I know the title says SNMPv3 on Raspberry Pi, but this should also work on any Linux distro.
I have been lazy for the past couple of weeks to get my servers added to my LibreNMS. Yesterday, my PiVPN broke, so I was forced to fix it. So instead of fixing my PiVPN, I installed WireGuard.
Why use SNMPv3 instead of SNMP v2c? Because it is more secure than v2c. I am not security guy, but what I know is SNMP v3 was created to address any security concerns about v2c.
Install the necessary software to get this started
sudo apt install -y snmpd snmp libsnmp-dev
Stop the SNMP daemon
sudo systemctl stop snmpd
Create the SNMPv3 user
Replace the following
AuthPassword
with your own auth passwordEncryptionPassword
with your own encryption passwordAuthAlgorithm
with your own auth algorithmCrytoAlgorithm
with your own auth algorithmAuthUserName
with your own auth user name

If any of your password contains the exclamation point (!), the system would not accept this. To get around this, wrap your password with a single quotation marks (‘)
sudo net-snmp-config --create-snmpv3-user -ro -A AuthPassword -X EncryptionPassword -a AuthAlgorithm -x CrytoAlgorithm AuthUserName
If everything is correct, you should get something similar to this; otherwise, you will get an error.
adding the following line to /var/lib/snmp/snmpd.conf: createUser AuthUserName SHA "AuthPassword" AES EncryptionPassword adding the following line to /usr/share/snmp/snmpd.conf: rouser AuthUserName
Edit the file /etc/snmp/snmpd.conf
and change the following :
- sysLocation
- sysContact
sysLocation Home sysContact NetworkShinobi
Allow SNMP on a specific interface to accept the incoming request. If you want to allow SNMP on all interfaces, commented it out this line agentAddress udp:127.0.0.1:161
. Also, uncomment the agentAddress udp:161,udp6:[::1]:161
. In my case, I just enabled the only eth0 by entering eth0 IP address as shown below.
#agentAddress udp:127.0.0.1:161 agentAddress udp:10.0.9.11:161 # 10.0.9.11 is my raspberry pi eth0 #agentAddress udp:161,udp6:[::1]:161
Disable v2c by commenting out the following lines
#rocommunity public default -V systemonly #rocommunity6 public default -V systemonly
Start SNMP daemon again
sudo systemctl start snmpd
This is pretty much it. In regards to getting SNMPv3 up and running. You can test the make sure it is working by using snmpwalk
# SNMPv3 snmpwalk -v3 -a SHA -A AuthPassword -X EncryptionPassword -l authNoPriv -u AuthUserName 10.0.9.11
Make sure that SNMP v1 and v2c are not working
snmpwalk -v 2c -c public 10.0.9.11 snmpwalk -v 1 -c public 10.0.9.11
If the snmpwalk failed and got an error message as shown below.
Error in packet. Reason: authorizationError (access denied to that object)
You may need to add the following line to the bottom of the /etc/snmp/snmpd.conf
.
rouser <snmp-user> priv .1
Cheers!
Works fine, Thanks a lot Karlo