Ok,
So it appears that I should add:
trapsess -e 0x80001F888001331F10B729FA5E00000000 -Ci -v3 -u
remoteUser -l authPriv 192.168.1.215
to /etc/snmp/snmpd.conf for v3 informs (without the -Ci for v3 traps), and:
createUser -e 0x80001F888001331F10B729FA5E00000000 remoteUser SHA
"authPass" AES privPass
in /var/lib/snmp/snmpd.conf where "0x80001F888001331F10B729FA5E00000000"
is the engine-id of the receiver.
Does that look right? Will that work correctly?
On 17-Jul-2020 1:06 PM, Atkins, Brian wrote:
>
> Looking at Colin’s reply, I realize you may need to add the createUser
> statements to the /var/lib/snmp/snmpd.conf file directly, instead of
> /etc/snmp/snmpd.conf (these are Debian 10 paths). It will replace
> them with usmUser statements, so you shouldn’t need to delete anything.
>
>
>
> *From:* John Bize <jb...@godswind.org>
> *Sent:* Friday, July 17, 2020 1:02 PM
> *To:* Colin Anderson <colin.ander...@speakerbus.com>; Atkins, Brian
> <brian.atk...@netapp.com>; net-snmp-users@lists.sourceforge.net
> *Subject:* Re: SNMPv3 authPriv informs (trapsess)
>
>
>
> *NetApp Security WARNING*: This is an external email. Do not click
> links or open attachments unless you recognize the sender and know the
> content is safe.
>
>
>
> Thanks Colin and Brian.
>
> I will give creating a new snmpd (agent) user with the remote
> (manager's) engine-id a try.
>
> I was using net-snmp-create-v3-user from the libsnmp-dev package to
> add users. Unfortunately, it does not support engine-id, so I'll have
> to forgo that tool for this.
>
> Does anyone have an example of what the final trapsess looks like?
>
>
>
> On 17-Jul-2020 12:47 PM, Colin Anderson wrote:
>
> We came across this problem.
>
>
>
> There are 2 snmpd.conf files. “Your” one, in /usr/share/snmp/ and
> an autogenerated one in /var/net-snmp/. This autogenerated one
> stores the keys once they are generated. You can add the
> passwords to the auto-generated snmpd.conf file. (You can ignore
> the “Do not edit” warnings.) This file will automatically delete
> the password entries once the keys have been generated. This is
> mentioned in the wiki pages somewhere.
>
>
>
> There are other issues with this file which you may come across.
> We found that it seems to be written to with the old/existing
> config as snmpd is closing. So your changes could be
> overwritten. The file takes some playing with.
>
>
>
> Or depending how you’ve done it you can delete “your” snmpd.conf
> file once snmpd has started. We create our snmpd.conf just before
> we try to open snmpd and so the passwords are only added then. We
> then delete the file once snmpd is running.
>
>
>
> Hope this helps.
>
>
>
> Colin
>
>
>
> *From:* John Bize <jb...@godswind.org> <mailto:jb...@godswind.org>
> *Sent:* 17 July 2020 15:32
> *To:* net-snmp-users@lists.sourceforge.net
> <mailto:net-snmp-users@lists.sourceforge.net>
> *Subject:* Re: SNMPv3 authPriv informs (trapsess)
>
>
>
> Bump please.
>
> On 04-Jul-2020 10:11 AM, John Bize wrote:
>
> I have an embedded system running Debian 10 with snmpd v5.7.3.
>
> I'd like to configure SNMPv3 trapsess to send auth,priv
> informs. How is this done *without putting clear-text
> passwords *into the snmpd.conf file?
>
> Thanks.
>
> Image removed by sender. Twitter
> <https://twitter.com/speakerbus>Image removed by sender. LinkedIn
> <http://www.linkedin.com/company/speakerbus>Image removed by
> sender. YouTube
> <http://www.youtube.com/user/SpeakerbusTech?feature=watch>
>
>
> ******************************************************************************
>
> The contents of this e-mail and any attachments are confidential
> and are intended solely for the attention and use of the intended
> recipient. This message should not be copied or forwarded to any
> other person without the express permission of the sender. If you
> are not the intended recipient, you are hereby notified that to
> disclose, copy, distribute or retain this message or any part of
> it, is strictly unauthorised and forbidden. If you have received
> this message in error, please notify the sender by telephone or by
> reply e-mail, and destroy the original message. Any views or
> opinions presented are solely those of the author and do not
> necessarily represent those of Speakerbus unless otherwise
> specifically stated. We reserve the right to monitor all e-mail
> messages passing through our network.
>
> Speakerbus Group plc - Head Office, Hanover House, Britannia Road,
> Queens Gate, Waltham Cross, Hertfordshire, EN8 7TF, England.Tel:
> +44(0)1992 807300 Fax: +44 (0)1992 807301 Company Registration No
> 3330946 Home Page: http://www.speakerbus.com
>
> ******************************************************************************
>
>
_______________________________________________
Net-snmp-users mailing list
Net-snmp-users@lists.sourceforge.net
Please see the following page to unsubscribe or change other options:
https://lists.sourceforge.net/lists/listinfo/net-snmp-users
