On the remote server to be monitored, a user ID must be generated with parameters for authentication (access control) and encryption (privacy), specifying the encryption algorithm and the encryption password that will be used. See the manual (man) entry on snmpd.conf for more information.
For the net-snmp agent shipped with most versions of Linux, create /etc/snmp/snmpd.conf with entries like:
# For SNMP V3 # Uncomment next 5 lines com2sec snmpv3test localhost dummycontext com2sec snmpv3test pan51 dummycontext group snmpv3group usm snmpv3test access snmpv3group "" usm priv exact all all all rwuser paco
Create SNMPv3 User
Now, use the net-snmp-config utility to create the SNMP v3 user (‘paco’ in this case). You need to specify a password for authentication (-A) and a password for encryption (-X), along with the algorithms to be used for authentication and encryption. Please note that on CentOS/RHEL, net-snmp-devel must be installed to provide net-snmp-config.
To do this, first stop snmpd:
# /etc/init.d/snmpd stop
Then run the following command:
# net-snmp-config --create-snmpv3-user -A authsample -X encsample -x DES -a MD5 paco
/var/lib/net-snmp/snmpd.conf is modified with (hidden) encryption key and rwuser ‘paco’ is added to this file (/etc/snmp/snmpd.conf).
Testing
Test your SNMPv3 configuration as follows:
$ snmpwalk -v 3 -a MD5 -A authsample -l authNoPriv -u paco sample_target system $ snmpwalk -v 3 -a MD5 -A authsample -X encsample -l authPriv -u paco sample_target system
The tests shown above are to a target called ‘sample_target’ for the MIB-2 system tree.
Note: Different implementations of net-snmp on different Operating Systems may work slightly different. For example, OpenSUSE does not need the net-snmp-devel package and the rwuser is created in a separate snmpd.conf under /usr/share/snmp (which is created automatically if it doesn’t exist).