[j-nsp] SNMPv3 Type $9 Passwords ?

kevin gannon kevin at gannons.net
Tue Jun 20 10:46:54 EDT 2017


We are using Ansible to push configurations and also check the
configuration in ansible versus what is on the box.

The checking leads to an annoying problem. For auth keys using $9 style
passwords we can generate them in advance in the Ansible scripts and deploy
them as keys rather than passwords. What this means is when the check is
run an Ansible diff there is no mismatch.

However SNMPv3 somehow uses the SNMP engine-id as part of the hashing. But
I cant figure out the logic to it. I know I could just ignore it but it is
bothering me :-(.

Take the sample below

set snmp v3 usm remote-engine 0000000000 user 00000000 authentication-md5
authentication-password 00000000

Produces:

$9$tvU80ORlKMXxdMWUjq.zF/CtpRhvWLxdbLXk.P5F3hSyeLxVwYgJGhSvLxNY25QzFnC0BIyrv1IdbwYoaApu0EcevWN-wO1NdVwaJn/9ABIEhr8LNcSMX-dsYP5T3ApO1RyevB17-Vboa69Cp1RSyKL7-vMX-bwg4JGDkqf5QF9tu3n9pu0IRSreKLx


If you decrypt the $9$ you get the below

b6c75cc8798750649aee2d4e444944ee3d35af1f3172432a52c47c2bc047b0c0

It does look like 2 x MD5 hashes but there is an extra character so am at a
loss.

Any help much appreciated.

Thanks and regards
Kevin


More information about the juniper-nsp mailing list