NET-SNMP - NET Simple Network Management Protocol

[Ref: snmpd(8), snmpctl(8), snmpd.conf(5)]

Table of Contents

snmpd(8) has been part of OpenBSD base since at least 4.3. The snmpctl(8) control utility let's you connect/access a running snmpd daemon.

Below is a generic configuration with v3 user authentication.

File extract: /etc/snmpd.conf

listen_addr=my-ip-address

listen on $listen_addr
system contact helpdesk@example.com
system services 74

# Enable SNMPv3 USM with authentication, encryption
seclevel enc
user "username" authkey "myauthkey" enc aes enckey "myenckey"

From the manpage:

user name [authkey key auth hmac] [enckey key enc cipher]

    Defines a known user. The authkey keyword is required to specify 
    the digest key used to authenticate messages. If this keyword is 
    omitted then authentication is disabled for this user account. 
    Optionally the HMAC algorithm used for authentication can be 
    specified. hmac must be either hmac-md5 or hmac-sha1. If omitted 
    the default is hmac-sha1.

    With enckey the encryption key used to encrypt and decrypt 
    messages for privacy is defined. Without an enckey specification 
    the user account will neither accept encrypted incoming messages 
    nor will it encrypt outgoing messages. The enc algorithm can be 
    either des or aes and defaults to des.

    Any user account that has encryption enabled requires 
    authentication to be enabled too.

Using net-snmptools we can confirm that our snmpd daemon is running correctly.

$ snmpwalk -v3 -u "username" -l authPriv -a SHA -A "myauthkey" -x AES -X "myenckey" my-ip-address

Note:

  • '-a SHA' and '-x AES' as per the documentation.
  • seclevel sec equates -l authPriv ?