SNMP unsupported security level

NSaid picture NSaid · Feb 27, 2016 · Viewed 8.2k times · Source

I'm trying to configure my snmp daemon but I seem to be experiencing some difficulty. Whenever I try to run the following command:

snmpget -u bootstrap -l authPriv -a MD5 -x DES -A temp_password -X temp_password remote_host 1.3.6.1.2.1.1.1.0

I get an error stating:

snmpget: Unsupported security level

I've been following along with this tutorial: https://www.digitalocean.com/community/tutorials/how-to-install-and-configure-an-snmp-daemon-and-client-on-ubuntu-14-04. I've done some reading and found that I am failing at how I have created my user. I've put the code I've used down below:

###############################################################################                                              
#                                                                                                                            
#  SNMPv3 AUTHENTICATION                                                                                                     
#                                                                                                                            
#  Note that these particular settings don't actually belong here.                                                           
#  They should be copied to the file /var/lib/snmp/snmpd.conf                                                                
#     and the passwords changed, before being uncommented in that file *only*.                                               
#  Then restart the agent                                                                                                    

#  createUser authOnlyUser  MD5 "remember to change this password"                                                           
#  createUser authPrivUser  SHA "remember to change this one too"  DES                                                       
#  createUser internalUser  MD5 "this is only ever used internally, but still change the password"                           

#  If you also change the usernames (which might be sensible),                                                               
#  then remember to update the other occurances in this example config file to match. 
###############################################################################                                              
#                                                                                                                            
#  ACCESS CONTROL                                                                                                            
#                                                                                                                            

                                                 #  system + hrSystem groups only                                            
view   systemonly  included   .1.3.6.1.2.1.1
view   systemonly  included   .1.3.6.1.2.1.25.1

                                                 #  Full access from the local host                                          
 rocommunity public  localhost
# rocommunity public                                                                                                         
                                                 #  Default access to basic system info                                      
 rocommunity public  default    -V systemonly
                                                 #  rocommunity6 is for IPv6                                                 
 rocommunity6 public  default   -V systemonly

                                                 #  Full access from an example network                                      
                                                 #     Adjust this network address to match your local                       
                                                 #     settings, change the community string,                                
                                                 #     and check the 'agentAddress' setting above                            
#rocommunity secret  10.0.0.0/16                                                                                             

                                                 #  Full read-only access for SNMPv3                                         
 rouser   authOnlyUser
                                                 #  Full write access for encrypted requests                                 
                                                 #     Remember to activate the 'createUser' lines above                     
# create temporary user                                                                                                      
createUser bootstrap MD5 "temp_password" DES

# set up level of acccess that user will have. allow for read write access                                                   
rwuser bootstrap priv
rwuser demo priv
#rwuser   authPrivUser   priv  

I believe that I have created the user correctly and provided the correct authorization through the rwuser command. Any help debugging my code further would be appreciated.

Answer

Truong Nguyen picture Truong Nguyen · Apr 8, 2016

i think it was because of this line:

rwuser bootstrap priv

it should be like this:

rwuser bootstrap authPriv

if you gave what "security level" to a user, he could only use that ""security level" to authenticate