Ok, So it appears that I should add:
trapsess -e 0x80001F888001331F10B729FA5E00000000 -Ci -v3 -u remoteUser -l authPriv 192.168.1.215 to /etc/snmp/snmpd.conf for v3 informs (without the -Ci for v3 traps), and: createUser -e 0x80001F888001331F10B729FA5E00000000 remoteUser SHA "authPass" AES privPass in /var/lib/snmp/snmpd.conf where "0x80001F888001331F10B729FA5E00000000" is the engine-id of the receiver. Does that look right? Will that work correctly? On 17-Jul-2020 1:06 PM, Atkins, Brian wrote: > > Looking at Colin’s reply, I realize you may need to add the createUser > statements to the /var/lib/snmp/snmpd.conf file directly, instead of > /etc/snmp/snmpd.conf (these are Debian 10 paths). It will replace > them with usmUser statements, so you shouldn’t need to delete anything. > > > > *From:* John Bize <jb...@godswind.org> > *Sent:* Friday, July 17, 2020 1:02 PM > *To:* Colin Anderson <colin.ander...@speakerbus.com>; Atkins, Brian > <brian.atk...@netapp.com>; net-snmp-users@lists.sourceforge.net > *Subject:* Re: SNMPv3 authPriv informs (trapsess) > > > > *NetApp Security WARNING*: This is an external email. Do not click > links or open attachments unless you recognize the sender and know the > content is safe. > > > > Thanks Colin and Brian. > > I will give creating a new snmpd (agent) user with the remote > (manager's) engine-id a try. > > I was using net-snmp-create-v3-user from the libsnmp-dev package to > add users. Unfortunately, it does not support engine-id, so I'll have > to forgo that tool for this. > > Does anyone have an example of what the final trapsess looks like? > > > > On 17-Jul-2020 12:47 PM, Colin Anderson wrote: > > We came across this problem. > > > > There are 2 snmpd.conf files. “Your” one, in /usr/share/snmp/ and > an autogenerated one in /var/net-snmp/. This autogenerated one > stores the keys once they are generated. You can add the > passwords to the auto-generated snmpd.conf file. (You can ignore > the “Do not edit” warnings.) This file will automatically delete > the password entries once the keys have been generated. This is > mentioned in the wiki pages somewhere. > > > > There are other issues with this file which you may come across. > We found that it seems to be written to with the old/existing > config as snmpd is closing. So your changes could be > overwritten. The file takes some playing with. > > > > Or depending how you’ve done it you can delete “your” snmpd.conf > file once snmpd has started. We create our snmpd.conf just before > we try to open snmpd and so the passwords are only added then. We > then delete the file once snmpd is running. > > > > Hope this helps. > > > > Colin > > > > *From:* John Bize <jb...@godswind.org> <mailto:jb...@godswind.org> > *Sent:* 17 July 2020 15:32 > *To:* net-snmp-users@lists.sourceforge.net > <mailto:net-snmp-users@lists.sourceforge.net> > *Subject:* Re: SNMPv3 authPriv informs (trapsess) > > > > Bump please. > > On 04-Jul-2020 10:11 AM, John Bize wrote: > > I have an embedded system running Debian 10 with snmpd v5.7.3. > > I'd like to configure SNMPv3 trapsess to send auth,priv > informs. How is this done *without putting clear-text > passwords *into the snmpd.conf file? > > Thanks. > > Image removed by sender. Twitter > <https://twitter.com/speakerbus>Image removed by sender. LinkedIn > <http://www.linkedin.com/company/speakerbus>Image removed by > sender. YouTube > <http://www.youtube.com/user/SpeakerbusTech?feature=watch> > > > ****************************************************************************** > > The contents of this e-mail and any attachments are confidential > and are intended solely for the attention and use of the intended > recipient. This message should not be copied or forwarded to any > other person without the express permission of the sender. If you > are not the intended recipient, you are hereby notified that to > disclose, copy, distribute or retain this message or any part of > it, is strictly unauthorised and forbidden. If you have received > this message in error, please notify the sender by telephone or by > reply e-mail, and destroy the original message. Any views or > opinions presented are solely those of the author and do not > necessarily represent those of Speakerbus unless otherwise > specifically stated. We reserve the right to monitor all e-mail > messages passing through our network. > > Speakerbus Group plc - Head Office, Hanover House, Britannia Road, > Queens Gate, Waltham Cross, Hertfordshire, EN8 7TF, England.Tel: > +44(0)1992 807300 Fax: +44 (0)1992 807301 Company Registration No > 3330946 Home Page: http://www.speakerbus.com > > ****************************************************************************** > >
_______________________________________________ Net-snmp-users mailing list Net-snmp-users@lists.sourceforge.net Please see the following page to unsubscribe or change other options: https://lists.sourceforge.net/lists/listinfo/net-snmp-users