diff options
Diffstat (limited to 'README.snmpv3')
| -rw-r--r-- | README.snmpv3 | 103 |
1 files changed, 103 insertions, 0 deletions
diff --git a/README.snmpv3 b/README.snmpv3 new file mode 100644 index 0000000..263c955 --- /dev/null +++ b/README.snmpv3 @@ -0,0 +1,103 @@ +README.snmpv3 +------------- +How to setup SNMPv3, a very brief document for Dave to elaborate and +do a better job on since I suck at writing documentation and he +doesn't ;-) --Wes: + +Note: SHA authentication and DES/AES encryption support is only available +if you have OpenSSL installed. + +Note: encryption support now *is* enabled in the binary releases downloadable +from the net-snmp web site. + +Note: this description assumes you're using the software compiled from +source, and so installed using the default prefix location (/usr/local). +If you're working with a vendor-provided system, or have configured +things with a different prefix, you'll need to adjust locations accordingly. + +CREATING THE FIRST USER: +------------------------ + First, you need to create a new snmpv3 user and give them rights to + do things: + + net-snmp-config --create-snmpv3-user -a "my_password" myuser + + WARNING: SNMPv3 pass phrases must be at least 8 characters long! + + The above line creates the user "myuser" with a password of + "my_password" (and uses MD5 and DES for protection). (Note that + encryption support isn't enabled in the binary releases downloadable + from the net-snmp web site.) net-snmp-config will also add a line + to your snmpd.conf file to let that user have read/write access to + your agent. You may want to change this in your snmpd.conf file + (see the snmpd.conf manual page). Run net-snmp-config --help for + more information about it. + + Start the agent and test your setup: + /usr/local/sbin/snmpd + [...wait a few seconds... It will run in the background and + return you to your shell immediately.] + + snmpget -v 3 -u myuser -l authNoPriv -a MD5 -A my_password localhost sysUpTime.0 + [ this should return information about how long your agent has been up] + + snmpget -v 3 -u myuser -l authPriv -a MD5 -A my_password + -x DES -X my_password localhost sysUpTime.0 + [ this should return similar information, but encrypts the transmission ] + +CREATING A SECOND USER: +----------------------- + Start the agent (if you didn't do so above). + + You can create as many users as you like using the above method, but + this details another way of doing it while the agent is running by + modifying the user database using the snmp protocol itself: + + Now, lets create a second user using the first user (just for fun) + for both authentication purposes and as a template (or "cloning + source"): + + snmpusm -v 3 -u myuser -l authNoPriv -a MD5 -A my_password localhost create wes myuser + + The above should have created the user "wes" with the same password as + the "myuser" user. So then, you need to change his password using: + + snmpusm -v 3 -u wes -l authNoPriv -a MD5 -A my_password localhost passwd my_password new_passphrase + + See, wasn't that easy? You can now create users. Wheeee.... + + But, you'll have to add a configuration line that allows them access + to do things. Do this with another "rwuser" line in your + /usr/local/share/snmp/snmpd.conf file (you'll need to stop and start + the agent again, or send the agent a SIGHUP signal): + + rwuser wes + + Or, optional use the "rouser" token instead of the "rwuser" token to + only grant them read-only access. + + Now, test your new user: + + snmpget -v 3 -u wes -l authNoPriv -a MD5 -A new_passphrase localhost sysUpTime.0 + + +FURTHER STUDIES: +--------------- + +Tired of all those command line authentication options? +---------------------------------------- +put something like this in your $HOME/.snmp/snmp.conf file (make it +readable only by you!!!): + + defSecurityName wes + defContext "" + defAuthType MD5 + defSecurityLevel authNoPriv + defAuthPassphrase new_passphrase + defVersion 3 + +And this is in place the last of the above example lines boils down to: + + snmpget localhost sysUpTime.0 + +Which is about as simple as I can make it for ya ;-) |