Enabling Use of AES256 with SNMPv3

Help
1

I’m trying to be able to use AES256 with SNMPv3, however everything I have tried has failed. I ran this script from https://gist.github.com/TimRots/30d0fa3bed96370e57f509942f5050b2:

apt update -y && apt upgrade -y file libperl-dev\
    && wget http://sourceforge.net/projects/net-snmp/files/net-snmp/5.9/net-snmp-5.9.tar.gz \
    && tar xzvf net-snmp-5.9.tar.gz \
    && cd net-snmp-5.9 \
    && CC=gcc ./configure --disable-debugging --disable-manuals --enable-shared --enable-mini-agent --enable-ipv6 --without-rpm --disable-embedded-perl --without-perl-modules --enable-blumenthal-aes --with-default-snmp-version="3" --with-security-modules="usm" --with-sys-location="Unknown" --with-gnu-ld --prefix=/usr --with-logfile="/var/log/snmpd" --with-sys-contact="@@no.where" --with-persistent-directory="/var/net-snmp" \
    && make -j$(nproc) && make install \
    && cd .. \
    && rm -rf net-snmp-5.9 \
    && rm -f net-snmp-5.9.tar.gz \
    && rm -rf /var/lib/apt/lists/

however I got the error: “Blumenthal draft requires OpenSSL with AES functions enabled”. I researched, however couldn’t figure out to do so. Any help is appreciated!

2

This sounds like you also need to compile your own OpenSSL.

Maybe somebody here already solved the problem but I would also ask in the forums and chats of your base OS.

3

I agree, however I’ve researched how to do so and came up with nothing. I am using Debian Bullseye.

4

This is a bump

5

Bumpity bump bump

6

Why not “just” stick with AES128?

Looking at the changelogs. AES192/-256 was enabled in 5.9.1. You could pin the snmpd 5.9.x package from bookworm and install it on buster. (I’ve done this before with packages from testing/unstable)

8 
Package: snmpd
Pin: release a=bookworm
Pin-Priority: 900

https://wiki.debian.org/AptConfiguration

Thou. You might not want this. In case of e.g. libc6 dependencies.

9

This topic was automatically closed 90 days after the last reply. New replies are no longer allowed.