Simple Network Management Protocol - snmpd
snmpd - Simple Network Management Protocol
[Ref: snmpd(8), snmpctl(8), snmpd.conf(5)]
snmpd(8) has been part of OpenBSD base since at least 4.3. The snmpctl(8) control utility let’s you connect/access a running snmpd daemon.
Below is a generic configuration with v3 user authentication.
File extract: /etc/snmpd.conf
listen on $listen_addr system contact firstname.lastname@example.org system services 74
Enable SNMPv3 USM with authentication, encryption
seclevel enc user “username” authkey “myauthkey” enc aes enckey “myenckey”
From the manpage:
user name [authkey key auth hmac] [enckey key enc cipher] Defines a known user. The authkey keyword is required to specify the digest key used to authenticate messages. If this keyword is omitted then authentication is disabled for this user account. Optionally the HMAC algorithm used for authentication can be specified. hmac must be either hmac-md5 or hmac-sha1. If omitted the default is hmac-sha1. With enckey the encryption key used to encrypt and decrypt messages for privacy is defined. Without an enckey specification the user account will neither accept encrypted incoming messages nor will it encrypt outgoing messages. The enc algorithm can be either des or aes and defaults to des. Any user account that has encryption enabled requires authentication to be enabled too.
Using net-snmptools we can confirm that our snmpd daemon is running correctly.
$ snmpwalk -v3 -u “username” -l authPriv -a SHA -A “myauthkey” -x AES -X “myenckey” my-ip-address
- ’-a SHA’ and ‘-x AES’ as per the documentation.
- seclevel sec equates -l authPriv ?