Hi Frank, You are right that I am looking for ways to encrypt traffic between the manager and the agent. Unfortunately the corporate policies prevent setting up of VPNs for this purpose and so it has to be application based.
Thanks, Prema From: Frank Fock [mailto:f...@agentpp.com] Sent: Tuesday, November 07, 2017 2:49 PM To: Prema Upot <prema.u...@optelian.com> Cc: snmp4j@agentpp.org Subject: Re: [SNMP4J] SNMP4J - SSH Transport Hi Prema, TLS transport is only standardised for SNMPv3 messaging protocol. It will not work for SNMPv2c. If you simply want to encrypt the traffic between manager and agent (what seems to be the case, otherwise SNMPv3 would be your base requirement), then using a VPN (IPsec) between manager and agent could be an option. Best regards, Frank On 7. Nov 2017, at 17:36, Prema Upot <prema.u...@optelian.com<mailto:prema.u...@optelian.com>> wrote: Hi Frank, We initially had the idea of using SSH since we already had SSH server running on the server side. But on further investigation, it appears that we need to do more work in that area to make it usable for SNMP, so we are going to try TLS transport instead as you suggested. I have a couple of questions in this area. The FAQ in this page https://oosnmp.net/confluence/pages/viewpage.action?pageId=3834144<https://linkprotect.cudasvc.com/url?a=https://oosnmp.net/confluence/pages/viewpage.action%3fpageId%3d3834144&c=E,1,E2-fwWP1VXQtBJwWPxwR6Fo16WN756-pXUiKsQL7eAAj5oQMirBtvCRN1s94KhYp9H7g7LEydo9hWrv2uJVBPmajNIozJ4Sw-tu_Q7Iw9u1DSIA,&typo=1> states we need to use MPv3 model. Our server is going to be processing SNMP v2 messages going over TLS. How do I set up the messageProcessingModel and CertifiedTarget version in this case in the SNMP4J based client ? Thanks, Prema -----Original Message----- From: Frank Fock [mailto:f...@agentpp.com] Sent: Friday, October 20, 2017 3:54 PM To: Prema Upot <prema.u...@optelian.com<mailto:prema.u...@optelian.com>> Cc: snmp4j@agentpp.org<mailto:snmp4j@agentpp.org> Subject: Re: [SNMP4J] SNMP4J - SSH Transport Hi Prema, The both interface classes are only a first approach, but nothing usable at the moment. SNMP over SSH is rather complex to implement. I prefer using TLS directly. Why are you looking for SSH? Best regards, Frank On 20. Oct 2017, at 19:53, Prema Upot <prema.u...@optelian.com<mailto:prema.u...@optelian.com>> wrote: Hi, I see that the latest snmp4j 2.5.8 has support code for integrating a third party SSH stack as transport. Has anyone tried it especially with JSch? Thanks, Prema _______________________________________________ SNMP4J mailing list SNMP4J@agentpp.org<mailto:SNMP4J@agentpp.org> https://linkprotect.cudasvc.com/url?a=https://oosnmp.net/mailman/listinfo/snmp4j&c=E,1,NlPzmXwc6S2koC0fribV2K_et0Nrl5Vwr1cIZGP15pHFtI6FeGtq8nnHKNnEBzyEOFIP81YxyN7q-YuKc--1o5ocemHBKgQ3jODvc2lCCfWXFMsCXQB2&typo=1 _______________________________________________ SNMP4J mailing list SNMP4J@agentpp.org https://oosnmp.net/mailman/listinfo/snmp4j
