[SNMP4J] SNMP4J - SSH Transport

Frank Fock fock at agentpp.com
Tue Nov 7 20:48:32 CET 2017 

Hi Prema,

TLS transport is only standardised for SNMPv3 messaging protocol. It  will not work for SNMPv2c.
If you simply want to encrypt the traffic between manager and agent (what seems to be the case, otherwise SNMPv3 would be your base requirement), then using a VPN (IPsec) between manager and agent could be an option. 

Best regards,
Frank


> On 7. Nov 2017, at 17:36, Prema Upot <prema.upot at optelian.com> wrote:
> 
> Hi Frank,
> 
> We initially had the idea of using SSH since we already had SSH server running on the server side. But on further investigation, it appears that we need to do more work in that area to make it usable for SNMP, so we are going to try TLS transport instead as you suggested. 
> 
> I have a couple of questions in this area.
> The FAQ in this page https://oosnmp.net/confluence/pages/viewpage.action?pageId=3834144 <https://oosnmp.net/confluence/pages/viewpage.action?pageId=3834144> states we need to use MPv3 model. Our server is going to be processing SNMP v2 messages going over TLS. 
> How do I set up the messageProcessingModel and CertifiedTarget version in this case in the SNMP4J based client ?
> 
> Thanks,
> Prema
> 
> -----Original Message-----
> From: Frank Fock [mailto:fock at agentpp.com <mailto:fock at agentpp.com>] 
> Sent: Friday, October 20, 2017 3:54 PM
> To: Prema Upot <prema.upot at optelian.com <mailto:prema.upot at optelian.com>>
> Cc: snmp4j at agentpp.org <mailto:snmp4j at agentpp.org>
> Subject: Re: [SNMP4J] SNMP4J - SSH Transport
> 
> Hi Prema,
> 
> The both interface classes are only a first approach, but nothing usable at the moment.
> SNMP over SSH is rather complex to implement. I prefer using TLS directly.
> Why are you looking for SSH?
> 
> Best regards,
> Frank
> 
> 
>> On 20. Oct 2017, at 19:53, Prema Upot <prema.upot at optelian.com> wrote:
>> 
>> Hi,
>> 
>> I see that the latest snmp4j 2.5.8 has support code for integrating a third party SSH stack as transport.  Has anyone tried it especially with JSch?
>> 
>> Thanks,
>> Prema
>> _______________________________________________
>> SNMP4J mailing list
>> SNMP4J at agentpp.org
>> https://linkprotect.cudasvc.com/url?a=https://oosnmp.net/mailman/listinfo/snmp4j&c=E,1,NlPzmXwc6S2koC0fribV2K_et0Nrl5Vwr1cIZGP15pHFtI6FeGtq8nnHKNnEBzyEOFIP81YxyN7q-YuKc--1o5ocemHBKgQ3jODvc2lCCfWXFMsCXQB2&typo=1 <https://linkprotect.cudasvc.com/url?a=https://oosnmp.net/mailman/listinfo/snmp4j&c=E,1,NlPzmXwc6S2koC0fribV2K_et0Nrl5Vwr1cIZGP15pHFtI6FeGtq8nnHKNnEBzyEOFIP81YxyN7q-YuKc--1o5ocemHBKgQ3jODvc2lCCfWXFMsCXQB2&typo=1>

More information about the SNMP4J mailing list