Open madhudn24 opened 1 year ago
You will need to use pip list
to print out the PySNMP packages (pysnmp, pyasn1, and many other related) you are using.
Below is the output of the same.
ubuntu@ubuntu-1:~$ pip3 list
asn1crypto (0.24.0)
attrs (17.4.0)
Automat (0.6.0)
blinker (1.4)
certifi (2018.1.18)
chardet (3.0.4)
click (6.7)
cloud-init (23.1.2)
colorama (0.3.7)
command-not-found (0.3)
configobj (5.0.6)
constantly (15.1.0)
cryptography (2.1.4)
distro-info (0.18ubuntu0.18.04.1)
httplib2 (0.9.2)
hyperlink (17.3.1)
idna (2.6)
incremental (16.10.1)
Jinja2 (2.10)
jsonpatch (1.16)
jsonpointer (1.10)
jsonschema (2.6.0)
keyring (10.6.0)
keyrings.alt (3.0)
language-selector (0.1)
MarkupSafe (1.0)
netifaces (0.10.4)
oauthlib (2.0.6)
PAM (0.4.2)
pexpect (4.2.1)
pip (9.0.1)
ply (3.11)
pyasn1 (0.4.8)
pyasn1-modules (0.2.1)
pycrypto (2.6.1)
pycryptodomex (3.18.0)
pygobject (3.26.1)
PyJWT (1.5.3)
pyOpenSSL (17.5.0)
pyserial (3.4)
pysmi (0.3.4)
pysnmp (4.4.12)
python-apt (1.6.5+ubuntu0.7)
python-debian (0.1.32)
pyxdg (0.25)
PyYAML (3.12)
requests (2.18.4)
requests-unixsocket (0.1.5)
SecretStorage (2.3.1)
service-identity (16.0.0)
setuptools (39.0.1)
six (1.11.0)
sos (4.3)
ssh-import-id (5.7)
systemd-python (234)
Twisted (17.9.0)
ubuntu-advantage-tools (27.2)
ufw (0.36)
unattended-upgrades (0.1)
urllib3 (1.22)
wheel (0.30.0)
zope.interface (4.3.2)
I removed securityEngineId
parameter in the usmUserData and this error goes away , however the server seems to report an error saying UnknownEngine ID and this may be because the Username field is empty as per the tcpdump output below.
06:46:06.849054 IP 10.64.3.176.50914 > 192.170.1.2.snmp: F=r U="" E= C="" GetNextRequest(13)
06:46:06.849177 IP 10.64.3.176.50914 > 192.170.1.2.snmp: F=r U="" E= C="" GetNextRequest(13)
06:46:06.849931 IP 192.170.1.2.snmp > 10.64.3.176.50914: F= U="" E=_ff_42 C="" Report(31) S:snmpUsmMIB.usmMIBObjects.usmStats.usmStatsUnknownEngineIDs.0=172
06:46:06.849934 IP 192.170.1.2.snmp > 10.64.3.176.50914: F= U="" E=_ff_42 C="" Report(31) S:snmpUsmMIB.usmMIBObjects.usmStats.usmStatsUnknownEngineIDs.0=172
The SNMP server configuration seems to be fine because the snmpwalk
to the same works fine
snmpwalk -v 3 -u vyos -a SHA -A authkey1 -x AES -X privkey1 -l authPriv 192.170.1.2 1.3.6.1.2.1.2.2.1.2
iso.3.6.1.2.1.2.2.1.2.1 = STRING: "lo"
iso.3.6.1.2.1.2.2.1.2.2 = STRING: "Advanced Micro Devices, Inc. [AMD] 79c970 [PCnet32 LANCE]"
iso.3.6.1.2.1.2.2.1.2.3 = STRING: "Advanced Micro Devices, Inc. [AMD] 79c970 [PCnet32 LANCE]"
iso.3.6.1.2.1.2.2.1.2.4 = STRING: "Advanced Micro Devices, Inc. [AMD] 79c970 [PCnet32 LANCE]"
iso.3.6.1.2.1.2.2.1.2.5 = STRING: "Advanced Micro Devices, Inc. [AMD] 79c970 [PCnet32 LANCE]"
iso.3.6.1.2.1.2.2.1.2.6 = STRING: "Advanced Micro Devices, Inc. [AMD] 79c970 [PCnet32 LANCE]"
iso.3.6.1.2.1.2.2.1.2.7 = STRING: "pimreg"
Am i missing anything here ?
@lextm any inputs on this ?
Ok i figured its trying to do a snmpEngineID discovery but after getting the engineID in the Report message it isn't re-sending the request with the EngineID and the username, is this a bug ?
A few SNMP v3 bugs were only fixed in pysnmp-lextudio
.
Read #429 to learn more.
Let me try it out and see.
