[Ref: snmpd(8), snmpctl(8), snmpd.conf(5)]
Table of Contents
snmpd(8) has been part of OpenBSD base since at least 4.3. The snmpctl(8) control utility let’s you connect/access a running snmpd daemon.
Below is a generic configuration with v3 user authentication.
File extract: /etc/snmpd.conf
listen_addr=my-ip-address
listen on $listen_addr
system contact helpdesk@example.com
system services 74
# Enable SNMPv3 USM with authentication, encryption
seclevel enc
user "username" authkey "myauthkey" enc aes enckey "myenckey"From the manpage:
user name [authkey key auth hmac] [enckey key enc cipher]
Defines a known user. The authkey keyword is required to specify
the digest key used to authenticate messages. If this keyword is
omitted then authentication is disabled for this user account.
Optionally the HMAC algorithm used for authentication can be
specified. hmac must be either hmac-md5 or hmac-sha1. If omitted
the default is hmac-sha1.
With enckey the encryption key used to encrypt and decrypt
messages for privacy is defined. Without an enckey specification
the user account will neither accept encrypted incoming messages
nor will it encrypt outgoing messages. The enc algorithm can be
either des or aes and defaults to des.
Any user account that has encryption enabled requires
authentication to be enabled too.
Using net-snmptools we can confirm that our snmpd daemon is running correctly.
$ snmpwalk -v3 -u "username" -l authPriv -a SHA -A "myauthkey" -x AES -X "myenckey" my-ip-addressNote: