I know the title says SNMPv3 on Raspberry Pi, but this should also work on any Linux distro.
Why use SNMPv3 instead of SNMP v2c? Because it is more secure than v2c. I am not security guy, but what I know is SNMP v3 was created to address any security concerns about v2c.
Install the necessary software to get this started
sudo apt install -y snmpd snmp libsnmp-dev
Stop the SNMP daemon
sudo systemctl stop snmpd
Create the SNMPv3 user
Replace the following
AuthPasswordwith your own auth password
EncryptionPasswordwith your own encryption password
AuthAlgorithmwith your own auth algorithm
CrytoAlgorithmwith your own auth algorithm
AuthUserNamewith your own auth user name
If any of your password contains the exclamation point (!), the system would not accept this. To get around this, wrap your password with a single quotation marks (‘)
sudo net-snmp-config --create-snmpv3-user -ro -A AuthPassword -X EncryptionPassword -a AuthAlgorithm -x CrytoAlgorithm AuthUserName
If everything is correct, you should get something similar to this; otherwise, you will get an error.
adding the following line to /var/lib/snmp/snmpd.conf: createUser AuthUserName SHA "AuthPassword" AES EncryptionPassword adding the following line to /usr/share/snmp/snmpd.conf: rouser AuthUserName
Edit the file
/etc/snmp/snmpd.conf and change the following :
sysLocation Home sysContact NetworkShinobi
Allow SNMP on a specific interface to accept the incoming request. If you want to allow SNMP on all interfaces, commented it out this line
agentAddress udp:127.0.0.1:161. Also, uncomment the
agentAddress udp:161,udp6:[::1]:161. In my case, I just enabled the only eth0 by entering eth0 IP address as shown below.
#agentAddress udp:127.0.0.1:161 agentAddress udp:10.0.9.11:161 # 10.0.9.11 is my raspberry pi eth0 #agentAddress udp:161,udp6:[::1]:161
Disable v2c by commenting out the following lines
#rocommunity public default -V systemonly #rocommunity6 public default -V systemonly
Start SNMP daemon again
sudo systemctl start snmpd
This is pretty much it. In regards to getting SNMPv3 up and running. You can test the make sure it is working by using snmpwalk
# SNMPv3 snmpwalk -v3 -a SHA -A AuthPassword -X EncryptionPassword -l authNoPriv -u AuthUserName 10.0.9.11
Make sure that SNMP v1 and v2c are not working
snmpwalk -v 2c -c public 10.0.9.11 snmpwalk -v 1 -c public 10.0.9.11
If the snmpwalk failed and got an error message as shown below.
Error in packet. Reason: authorizationError (access denied to that object)
You may need to add the following line to the bottom of the
rouser <snmp-user> priv .1