如何在网络snmp 5.8上配置带有USM身份验证和隐私的SNMPv3以避免;安全服务3解析ScopedPDU时出错;?
我在CentOS7上安装了一个运行正常的net snmp v5.7,现在我正尝试在CentOS8上运行的net snmp v5.8上进行同样的安装 我已将/etc/snmp/snmpd.conf配置如下:如何在网络snmp 5.8上配置带有USM身份验证和隐私的SNMPv3以避免;安全服务3解析ScopedPDU时出错;?,snmp,net-snmp,Snmp,Net Snmp,我在CentOS7上安装了一个运行正常的net snmp v5.7,现在我正尝试在CentOS8上运行的net snmp v5.8上进行同样的安装 我已将/etc/snmp/snmpd.conf配置如下: syslocation Somewhere syscontact postmaster@example.com dontLogTCPWrappersConnects yes agentaddress udp:161,udp6:161 includeAllDisks 10% engineI
syslocation Somewhere
syscontact postmaster@example.com
dontLogTCPWrappersConnects yes
agentaddress udp:161,udp6:161
includeAllDisks 10%
engineID host.example.com
rouser -s usm user1
rouser -s usm user2
defversion 3
defsecurityname user1
defsecuritylevel authPriv
defauthtype SHA256
defauthpassphrase password
defprivtype AES256
defprivpassphrase password
[root@host ~]# snmpwalk host.example.com
security service 3 error parsing ScopedPDU
security service 3 error parsing ScopedPDU
security service 3 error parsing ScopedPDU
security service 3 error parsing ScopedPDU
security service 3 error parsing ScopedPDU
security service 3 error parsing ScopedPDU
snmpwalk: Timeout (error parsing PDU)
用户是在/var/lib/net snmp/snmpd.conf中创建的,如下所示,重新启动会按预期转换这些用户:
createUser "user1" "SHA256" "password" "AES256" "password"
createUser "user2" "SHA256" "password" "AES256" "password"
在同一台机器上,snmpwalk在/etc/snmp/snmp.conf中配置如下:
syslocation Somewhere
syscontact postmaster@example.com
dontLogTCPWrappersConnects yes
agentaddress udp:161,udp6:161
includeAllDisks 10%
engineID host.example.com
rouser -s usm user1
rouser -s usm user2
defversion 3
defsecurityname user1
defsecuritylevel authPriv
defauthtype SHA256
defauthpassphrase password
defprivtype AES256
defprivpassphrase password
[root@host ~]# snmpwalk host.example.com
security service 3 error parsing ScopedPDU
security service 3 error parsing ScopedPDU
security service 3 error parsing ScopedPDU
security service 3 error parsing ScopedPDU
security service 3 error parsing ScopedPDU
security service 3 error parsing ScopedPDU
snmpwalk: Timeout (error parsing PDU)
尝试运行snmpwalk(将上述参数添加到snmp.conf)失败,如下所示:
syslocation Somewhere
syscontact postmaster@example.com
dontLogTCPWrappersConnects yes
agentaddress udp:161,udp6:161
includeAllDisks 10%
engineID host.example.com
rouser -s usm user1
rouser -s usm user2
defversion 3
defsecurityname user1
defsecuritylevel authPriv
defauthtype SHA256
defauthpassphrase password
defprivtype AES256
defprivpassphrase password
[root@host ~]# snmpwalk host.example.com
security service 3 error parsing ScopedPDU
security service 3 error parsing ScopedPDU
security service 3 error parsing ScopedPDU
security service 3 error parsing ScopedPDU
security service 3 error parsing ScopedPDU
security service 3 error parsing ScopedPDU
snmpwalk: Timeout (error parsing PDU)
使用SHA和AES代替SHA256和AES256具有相同的效果
有人能证实上面的错误吗?我在运行5.8的Ubuntu 20.04上遇到了同样的问题,最终改用了certs(SNMP3+DTLS),并修复了使其无法工作的bug。Net snmpd 5.9.1已经修复了。我在运行5.8的Ubuntu 20.04上遇到了同样的问题,最终改为使用证书(SNMP3+DTLS),并修复了使其无法工作的错误。Net snmpd 5.9.1有修复程序。