Summary of snmp verification methods 04/05 Update SLTechnology News&Howtos

Summary of snmp verification methods

2025-04-05 Update From: SLTechnology News&Howtos shulou NAV: SLTechnology News&Howtos > Network Security >

Shulou(Shulou.com)06/01 Report--

Recently, in the process of security reinforcement, the verification method of snmp v1 is considered to be unsafe and is required to upgrade to V2C or v3, so take this opportunity to sum up.

First, take a look at several parameters of the snmpwalk detection program:

-v 1 | 2c | 3 specify the SNMP version to be used

-c COMMUNITY sets the group number

-u USER-NAME sets the user name of snmp v3

-A PASSPHRASE sets the user password

-l LEVEL sets the security level: noAuthNoPriv | authNoPriv | authPriv

-a PROTOCOL sets the hash algorithm for encrypting user passwords: MD5 (default) or SHA

-x PROTOCOL sets the algorithm for encrypting the hash value of the user's password: DES (default) or AES

-X PASSPHRASE sets the encryption password

Description:

1) explanation of security level:

NoAuthNoPriv has neither password nor encrypted password. V1/v2c/v3 supports both.

AuthNoPriv has password and no confusion code v3 support

AuthPriv has both password and confusion code v3 support.

2) snmp v1/v2c only supports group number string (community string) authentication, snmpv3 uses user / password authentication, encryption password is optional.

3) example:

/ usr/bin/snmpwalk-v 3-u username-l authPriv-a MD5-A password-x DES-X passphrase 127.0.0.1

Add snmp users to RHEL6

1) Let's first use the net-snmp-create-v3-user program to create a read-only snmp v3 user

# service snmpd stop# net-snmp-create-v3-user-- helpUsage: net-snmp-create-v3-user [- ro] [- An authpass] [- X privpass] [- a MD5 | SHA] [- x DES] [username] # net-snmp-create-v3-user-ro-A password-x MD5-x DES usernameadding the following line to / var/lib/net-snmp/snmpd.conf: createUser username MD5 "password "DES passphraseadding the following line to / etc/snmp/snmpd.conf: rouser username# service snmpd start

2) according to the above, we can see that the added user information is stored in / var/lib/net-snmp/snmpd.conf and / etc/snmp/snmpd.conf files respectively. So on other machines, all we have to do is synchronize these two files and restart the snmpd daemon.

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.

*The comments in the above article only represent the author's personal views and do not represent the views and positions of this website. If you have more insights, please feel free to contribute and share.