tessl/pypi-pysnmp
A comprehensive Python SNMP library supporting v1/v2c/v3 with authentication and privacy protocols
84
0.94x
authentication.mddocs/
Authentication and Security
PySNMP provides comprehensive authentication and security features supporting SNMP v1/v2c community-based authentication and SNMPv3 User-based Security Model (USM) with multiple authentication and privacy protocols.
Capabilities
Community-Based Authentication (SNMP v1/v2c)
Simple community string authentication for SNMP v1 and v2c protocols.
class CommunityData:
def __init__(
self,
communityIndex: str,
communityName: str | None = None,
mpModel: int | None = None,
contextEngineId: bytes | None = None,
contextName: bytes | None = None,
tag: str | None = None,
securityName: str | None = None
):
"""
Create SNMP v1/v2c community data configuration.
Parameters:
- communityIndex: Unique community index or community name if single parameter
- communityName: SNMP community string (defaults to communityIndex)
- mpModel: SNMP version (0 for v1, 1 for v2c, defaults to v2c)
- contextEngineId: SNMP context engine identifier
- contextName: SNMP context name
- tag: Transport tag for endpoint selection
- securityName: Security name (defaults to communityIndex)
"""
def clone(self, **kwargs) -> CommunityData:
"""
Create a copy with modified parameters.
Parameters:
- kwargs: Parameters to modify
Returns:
Modified CommunityData instance
"""Usage Examples:
from pysnmp.hlapi.v3arch.asyncio import CommunityData
# Simple community string (defaults to SNMPv2c)
community = CommunityData('public')
# SNMPv1 community
community_v1 = CommunityData('public', mpModel=0)
# SNMPv2c with explicit parameters
community_v2c = CommunityData('monitoring',
communityName='community123',
mpModel=1)
# Copy with modifications
private_community = community.clone(communityName='private')User-Based Security Model (SNMPv3)
Advanced authentication and privacy capabilities for SNMPv3 with multiple cryptographic protocols.
class UsmUserData:
def __init__(
self,
userName: str,
authKey: str | bytes | None = None,
privKey: str | bytes | None = None,
authProtocol: int | None = None,
privProtocol: int | None = None,
securityEngineId: bytes | None = None,
securityName: str | None = None,
authKeyType: int = USM_KEY_TYPE_PASSPHRASE,
privKeyType: int = USM_KEY_TYPE_PASSPHRASE
):
"""
Create SNMPv3 User-based Security Model configuration.
Parameters:
- userName: USM user name
- authKey: Authentication key/passphrase
- privKey: Privacy key/passphrase
- authProtocol: Authentication protocol identifier
- privProtocol: Privacy protocol identifier
- securityEngineId: Authoritative SNMP engine ID
- securityName: Security name (defaults to userName)
- authKeyType: Authentication key material type
- privKeyType: Privacy key material type
"""
def clone(self, **kwargs) -> UsmUserData:
"""
Create a copy with modified parameters.
Parameters:
- kwargs: Parameters to modify
Returns:
Modified UsmUserData instance
"""Usage Examples:
from pysnmp.hlapi.v3arch.asyncio import (
UsmUserData, USM_AUTH_HMAC96_SHA, USM_PRIV_CFB128_AES
)
# No authentication or privacy (not recommended)
user_noauth = UsmUserData('testuser')
# Authentication only
user_auth = UsmUserData('testuser',
authKey='myauthpassword',
authProtocol=USM_AUTH_HMAC96_SHA)
# Authentication and privacy
user_authpriv = UsmUserData('testuser',
authKey='myauthpassword',
privKey='myprivpassword',
authProtocol=USM_AUTH_HMAC96_SHA,
privProtocol=USM_PRIV_CFB128_AES)
# Using master keys instead of passphrases
user_master = UsmUserData('testuser',
authKey=b'\\x12\\x34\\x56\\x78',
authProtocol=USM_AUTH_HMAC96_SHA,
authKeyType=USM_KEY_TYPE_MASTER)Authentication Protocols
Authentication Protocol Constants
USM_AUTH_NONE: int
"""No Authentication Protocol"""
USM_AUTH_HMAC96_MD5: int
"""HMAC-MD5-96 Digest Authentication Protocol (RFC 3414)"""
USM_AUTH_HMAC96_SHA: int
"""HMAC-SHA-96 Digest Authentication Protocol / SHA-1 (RFC 3414)"""
USM_AUTH_HMAC128_SHA224: int
"""HMAC-SHA-2 SHA-224 Digest Authentication Protocol (RFC 7860)"""
USM_AUTH_HMAC192_SHA256: int
"""HMAC-SHA-2 SHA-256 Digest Authentication Protocol (RFC 7860)"""
USM_AUTH_HMAC256_SHA384: int
"""HMAC-SHA-2 SHA-384 Digest Authentication Protocol (RFC 7860)"""
USM_AUTH_HMAC384_SHA512: int
"""HMAC-SHA-2 SHA-512 Digest Authentication Protocol (RFC 7860)"""Backward-Compatible Authentication Constants
For compatibility with older code, legacy protocol identifiers are available:
usmNoAuthProtocol: int
usmHMACMD5AuthProtocol: int
usmHMACSHAAuthProtocol: int
usmHMAC128SHA224AuthProtocol: int
usmHMAC192SHA256AuthProtocol: int
usmHMAC256SHA384AuthProtocol: int
usmHMAC384SHA512AuthProtocol: intNote: These constants are deprecated. Use the USM_AUTH_* variants instead.
