I switched over to use /var/net-snmp/snmpd.conf and I call update_config but the passwords do not get changed to localized keys in the file - the v3 credentials do work correctly.
Can you please tell me what triggers the agent to change the createUser line in the snmpd.conf file to remove the passwords - when a new v3 user is added - that is not occurring when I call update_config(); Thanks, Joan -----Original Message----- From: Wes Hardaker <harda...@users.sourceforge.net> Sent: Tuesday, January 5, 2021 3:40 PM To: Joan Landry <jolan...@adva.com> Cc: net-snmp-users@lists.sourceforge.net Subject: Re: snmpd.conf security External email: [harda...@users.sourceforge.net] ...................................................................... Joan Landry <jolan...@adva.com> writes: > Would like to know if there is a way to make snmpd.conf file more > secure - as currently it shows the password for a usm user. > createUser v3user MD5 abcdefghij DES abcdefghij trapsess -r 10 -t 3 -l > authPriv -u v3user -a MD5 -A abcdefghij -x DES -X abcdefghij > 10.11.12.98 Per the documentation, a createUser line should *only* go into the persistent file (/var/net-snmp/snmpd.conf) and is replaced by the agent with a usmUser line after startup. The usmUser line is also sensitive, however, as it contains a private key that is at least localized to just that agent fortunately. That file is written by the process owner and should only be read by the process owner (typically root), and is the best that can be achieved given the need by the protocol to store localized keys. -- Wes Hardaker USC/ISI Please see our privacy statement at https://www.adva.com/en/about-us/legal/privacy-statement for details of how ADVA processes personal information. _______________________________________________ Net-snmp-users mailing list Net-snmp-users@lists.sourceforge.net Please see the following page to unsubscribe or change other options: https://lists.sourceforge.net/lists/listinfo/net-snmp-users
