Re: snmpv3 config

u346874_2 · ‎11-24-2006

snmp-server user myuser mygroup v3 encrypted auth sha password

Does anyone know what might that encrypted do/cause in that entry. When i add that encrypted word to my new snmpv3 user i dont get any snmp packets from switch. Without that it works fine. Poller is DFM 2.0.6

Juha

Joe Clarke · ‎11-24-2006

The encrypted keyword means you will be specifying the user's password as an MD5 or SHA hash. You would use this if you already had the password hashed, and you wanted to input the data as-is. If "password" in your above line is not in a SHA hash (in your example), then you have just broken SNMPv3 for myuser.

u346874_2 · ‎11-29-2006

Hi

"then you have just broken SNMPv3 for myuser."

I havent use that "encrypted". But if i sniffer my smnpv3 data the password can not read from sniffer data.(its hashed) If i use that "encrypted" what should i enter for the password. If i dont use that "encrypted" is my user auth password easy to broken. Quite hard now understand what actually that "encrypted" means. Maybe some example might give some light this. I found one document and there was somenthing like adding hex codes instead of plain text for that password if use that "encrypted".

thanks

Juha

Joe Clarke · ‎11-29-2006

The use of the encrypted keyword does not change what is sent on the wire. In either case, the password is hashed on the wire using the desired algorithm.

Using "encrypted" just changes the way the input is processed. Given that SNMPv3 users do not show up in the config due to the way the RFC is defined, you should never really have a reason to use the encrypted keyword. But you are correct. If you use the encrypted keyword, you will enter a encoded hash. An example MD5 hash may look like:

$1$RvVG$4seAnQAeV1VYyD5tAjoyS0