Hi Frank,

You are right that I am looking for ways to encrypt traffic between the manager 
and the agent. Unfortunately the corporate policies prevent setting up of VPNs 
for this purpose and so it has to be application based.

Thanks,
Prema

From: Frank Fock [mailto:f...@agentpp.com]
Sent: Tuesday, November 07, 2017 2:49 PM
To: Prema Upot <prema.u...@optelian.com>
Cc: snmp4j@agentpp.org
Subject: Re: [SNMP4J] SNMP4J - SSH Transport

Hi Prema,

TLS transport is only standardised for SNMPv3 messaging protocol. It  will not 
work for SNMPv2c.
If you simply want to encrypt the traffic between manager and agent (what seems 
to be the case, otherwise SNMPv3 would be your base requirement), then using a 
VPN (IPsec) between manager and agent could be an option.

Best regards,
Frank



On 7. Nov 2017, at 17:36, Prema Upot 
<prema.u...@optelian.com<mailto:prema.u...@optelian.com>> wrote:

Hi Frank,

We initially had the idea of using SSH since we already had SSH server running 
on the server side. But on further investigation, it appears that we need to do 
more work in that area to make it usable for SNMP, so we are going to try TLS 
transport instead as you suggested.

I have a couple of questions in this area.
The FAQ in this page 
https://oosnmp.net/confluence/pages/viewpage.action?pageId=3834144<https://linkprotect.cudasvc.com/url?a=https://oosnmp.net/confluence/pages/viewpage.action%3fpageId%3d3834144&c=E,1,E2-fwWP1VXQtBJwWPxwR6Fo16WN756-pXUiKsQL7eAAj5oQMirBtvCRN1s94KhYp9H7g7LEydo9hWrv2uJVBPmajNIozJ4Sw-tu_Q7Iw9u1DSIA,&typo=1>
 states we need to use MPv3 model. Our server is going to be processing SNMP v2 
messages going over TLS.
How do I set up the messageProcessingModel and CertifiedTarget version in this 
case in the SNMP4J based client ?

Thanks,
Prema

-----Original Message-----
From: Frank Fock [mailto:f...@agentpp.com]
Sent: Friday, October 20, 2017 3:54 PM
To: Prema Upot <prema.u...@optelian.com<mailto:prema.u...@optelian.com>>
Cc: snmp4j@agentpp.org<mailto:snmp4j@agentpp.org>
Subject: Re: [SNMP4J] SNMP4J - SSH Transport

Hi Prema,

The both interface classes are only a first approach, but nothing usable at the 
moment.
SNMP over SSH is rather complex to implement. I prefer using TLS directly.
Why are you looking for SSH?

Best regards,
Frank



On 20. Oct 2017, at 19:53, Prema Upot 
<prema.u...@optelian.com<mailto:prema.u...@optelian.com>> wrote:

Hi,

I see that the latest snmp4j 2.5.8 has support code for integrating a third 
party SSH stack as transport.  Has anyone tried it especially with JSch?

Thanks,
Prema
_______________________________________________
SNMP4J mailing list
SNMP4J@agentpp.org<mailto:SNMP4J@agentpp.org>
https://linkprotect.cudasvc.com/url?a=https://oosnmp.net/mailman/listinfo/snmp4j&c=E,1,NlPzmXwc6S2koC0fribV2K_et0Nrl5Vwr1cIZGP15pHFtI6FeGtq8nnHKNnEBzyEOFIP81YxyN7q-YuKc--1o5ocemHBKgQ3jODvc2lCCfWXFMsCXQB2&typo=1

_______________________________________________
SNMP4J mailing list
SNMP4J@agentpp.org
https://oosnmp.net/mailman/listinfo/snmp4j

Reply via email to