Table of Contents
Below is a generic configuration with v3 user authentication.
File extract: /etc/snmpd.conf
listen_addr=my-ip-address listen on $listen_addr system contact email@example.com system services 74 # Enable SNMPv3 USM with authentication, encryption seclevel enc user "username" authkey "myauthkey" enc aes enckey "myenckey"
From the manpage:
user name [authkey key auth hmac] [enckey key enc cipher] Defines a known user. The authkey keyword is required to specify the digest key used to authenticate messages. If this keyword is omitted then authentication is disabled for this user account. Optionally the HMAC algorithm used for authentication can be specified. hmac must be either hmac-md5 or hmac-sha1. If omitted the default is hmac-sha1. With enckey the encryption key used to encrypt and decrypt messages for privacy is defined. Without an enckey specification the user account will neither accept encrypted incoming messages nor will it encrypt outgoing messages. The enc algorithm can be either des or aes and defaults to des. Any user account that has encryption enabled requires authentication to be enabled too.
Using net-snmptools we can confirm that our snmpd daemon is running correctly.
$ snmpwalk -v3 -u "username" -l authPriv -a SHA -A "myauthkey" -x AES -X "myenckey" my-ip-address