intention is to SNMP monitor all these servers in the secure zone via this 
edge device.

The 'proxy' directive in /etc/snmp/snmpd.conf seemed will help and it did. I 
followed the documentation at 
http://net-snmp.sourceforge.net/wiki/index.php/Snmpd_proxy.
Basically I configured our edge device mentioned above to act as a SNMP proxy. 
I configured Cacti to query this edge device using different contexts to reach 
out to each of our servers in the secured zone.
Thanks very much for that.

The 'proxy' directive takes the v3 user password in clear, for example,
proxy -Cn ctx_remotehost2  -v 3 -u MD5DESUser -a MD5 -A "PasswordA" -x DES -X 
"PasswordX" -l authPriv  remotehost2  .1.3

This poses a problem because we are not supposed to have passwords in clear in 
config files, logs etc.

I would like to ask if there is a way to use encrypted passwords in the 'proxy' 
directive or load from a file that is encrypted
Your help is very much appreciated,

Thanks in advance
Venkat

------------------------------------------------------------------------------
Everyone hates slow websites. So do we.
Make your web apps faster with AppDynamics
Download AppDynamics Lite for free today:
http://p.sf.net/sfu/appdyn_d2d_nov
_______________________________________________
Net-snmp-users mailing list
Net-snmp-users@lists.sourceforge.net
Please see the following page to unsubscribe or change other options:
https://lists.sourceforge.net/lists/listinfo/net-snmp-users

Reply via email to