Проект OpenNet: MAN snmpusm (1) Команды и прикладные программы пользовательского уровня (FreeBSD и Linux)

Интерактивная система просмотра системных руководств (man-ов)

snmpusm (1)

>> snmpusm (1) ( Solaris man: Команды и прикладные программы пользовательского уровня )

snmpusm (1) ( Разные man: Команды и прикладные программы пользовательского уровня )

NAME

snmpusm - create and maintain SNMPv3 users on a remote entity

SYNOPSIS

snmpusm [common options] AGENT create user [clonefrom-user]

snmpusm [common options] AGENT delete user

snmpusm [common options] AGENT cloneFrom user clonefrom-user

snmpusm [common options] [-Co] [-Ca] [-Cx] AGENT passwd old-passphrase new-passphrase

DESCRIPTION

The snmpusm utility is an SNMP application that can be used to do simple maintenance on an SNMP agent's User-based Security Module (USM) table. The user needs write access to the usmUserTable MIB table. You can create, delete, clone, and change the passphrase of users configured on a running SNMP agent.

The SNMPv3 USM specifications (see RFC 3414) dictate that users are created and maintained by adding and modifying rows to the usmUserTable MIB table. To create a new user you simply create the row using snmpset(1M). User's profiles contain private keys that are never transmitted over the wire in clear text, regardless of whether the administration requests are encrypted.

The secret key for a user is initially set by cloning another user in the table, so that a new user inherits the cloned user's secret key. A user can be cloned only once, however, after which they must be deleted and re-created to be re-cloned. The authentication and privacy security types are also inherited during this cloning (for example, MD5 vs. SHA1). To change the secret key for a user, you must know the user's old passphrase as well as the new one. The passwd subcommand of the snmpusm command requires both the new and the old passphrases be supplied. After cloning from the appropriate template, you should immediately change the new user's passphrase.

The Net-SNMP agent must first be initialized so that at least one user is setup in it before you can use this command to clone new ones. See the snmpd.conf(4) manual page for a description of the createUser configuration parameter.

Passphrases must be a minimum of eight characters in length.

OPTIONS

See snmpcmd(1M) for a description of common options.

EXAMPLES

Assume for our examples that the following VACM and USM configurations lines are in the snmpd.conf file for a Net-SNMP agent. These lines set up a default user named initial with the authentication passphrase setup_passphrase. Establishing these parameters enables the initial setup of an agent.

# VACM configuration entries
rwuser initial
# The name of the new user that is going to be created
rwuser wes
# USM configuration entries
createUser initial MD5 setup_passphrase DES

Note that the initial user's setup should be removed after creating a real user to whom you grant administrative privileges. The real user is wes in this example.

Example 1: Creating a New User

The following command creates a new user, wes, which is cloned from initial. wes inherits that user's passphrase, setup_passphrase.

# snmpusm -v3 -u initial -n "" -l authNoPriv -a MD5 -A setup_passphrase \
 localhost create wes initial

Example 2: Changing the User's Passphrase

After creating the user wes with the same passphrase as the user initial, we need to change his passphrase for wes. The following command changes it from setup_passphrase, which was inherited from initial, to new_passphrase.

# snmpusm -v 3 -u wes -n "" -l authNoPriv -a MD5 -A setup_passphrase \
localhost passwd setup_passphrase new_passphrase

Example 3: Testing the New User

If the preceding commands were successful, the following command should perform an authenticated SNMPv3 GET request to the agent.

# snmpget -v 3 -u wes -n "" -l authNoPriv -a MD5 -A new_passphrase \
localhost sysUpTime.0

Following a successful test, remove the VACM group snmpd.conf entry for the user initial. At this point, you have a valid user wes that you can use for future transactions.