I upgraded to pysnmp-lextudio
but still the same problem with that too
Package Version
------------------ --------
asn1crypto 0.24.0
certifi 2023.5.7
charset-normalizer 3.1.0
cryptography 2.1.4
idna 2.6
keyring 10.6.0
keyrings.alt 3.0
pip 23.1.2
ply 3.11
pyasn1 0.4.8
pycrypto 2.6.1
PyGObject 3.26.1
pysmi-lextudio 1.1.13
pysnmp-lextudio 5.0.28
pysnmpcrypto 0.0.4
pyxdg 0.25
requests 2.31.0
SecretStorage 2.3.1
setuptools 39.0.1
six 1.11.0
urllib3 2.0.3
wheel 0.30.0
The issue i'm seeing closely resembles to what was fixed in below commit. However the version i am using both pysnmp
and pysnmp-lextudio
has this fix but still i see the issue
https://github.com/etingof/pysnmp/commit/c5cefab2cee5ae38d093743ef83a08641385b1cc
The commit you referred to is irrelevant here. There are far too many SNMP v3 agent implementations out there, so PySNMP at this moment is only known to be compatible to a few of them.
What exactly is the device you are trying to manage (at IP 192.170.1.2)?
Its a Vyos router
vyos@vyos:~$ show version
Version: VyOS 1.4-rolling-202104241757
Release Train: sagitta
Built by: autobuild@vyos.net
Built on: Sun 25 Apr 2021 01:17 UTC
Build UUID: 70d2ebdf-fcee-4933-a6ec-96f6bbb3bdc6
Build Commit ID: 5fb7304cfba259
Architecture: x86_64
Boot via: installed image
System type: VMware guest
Hardware vendor: VMware, Inc.
Hardware model: VMware Virtual Platform
Hardware S/N: VMware-42 3e d2 67 63 6c 91 43-a5 67 bf e3 8e 50 8b e8
Hardware UUID: 67d23e42-6c63-4391-a567-bfe38e508be8
Copyright: VyOS maintainers and contributors
I tried with a Cisco router with which i'm getting the message Ciphering services not available
I verified with both pycrypto
as well as pycrpyptodome
packages see the same result.
I enabled logging and checked the usmUserPrivProtocol "1.3.6.1.6.3.10.1.2.4
is valid only still not sure why its throwing this exception here.
2023-06-12 07:07:30,525 pysnmp: __generateRequestOrResponseMsg: cloned USM user entry usmUserName "RO_USER" usmUserSecurityName "RO_USER" usmUserAuthProtocol "1.3.6.1.6.3.10.1.1.3" usmUserAuthKeyLocalized "0x35412b0ea25d2475cb77e1ffd1097b01d4531177" usmUserPrivProtocol "1.3.6.1.6.3.10.1.2.4" usmUserPrivKeyLocalized "0x35412b0ea25d2475cb77e1ffd1097b01" for securityEngineID "0x800000090300c014fe91d7b0" and securityName "RO_USER"
2023-06-12 07:07:30,525 pysnmp: __generateRequestOrResponseMsg: no timeline for securityEngineID <OctetString value object, tagSet <TagSet object, tags 0:0:4>, encoding iso-8859-1, payload [0x800000090300c014fe91d7b0]>
2023-06-12 07:07:30,525 pysnmp: __generateRequestOrResponseMsg: use snmpEngineBoots 0 snmpEngineTime 0 for securityEngineID <OctetString value object, tagSet <TagSet object, tags 0:0:4>, encoding iso-8859-1, payload [0x800000090300c014fe91d7b0]>
2023-06-12 07:07:30,525 pysnmp: __generateRequestOrResponseMsg: scopedPDU ScopedPDU:
contextEngineId=0x800000090300c014fe91d7b0
contextName=
data=PDUs:
get-next-request=GetNextRequestPDU:
request-id=3451467
error-status=noError
error-index=0
variable-bindings=VarBindList:
VarBind:
name=1.3.6.1.2.1.2.2.1.2
=_BindValue:
unSpecified=
2023-06-12 07:07:30,526 pysnmp: __generateRequestOrResponseMsg: scopedPDU encoded into
00000: 30 2E 04 0C 80 00 00 09 03 00 C0 14 FE 91 D7 B0
00016: 04 00 A1 1C 02 03 34 AA 4B 02 01 00 02 01 00 30
00032: 0F 30 0D 06 09 2B 06 01 02 01 02 02 01 02 05 00
2023-06-12 07:07:30,526 pysnmp: StatusInformation: {'errorIndication': EncryptionError('Ciphering services not available')}
2023-06-12 07:07:30,526 pysnmp: processResponsePdu: origSendRequestHandle 2623644, _sendPdu() failed with StatusInformation("caused by <class 'pysnmp.proto.error.StatusInformation'>: {'errorIndication': UnknownEngineID('Unknown SNMP engine ID encountered'), 'oid': <ObjectName value object, tagSet <TagSet object, tags 0:0:6>, payload [1.3.6.1.6.3.15.1.1.4.0]>, 'val': <Counter32 value object, tagSet <TagSet object, tags 64:0:1>, subtypeSpec <ConstraintsIntersection object, consts <ValueRangeConstraint object, consts 0, 4294967295>>, payload [24]>, 'sendPduHandle': 2623644}")
Ciphering services not available
ok the issue with cisco router is resolved after including pycrytodomex
instead of pycryptodome
package
I'm getting the following error when running the below mentioned code snippet. Can you suggest what could be wrong ?