Privacy Protocols
Privacy Protocol Constants
USM_PRIV_NONE: int
"""No Privacy Protocol"""
USM_PRIV_CBC56_DES: int
"""CBC-DES Symmetric Encryption Protocol (RFC 3414)"""
USM_PRIV_CBC168_3DES: int
"""3DES-EDE Symmetric Encryption Protocol (draft-reeder-snmpv3-usm-3desede-00)"""
USM_PRIV_CFB128_AES: int
"""CFB128-AES-128 Symmetric Encryption Protocol (RFC 3826)"""
USM_PRIV_CFB192_AES: int
"""CFB128-AES-192 Symmetric Encryption Protocol with Reeder key localization (AES-192-Cisco)"""
USM_PRIV_CFB256_AES: int
"""CFB128-AES-256 Symmetric Encryption Protocol with Reeder key localization (AES-256-Cisco)"""
USM_PRIV_CFB192_AES_BLUMENTHAL: int
"""CFB128-AES-192 Symmetric Encryption Protocol (draft-blumenthal-aes-usm-04)"""
USM_PRIV_CFB256_AES_BLUMENTHAL: int
"""CFB128-AES-256 Symmetric Encryption Protocol (draft-blumenthal-aes-usm-04)"""Backward-Compatible Privacy Constants
For compatibility with older code, legacy protocol identifiers are available:
usmNoPrivProtocol: int
usmDESPrivProtocol: int
usm3DESEDEPrivProtocol: int
usmAesCfb128Protocol: int
usmAesCfb192Protocol: int
usmAesCfb256Protocol: int
usmAesBlumenthalCfb192Protocol: int
usmAesBlumenthalCfb256Protocol: intNote: These constants are deprecated. Use the USM_PRIV_* variants instead.
Key Material Types
Key Type Constants
USM_KEY_TYPE_PASSPHRASE: int
"""USM key material type - plain-text pass phrase (RFC 3414)"""
USM_KEY_TYPE_MASTER: int
"""USM key material type - hashed pass-phrase AKA master key (RFC 3414)"""
USM_KEY_TYPE_LOCALIZED: int
"""USM key material type - localized key (hashed with Context SNMP Engine ID) (RFC 3414)"""Backward-Compatible Key Type Constants
usmKeyTypePassphrase: int
usmKeyTypeMaster: int
usmKeyTypeLocalized: intNote: These constants are deprecated. Use the USM_KEY_TYPE_* variants instead.
