SNMPv3 generating keys
AIX® uses the pwtokey command to generate authentication and, when applicable, privacy keys.
The pwtokey command enables the conversion of passwords into localized and non-localized authentication and privacy keys. The pwtokey procedure takes a password and an identifier as the agent and generates authentication and privacy keys. Because the procedure used by the pwtokey command is the same algorithm used by the clsnmp command, the person configuring the SNMP agent can generate appropriate authentication (and privacy) keys to put into the /etc/clsnmp.conf file on the SNMP manager for a user, given a particular password and the IP address at which the target will run on.
After you have generated the authentication keys (and privacy keys if you are running the encrypted version), you will need to enter those keys in the /etc/snmpdv3.conf file on the SNMP agent and in the /etc/clsnmp.conf file on the SNMP manager.
defaultpassword for the password
and 9.3.149.49 as the IP address. The following command was
used: pwtokey -u all -p all defaultpassword 9.3.149.49Display of 16 byte HMAC-MD5 authKey:
18a2c7b78f3df552367383eef9db2e9f
Display of 16 byte HMAC-MD5 localized authKey:
a59fa9783c04bcbe00359fb1e181a4b4
Display of 16 byte HMAC-MD5 privKey:
18a2c7b78f3df552367383eef9db2e9f
Display of 16 byte HMAC-MD5 localized privKey:
a59fa9783c04bcbe00359fb1e181a4b4
Display of 20 byte HMAC-SHA authKey:
754ebf6ab740556be9f0930b2a2256ca40e76ef9
Display of 20 byte HMAC-SHA localized authKey:
cd988a098b4b627a0e8adc24b8f8cd02550463e3
Display of 20 byte HMAC-SHA privKey:
754ebf6ab740556be9f0930b2a2256ca40e76ef9
Display of 16 byte HMAC-SHA localized privKey:
cd988a098b4b627a0e8adc24b8f8cd02 - Localized authentication and privacy keys using the HMAC-MD5 protocol:
USM_USER user1 - HMAC-MD5 a59fa9783c04bcbe00359fb1e181a4b4 DES a59fa9783c04bcbe00359fb1e181a4b4 L - - - Non-localized authentication and privacy keys using the HMAC-MD5 protocol:
USM_USER user2 - HMAC-MD5 18a2c7b78f3df552367383eef9db2e9f DES 18a2c7b78f3df552367383eef9db2e9f N - - - Localized authentication key using the HMAC-MD5 protocol:
USM_USER user3 - HMAC-MD5 a59fa9783c04bcbe00359fb1e181a4b4 - - L - - Non-localized authentication key using the HMAC-MD5 protocol:
USM_USER user4 - HMAC-MD5 18a2c7b78f3df552367383eef9db2e9f - - N - - Localized authentication and privacy keys using the HMAC-SHA protocol:
USM_USER user5 - HMAC-SHA cd988a098b4b627a0e8adc24b8f8cd02550463e3 DES cd988a098b4b627a0e8adc24b8f8cd02 L - - Non-localized authentication and privacy keys using the HMAC-SHA protocol:
USM_USER user6 - HMAC-SHA 754ebf6ab740556be9f0930b2a2256ca40e76ef9 DES 754ebf6ab740556be9f0930b2a2256ca40e76ef9 N - - Localized authentication key using the HMAC-SHA protocol:
USM_USER user7 - HMAC-SHA cd988a098b4b627a0e8adc24b8f8cd02550463e3 - - L - - Non-localized authentication key using the HMAC-SHA protocol:
USM_USER user8 - HMAC-SHA 754ebf6ab740556be9f0930b2a2256ca40e76ef9 - - N - - Neither authentication nor privacy keys used (SNMPv1)
USM_USER user9 - none - none - - -
Configuring users in SNMPv3 requires configuration of both the /etc/snmpdv3.conf file and the /etc/clsnmp.conf file. For a scenario on generating user keys and editing the necessary configuration files, see Creating users in SNMPv3. In addition, see the pwtokey command in Commands Reference, Volume 4 and the clsnmp command in Commands Reference, Volume 1, and the file formats for the /etc/clsnmp.conf file and /etc/snmpdv3.conf file in Files Reference. You can also refer to the sample snmpdv3.conf configuration file and clsnmp.conf configuration file located in the /usr/samples/snmpdv3 directory.