Re: [SNMP4J] SNMP4J - SSH Transport
Hi Frank, You are right that I am looking for ways to encrypt traffic between the manager and the agent. Unfortunately the corporate policies prevent setting up of VPNs for this purpose and so it has to be application based. Thanks, Prema From: Frank Fock [mailto:f...@agentpp.com] Sent: Tuesday, November 07, 2017 2:49 PM To: Prema Upot Cc: snmp4j@agentpp.org Subject: Re: [SNMP4J] SNMP4J - SSH Transport Hi Prema, TLS transport is only standardised for SNMPv3 messaging protocol. It will not work for SNMPv2c. If you simply want to encrypt the traffic between manager and agent (what seems to be the case, otherwise SNMPv3 would be your base requirement), then using a VPN (IPsec) between manager and agent could be an option. Best regards, Frank On 7. Nov 2017, at 17:36, Prema Upot mailto:prema.u...@optelian.com>> wrote: Hi Frank, We initially had the idea of using SSH since we already had SSH server running on the server side. But on further investigation, it appears that we need to do more work in that area to make it usable for SNMP, so we are going to try TLS transport instead as you suggested. I have a couple of questions in this area. The FAQ in this page https://oosnmp.net/confluence/pages/viewpage.action?pageId=3834144<https://linkprotect.cudasvc.com/url?a=https://oosnmp.net/confluence/pages/viewpage.action%3fpageId%3d3834144&c=E,1,E2-fwWP1VXQtBJwWPxwR6Fo16WN756-pXUiKsQL7eAAj5oQMirBtvCRN1s94KhYp9H7g7LEydo9hWrv2uJVBPmajNIozJ4Sw-tu_Q7Iw9u1DSIA,&typo=1> states we need to use MPv3 model. Our server is going to be processing SNMP v2 messages going over TLS. How do I set up the messageProcessingModel and CertifiedTarget version in this case in the SNMP4J based client ? Thanks, Prema -Original Message- From: Frank Fock [mailto:f...@agentpp.com] Sent: Friday, October 20, 2017 3:54 PM To: Prema Upot mailto:prema.u...@optelian.com>> Cc: snmp4j@agentpp.org<mailto:snmp4j@agentpp.org> Subject: Re: [SNMP4J] SNMP4J - SSH Transport Hi Prema, The both interface classes are only a first approach, but nothing usable at the moment. SNMP over SSH is rather complex to implement. I prefer using TLS directly. Why are you looking for SSH? Best regards, Frank On 20. Oct 2017, at 19:53, Prema Upot mailto:prema.u...@optelian.com>> wrote: Hi, I see that the latest snmp4j 2.5.8 has support code for integrating a third party SSH stack as transport. Has anyone tried it especially with JSch? Thanks, Prema ___ SNMP4J mailing list SNMP4J@agentpp.org<mailto:SNMP4J@agentpp.org> https://linkprotect.cudasvc.com/url?a=https://oosnmp.net/mailman/listinfo/snmp4j&c=E,1,NlPzmXwc6S2koC0fribV2K_et0Nrl5Vwr1cIZGP15pHFtI6FeGtq8nnHKNnEBzyEOFIP81YxyN7q-YuKc--1o5ocemHBKgQ3jODvc2lCCfWXFMsCXQB2&typo=1 ___ SNMP4J mailing list SNMP4J@agentpp.org https://oosnmp.net/mailman/listinfo/snmp4j
Re: [SNMP4J] SNMP4J - SSH Transport
Hi Prema, TLS transport is only standardised for SNMPv3 messaging protocol. It will not work for SNMPv2c. If you simply want to encrypt the traffic between manager and agent (what seems to be the case, otherwise SNMPv3 would be your base requirement), then using a VPN (IPsec) between manager and agent could be an option. Best regards, Frank > On 7. Nov 2017, at 17:36, Prema Upot wrote: > > Hi Frank, > > We initially had the idea of using SSH since we already had SSH server > running on the server side. But on further investigation, it appears that we > need to do more work in that area to make it usable for SNMP, so we are going > to try TLS transport instead as you suggested. > > I have a couple of questions in this area. > The FAQ in this page > https://oosnmp.net/confluence/pages/viewpage.action?pageId=3834144 > <https://oosnmp.net/confluence/pages/viewpage.action?pageId=3834144> states > we need to use MPv3 model. Our server is going to be processing SNMP v2 > messages going over TLS. > How do I set up the messageProcessingModel and CertifiedTarget version in > this case in the SNMP4J based client ? > > Thanks, > Prema > > -Original Message- > From: Frank Fock [mailto:f...@agentpp.com <mailto:f...@agentpp.com>] > Sent: Friday, October 20, 2017 3:54 PM > To: Prema Upot mailto:prema.u...@optelian.com>> > Cc: snmp4j@agentpp.org <mailto:snmp4j@agentpp.org> > Subject: Re: [SNMP4J] SNMP4J - SSH Transport > > Hi Prema, > > The both interface classes are only a first approach, but nothing usable at > the moment. > SNMP over SSH is rather complex to implement. I prefer using TLS directly. > Why are you looking for SSH? > > Best regards, > Frank > > >> On 20. Oct 2017, at 19:53, Prema Upot wrote: >> >> Hi, >> >> I see that the latest snmp4j 2.5.8 has support code for integrating a third >> party SSH stack as transport. Has anyone tried it especially with JSch? >> >> Thanks, >> Prema >> ___ >> SNMP4J mailing list >> SNMP4J@agentpp.org >> https://linkprotect.cudasvc.com/url?a=https://oosnmp.net/mailman/listinfo/snmp4j&c=E,1,NlPzmXwc6S2koC0fribV2K_et0Nrl5Vwr1cIZGP15pHFtI6FeGtq8nnHKNnEBzyEOFIP81YxyN7q-YuKc--1o5ocemHBKgQ3jODvc2lCCfWXFMsCXQB2&typo=1 >> >> <https://linkprotect.cudasvc.com/url?a=https://oosnmp.net/mailman/listinfo/snmp4j&c=E,1,NlPzmXwc6S2koC0fribV2K_et0Nrl5Vwr1cIZGP15pHFtI6FeGtq8nnHKNnEBzyEOFIP81YxyN7q-YuKc--1o5ocemHBKgQ3jODvc2lCCfWXFMsCXQB2&typo=1> ___ SNMP4J mailing list SNMP4J@agentpp.org https://oosnmp.net/mailman/listinfo/snmp4j
