[j-nsp] SNMPv3 Type $9 Passwords ?
Wojciech Janiszewski
wojciech.janiszewski at gmail.com
Wed Jun 21 05:05:22 EDT 2017
Hi Kevin,
Please refer to RFC2574 for details of password to key algorithm.
Regards,
Wojciech
2017-06-20 16:46 GMT+02:00 kevin gannon <kevin at gannons.net>:
> We are using Ansible to push configurations and also check the
> configuration in ansible versus what is on the box.
>
> The checking leads to an annoying problem. For auth keys using $9 style
> passwords we can generate them in advance in the Ansible scripts and deploy
> them as keys rather than passwords. What this means is when the check is
> run an Ansible diff there is no mismatch.
>
> However SNMPv3 somehow uses the SNMP engine-id as part of the hashing. But
> I cant figure out the logic to it. I know I could just ignore it but it is
> bothering me :-(.
>
> Take the sample below
>
> set snmp v3 usm remote-engine 0000000000 user 00000000 authentication-md5
> authentication-password 00000000
>
> Produces:
>
> $9$tvU80ORlKMXxdMWUjq.zF/CtpRhvWLxdbLXk.P5F3hSyeLxVwYgJGhSvLxNY25QzFnC
> 0BIyrv1IdbwYoaApu0EcevWN-wO1NdVwaJn/9ABIEhr8LNcSMX-dsYP5T3ApO1RyevB17-
> Vboa69Cp1RSyKL7-vMX-bwg4JGDkqf5QF9tu3n9pu0IRSreKLx
>
>
> If you decrypt the $9$ you get the below
>
> b6c75cc8798750649aee2d4e444944ee3d35af1f3172432a52c47c2bc047b0c0
>
> It does look like 2 x MD5 hashes but there is an extra character so am at a
> loss.
>
> Any help much appreciated.
>
> Thanks and regards
> Kevin
> _______________________________________________
> juniper-nsp mailing list juniper-nsp at puck.nether.net
> https://puck.nether.net/mailman/listinfo/juniper-nsp
>
More information about the juniper-nsp
mailing list