How to define trapsess for snmpv3 without plain passwords in Red Hat Enterprise Linux 6

Resolution

• Define a USM user in /var/lib/net-snmp/snmpd.conf (or /var/lib/net-snmp/snmptrapd.conf), and just specify the username only in the trapsess configuration.

• Following steps shows how to do so as an example.

[1] (snmpd) check engineID

# service snmpd start   <<=== the first execution creates /var/lib/net-snmp/snmptrapd.conf
# service snmpd stop

# grep oldEngineID /var/lib/net-snmp/snmpd.conf
oldEngineID 0x80001f8880b9183256d400ad5300000000

[2] (snmpd) create user

Add this one into /var/lib/net-snmp/snmpd.conf

  createUser testuser MD5 12345678 DES 23456789

# service snmpd start
# service snmpd stop

The 'createUser' line is changed into the following one in /var/lib/net-snmp/snmpd.conf

  usmUser 1 3 0x80001f8880b9183256d400ad5300000000 0x746573747573657200 0x746573747573657200 NULL .1.3.6.1.6.3.10.1.1.2 0x514f3726290a7814935db40e80912abf .1.3.6.1.6.3.10.1.2.2 0xa3dbcf216b04e5fe1d90bbf9fd6a6685 ""

Add these ones into /etc/snmp/snmpd.conf

  rwuser testuser authpriv .1
  trapsess -v 3 -l authPriv -u testuser <ipaddr of snmptrapd>

NOTE: replace by the ip address of snmptrapd.

[3] (snmptrapd) create user

Add this one into /var/lib/net-snmp/snmptrapd.conf

  createUser -e 0x80001f8880b9183256d400ad5300000000 testuser MD5 12345678 DES 23456789

NOTE: specify the engineID of snmpd with -e

# service snmptrapd start
# service snmptrapd stop

The 'createUser' line is changed into the following one in /var/lib/net-snmp/snmptrapd.conf

  usmUser 1 3 0x80001f8880b9183256d400ad5300000000 0x746573747573657200 0x746573747573657200 NULL .1.3.6.1.6.3.10.1.1.2 0x514f3726290a7814935db40e80912abf .1.3.6.1.6.3.10.1.2.2 0xa3dbcf216b04e5fe1d90bbf9fd6a6685 ""

Add this one into /etc/snmp/snmpd.conf

  authUser log,execute testuser

# service snmptrapd start

In this example, /etc/snmp/snmpd.conf and /var/lib/net-snmp/snmpd.conf won't have the plain passwords.