[j-nsp] SNMPv3 Type $9 Passwords ?
kevin gannon
kevin at gannons.net
Wed Jun 21 17:02:59 EDT 2017
Many thanks.
On Wed, 21 Jun 2017 at 10:05, Wojciech Janiszewski <
wojciech.janiszewski at gmail.com> wrote:
> Hi Kevin,
>
> Please refer to RFC2574 for details of password to key algorithm.
>
> Regards,
> Wojciech
>
> 2017-06-20 16:46 GMT+02:00 kevin gannon <kevin at gannons.net>:
>
>> We are using Ansible to push configurations and also check the
>> configuration in ansible versus what is on the box.
>>
>> The checking leads to an annoying problem. For auth keys using $9 style
>> passwords we can generate them in advance in the Ansible scripts and
>> deploy
>> them as keys rather than passwords. What this means is when the check is
>> run an Ansible diff there is no mismatch.
>>
>> However SNMPv3 somehow uses the SNMP engine-id as part of the hashing. But
>> I cant figure out the logic to it. I know I could just ignore it but it is
>> bothering me :-(.
>>
>> Take the sample below
>>
>> set snmp v3 usm remote-engine 0000000000 user 00000000 authentication-md5
>> authentication-password 00000000
>>
>> Produces:
>>
>>
>> $9$tvU80ORlKMXxdMWUjq.zF/CtpRhvWLxdbLXk.P5F3hSyeLxVwYgJGhSvLxNY25QzFnC0BIyrv1IdbwYoaApu0EcevWN-wO1NdVwaJn/9ABIEhr8LNcSMX-dsYP5T3ApO1RyevB17-Vboa69Cp1RSyKL7-vMX-bwg4JGDkqf5QF9tu3n9pu0IRSreKLx
>>
>>
>> If you decrypt the $9$ you get the below
>>
>> b6c75cc8798750649aee2d4e444944ee3d35af1f3172432a52c47c2bc047b0c0
>>
>> It does look like 2 x MD5 hashes but there is an extra character so am at
>> a
>> loss.
>>
>> Any help much appreciated.
>>
>> Thanks and regards
>> Kevin
>>
> _______________________________________________
>> juniper-nsp mailing list juniper-nsp at puck.nether.net
>> https://puck.nether.net/mailman/listinfo/juniper-nsp
>>
>
>
More information about the juniper-nsp
mailing list