Security Configuration Examples
SNMPv3 Security Levels
from pysnmp.hlapi.v3arch.asyncio import *
# No authentication, no privacy (noAuthNoPriv)
user_none = UsmUserData('testuser')
# Authentication only (authNoPriv)
user_auth = UsmUserData('testuser',
authKey='mypassword',
authProtocol=USM_AUTH_HMAC96_SHA)
# Authentication and privacy (authPriv)
user_full = UsmUserData('testuser',
authKey='myauthpassword',
privKey='myprivpassword',
authProtocol=USM_AUTH_HMAC96_SHA,
privProtocol=USM_PRIV_CFB128_AES)Different Authentication Algorithms
from pysnmp.hlapi.v3arch.asyncio import *
# MD5 authentication (less secure, avoid if possible)
user_md5 = UsmUserData('user1',
authKey='password123',
authProtocol=USM_AUTH_HMAC96_MD5)
# SHA-1 authentication
user_sha1 = UsmUserData('user2',
authKey='password123',
authProtocol=USM_AUTH_HMAC96_SHA)
# SHA-256 authentication (recommended)
user_sha256 = UsmUserData('user3',
authKey='password123',
authProtocol=USM_AUTH_HMAC192_SHA256)
# SHA-512 authentication (highest security)
user_sha512 = UsmUserData('user4',
authKey='password123',
authProtocol=USM_AUTH_HMAC384_SHA512)Different Privacy Algorithms
from pysnmp.hlapi.v3arch.asyncio import *
# DES encryption (legacy, avoid if possible)
user_des = UsmUserData('user1',
authKey='authpass',
privKey='privpass',
authProtocol=USM_AUTH_HMAC96_SHA,
privProtocol=USM_PRIV_CBC56_DES)
# 3DES encryption
user_3des = UsmUserData('user2',
authKey='authpass',
privKey='privpass',
authProtocol=USM_AUTH_HMAC96_SHA,
privProtocol=USM_PRIV_CBC168_3DES)
# AES-128 encryption (recommended)
user_aes128 = UsmUserData('user3',
authKey='authpass',
privKey='privpass',
authProtocol=USM_AUTH_HMAC96_SHA,
privProtocol=USM_PRIV_CFB128_AES)
# AES-256 encryption (highest security)
user_aes256 = UsmUserData('user4',
authKey='authpass',
privKey='privpass',
authProtocol=USM_AUTH_HMAC192_SHA256,
privProtocol=USM_PRIV_CFB256_AES)Using Pre-computed Keys
For performance or security reasons, you may want to use pre-computed master or localized keys:
from pysnmp.hlapi.v3arch.asyncio import *
# Using master key (pre-hashed passphrase)
user_master = UsmUserData('testuser',
authKey=bytes.fromhex('0123456789abcdef0123456789abcdef'),
authProtocol=USM_AUTH_HMAC96_MD5,
authKeyType=USM_KEY_TYPE_MASTER)
# Using localized key (master key localized to engine ID)
user_localized = UsmUserData('testuser',
authKey=bytes.fromhex('fedcba9876543210fedcba9876543210'),
authProtocol=USM_AUTH_HMAC96_MD5,
authKeyType=USM_KEY_TYPE_LOCALIZED,
securityEngineId=bytes.fromhex('80001f8880e9630000d61ff449'))Complete Authentication Examples
SNMPv2c with Community
import asyncio
from pysnmp.hlapi.v3arch.asyncio import *
async def snmpv2c_example():
errorIndication, errorStatus, errorIndex, varBinds = await get_cmd(
SnmpEngine(),
CommunityData('public'), # Community string
await UdpTransportTarget.create(('demo.pysnmp.com', 161)),
ContextData(),
ObjectType(ObjectIdentity('1.3.6.1.2.1.1.1.0')) # sysDescr
)
if not errorIndication and not errorStatus:
for varBind in varBinds:
print(f"{varBind[0]} = {varBind[1]}")
asyncio.run(snmpv2c_example())SNMPv3 with Authentication and Privacy
import asyncio
from pysnmp.hlapi.v3arch.asyncio import *
async def snmpv3_authpriv_example():
errorIndication, errorStatus, errorIndex, varBinds = await get_cmd(
SnmpEngine(),
UsmUserData('testuser',
authKey='myauthpassphrase',
privKey='myprivacypassphrase',
authProtocol=USM_AUTH_HMAC192_SHA256,
privProtocol=USM_PRIV_CFB128_AES),
await UdpTransportTarget.create(('demo.pysnmp.com', 161)),
ContextData(),
ObjectType(ObjectIdentity('1.3.6.1.2.1.1.1.0')) # sysDescr
)
if not errorIndication and not errorStatus:
for varBind in varBinds:
print(f"{varBind[0]} = {varBind[1]}")
asyncio.run(snmpv3_authpriv_example())Install with Tessl CLI
npx tessl i tessl/pypi-pysnmpevals
scenario-1
scenario-2
scenario-3
scenario-4
scenario-5
scenario-6
scenario-7
scenario-8
scenario-9
scenario-10