Re: [SNMP4J] SNMP4J - SSH Transport
Hi Frank, We initially had the idea of using SSH since we already had SSH server running on the server side. But on further investigation, it appears that we need to do more work in that area to make it usable for SNMP, so we are going to try TLS transport instead as you suggested. I have a couple of questions in this area. The FAQ in this page https://oosnmp.net/confluence/pages/viewpage.action?pageId=3834144 states we need to use MPv3 model. Our server is going to be processing SNMP v2 messages going over TLS. How do I set up the messageProcessingModel and CertifiedTarget version in this case in the SNMP4J based client ? Thanks, Prema -Original Message- From: Frank Fock [mailto:f...@agentpp.com] Sent: Friday, October 20, 2017 3:54 PM To: Prema Upot Cc: snmp4j@agentpp.org Subject: Re: [SNMP4J] SNMP4J - SSH Transport Hi Prema, The both interface classes are only a first approach, but nothing usable at the moment. SNMP over SSH is rather complex to implement. I prefer using TLS directly. Why are you looking for SSH? Best regards, Frank > On 20. Oct 2017, at 19:53, Prema Upot wrote: > > Hi, > > I see that the latest snmp4j 2.5.8 has support code for integrating a third > party SSH stack as transport. Has anyone tried it especially with JSch? > > Thanks, > Prema > ___ > SNMP4J mailing list > SNMP4J@agentpp.org > https://linkprotect.cudasvc.com/url?a=https://oosnmp.net/mailman/listinfo/snmp4j&c=E,1,NlPzmXwc6S2koC0fribV2K_et0Nrl5Vwr1cIZGP15pHFtI6FeGtq8nnHKNnEBzyEOFIP81YxyN7q-YuKc--1o5ocemHBKgQ3jODvc2lCCfWXFMsCXQB2&typo=1 ___ SNMP4J mailing list SNMP4J@agentpp.org https://oosnmp.net/mailman/listinfo/snmp4j
Re: [SNMP4J] SNMP4J - SSH Transport
Hi Frank, On the server side, we already have a SNMP stack and SSH server. There it is a matter of routing the SNMP requests to the SNMP process. On the java client side, we already use JSch for bringing up SSH terminal and SNMP4J for SNMP over UDP. Hence the decision to use SNMP over SSH. In what areas do you anticipate the complexity ? Thanks, Prema -Original Message- From: Frank Fock [mailto:f...@agentpp.com] Sent: Friday, October 20, 2017 3:54 PM To: Prema Upot Cc: snmp4j@agentpp.org Subject: Re: [SNMP4J] SNMP4J - SSH Transport Hi Prema, The both interface classes are only a first approach, but nothing usable at the moment. SNMP over SSH is rather complex to implement. I prefer using TLS directly. Why are you looking for SSH? Best regards, Frank > On 20. Oct 2017, at 19:53, Prema Upot wrote: > > Hi, > > I see that the latest snmp4j 2.5.8 has support code for integrating a third > party SSH stack as transport. Has anyone tried it especially with JSch? > > Thanks, > Prema > ___ > SNMP4J mailing list > SNMP4J@agentpp.org > https://linkprotect.cudasvc.com/url?a=https://oosnmp.net/mailman/listinfo/snmp4j&c=E,1,NlPzmXwc6S2koC0fribV2K_et0Nrl5Vwr1cIZGP15pHFtI6FeGtq8nnHKNnEBzyEOFIP81YxyN7q-YuKc--1o5ocemHBKgQ3jODvc2lCCfWXFMsCXQB2&typo=1 ___ SNMP4J mailing list SNMP4J@agentpp.org https://oosnmp.net/mailman/listinfo/snmp4j
Re: [SNMP4J] SNMP4J - SSH Transport
Hi Prema, The both interface classes are only a first approach, but nothing usable at the moment. SNMP over SSH is rather complex to implement. I prefer using TLS directly. Why are you looking for SSH? Best regards, Frank > On 20. Oct 2017, at 19:53, Prema Upot wrote: > > Hi, > > I see that the latest snmp4j 2.5.8 has support code for integrating a third > party SSH stack as transport. Has anyone tried it especially with JSch? > > Thanks, > Prema > ___ > SNMP4J mailing list > SNMP4J@agentpp.org > https://oosnmp.net/mailman/listinfo/snmp4j ___ SNMP4J mailing list SNMP4J@agentpp.org https://oosnmp.net/mailman/listinfo/snmp4j
[SNMP4J] SNMP4J - SSH Transport
Hi, I see that the latest snmp4j 2.5.8 has support code for integrating a third party SSH stack as transport. Has anyone tried it especially with JSch? Thanks, Prema ___ SNMP4J mailing list SNMP4J@agentpp.org https://oosnmp.net/mailman/listinfo/snmp4j