[SNMP4J] SNMP4J - SSH Transport
Prema Upot
prema.upot at optelian.com
Wed Nov 8 18:42:53 CET 2017
Hi Frank,
You are right that I am looking for ways to encrypt traffic between the manager and the agent. Unfortunately the corporate policies prevent setting up of VPNs for this purpose and so it has to be application based.
Thanks,
Prema
From: Frank Fock [mailto:fock at agentpp.com]
Sent: Tuesday, November 07, 2017 2:49 PM
To: Prema Upot <prema.upot at optelian.com>
Cc: snmp4j at agentpp.org
Subject: Re: [SNMP4J] SNMP4J - SSH Transport
Hi Prema,
TLS transport is only standardised for SNMPv3 messaging protocol. It will not work for SNMPv2c.
If you simply want to encrypt the traffic between manager and agent (what seems to be the case, otherwise SNMPv3 would be your base requirement), then using a VPN (IPsec) between manager and agent could be an option.
Best regards,
Frank
On 7. Nov 2017, at 17:36, Prema Upot <prema.upot at optelian.com<mailto:prema.upot at optelian.com>> wrote:
Hi Frank,
We initially had the idea of using SSH since we already had SSH server running on the server side. But on further investigation, it appears that we need to do more work in that area to make it usable for SNMP, so we are going to try TLS transport instead as you suggested.
I have a couple of questions in this area.
The FAQ in this page https://oosnmp.net/confluence/pages/viewpage.action?pageId=3834144<https://linkprotect.cudasvc.com/url?a=https://oosnmp.net/confluence/pages/viewpage.action%3fpageId%3d3834144&c=E,1,E2-fwWP1VXQtBJwWPxwR6Fo16WN756-pXUiKsQL7eAAj5oQMirBtvCRN1s94KhYp9H7g7LEydo9hWrv2uJVBPmajNIozJ4Sw-tu_Q7Iw9u1DSIA,&typo=1> states we need to use MPv3 model. Our server is going to be processing SNMP v2 messages going over TLS.
How do I set up the messageProcessingModel and CertifiedTarget version in this case in the SNMP4J based client ?
Thanks,
Prema
-----Original Message-----
From: Frank Fock [mailto:fock at agentpp.com]
Sent: Friday, October 20, 2017 3:54 PM
To: Prema Upot <prema.upot at optelian.com<mailto:prema.upot at optelian.com>>
Cc: snmp4j at agentpp.org<mailto:snmp4j at agentpp.org>
Subject: Re: [SNMP4J] SNMP4J - SSH Transport
Hi Prema,
The both interface classes are only a first approach, but nothing usable at the moment.
SNMP over SSH is rather complex to implement. I prefer using TLS directly.
Why are you looking for SSH?
Best regards,
Frank
On 20. Oct 2017, at 19:53, Prema Upot <prema.upot at optelian.com<mailto:prema.upot at optelian.com>> wrote:
Hi,
I see that the latest snmp4j 2.5.8 has support code for integrating a third party SSH stack as transport. Has anyone tried it especially with JSch?
Thanks,
Prema
_______________________________________________
SNMP4J mailing list
SNMP4J at agentpp.org<mailto:SNMP4J at agentpp.org>
https://linkprotect.cudasvc.com/url?a=https://oosnmp.net/mailman/listinfo/snmp4j&c=E,1,NlPzmXwc6S2koC0fribV2K_et0Nrl5Vwr1cIZGP15pHFtI6FeGtq8nnHKNnEBzyEOFIP81YxyN7q-YuKc--1o5ocemHBKgQ3jODvc2lCCfWXFMsCXQB2&typo=1
More information about the SNMP4J
mailing list