Page MenuHomeVyOS Platform
Create Task
Maniphest T818

SNMP v3 - remove required engineid from user node
Closed, ResolvedPublicFEATURE REQUEST
Actions

Description

Currently it is required to configure an engine ID used to hash the auth/privacy key.

This mechanism only works when it is repeatedly hased with the global system engineid, which makes the user engineid redundant.

We should have a confg migration script which deletes the users engineid from the running config.

Details

Difficulty level
Normal (likely a few hours)
Version
1.2.3
Why the issue appeared?
Will be filled on close
Is it a breaking change?
Config syntax change (migratable)
Issue type
Feature/functionality removal

Related Objects
Search...

Event Timeline

c-po claimed this task.Sep 1 2018, 12:59 PM
c-po created this task.
c-po updated the task description. (Show Details)
c-po added a parent task: T652: Rewrite service snmp in new style XML interface definition.
c-po removed a subscriber: c-po.
c-po added subscribers: begetan, Line2.Sep 1 2018, 1:02 PM

@Line2 @begetan I added both of you as you seem to use SNMP (probably with v3). What's your opinion on this?

syncer triaged this task as Normal priority.Sep 1 2018, 2:24 PM
syncer edited projects, added VyOS 1.2 Crux (VyOS 1.2.0-rc4); removed VyOS 1.2 Crux.Oct 13 2018, 10:09 AM
syncer edited projects, added VyOS 1.2 Crux (VyOS 1.2.0-rc5); removed VyOS 1.2 Crux (VyOS 1.2.0-rc4).Oct 24 2018, 4:39 PM
syncer edited projects, added VyOS 1.2 Crux (VyOS 1.2.0-rc6); removed VyOS 1.2 Crux (VyOS 1.2.0-rc5).Oct 29 2018, 6:16 PM
pasik added a subscriber: pasik.Nov 4 2018, 11:22 AM
syncer edited projects, added VyOS 1.2 Crux (VyOS 1.2.0-rc7); removed VyOS 1.2 Crux (VyOS 1.2.0-rc6).Nov 6 2018, 12:57 AM
syncer edited projects, added VyOS 1.2 Crux (VyOS 1.2.0-rc8); removed VyOS 1.2 Crux (VyOS 1.2.0-rc7).Nov 13 2018, 3:48 AM
syncer edited projects, added VyOS 1.2 Crux (VyOS 1.2.0-rc9); removed VyOS 1.2 Crux (VyOS 1.2.0-rc8).Nov 20 2018, 12:44 PM
Line2 added a comment.Nov 24 2018, 7:13 PM

I would remove the user engineid. I can't see any useful benefit.

begetan added a comment.Nov 24 2018, 10:22 PM

If engineid in user node only provides hashing for auth key I would remove it too.
Since we usually not assign engine id automatically it is created for every new hardware installation automatically, so hash of auth key became not transferable. In this case we have to keep plain text password for snmpv3 in our config store, because of automation of provisioning. But I would to keep hash instead of plain text credential.

It is important for engineid to be unique.

syncer edited projects, added VyOS 1.2 Crux (VyOS 1.2.0-rc10); removed VyOS 1.2 Crux (VyOS 1.2.0-rc9).Nov 27 2018, 12:03 AM
syncer edited projects, added VyOS 1.2 Crux ( VyOS 1.2.0-rc11); removed VyOS 1.2 Crux (VyOS 1.2.0-rc10).Dec 5 2018, 11:58 PM
syncer edited projects, added VyOS 1.2 Crux ( VyOS 1.2.0-EPA); removed VyOS 1.2 Crux ( VyOS 1.2.0-rc11).Dec 21 2018, 10:07 AM
syncer edited projects, added VyOS 1.2 Crux (VyOS 1.2.0-EPA2); removed VyOS 1.2 Crux ( VyOS 1.2.0-EPA).Jan 1 2019, 6:10 PM
syncer edited projects, added VyOS 1.2 Crux (VyOS 1.2.0-EPA3); removed VyOS 1.2 Crux (VyOS 1.2.0-EPA2).Jan 3 2019, 1:54 PM
syncer lowered the priority of this task from Normal to Low.Feb 8 2019, 12:12 AM
syncer edited projects, added VyOS 1.2 Crux (VyOS 1.2.1); removed VyOS 1.2 Crux (VyOS 1.2.0-EPA3).
syncer added a subscriber: syncer.

@c-po you can proceed with the removal

c-po added a comment.Feb 8 2019, 6:14 AM

Yes

syncer edited projects, added VyOS 1.2 Crux (VyOS 1.2.2); removed VyOS 1.2 Crux (VyOS 1.2.1).Apr 17 2019, 7:30 PM
syncer added a project: VyOS 1.3 Equuleus.Apr 17 2019, 8:59 PM
dmbaturin edited projects, added VyOS 1.2 Crux (VyOS 1.2.3); removed VyOS 1.2 Crux (VyOS 1.2.2).Jul 10 2019, 6:12 PM
syncer edited projects, added VyOS 1.2 Crux (VyOS 1.2.4); removed VyOS 1.2 Crux (VyOS 1.2.3).Aug 31 2019, 8:28 PM
c-po added a parent task: T1738: Copy SNMP configuration from node to node raises exception.Oct 16 2019, 10:04 AM
c-po changed the task status from Open to In progress.Oct 22 2019, 1:21 PM
c-po raised the priority of this task from Low to Normal.
c-po changed Difficulty level from Unknown (require assessment) to Normal (likely a few hours).
c-po changed Version from - to 1.2.3.
c-po set Is it a breaking change? to Unspecified (possibly destroys the router).
c-po changed the status of subtask T1769: Remove complex SNMPv3 Transport Security Model (TSM) from Open to Needs testing.Oct 24 2019, 10:33 PM
c-po changed the task status from In progress to Backport pending.Oct 27 2019, 3:08 AM
c-po moved this task from Need Triage to Finished on the VyOS 1.3 Equuleus board.
c-po changed the status of subtask T1769: Remove complex SNMPv3 Transport Security Model (TSM) from Needs testing to Backport pending.Oct 27 2019, 3:45 AM
c-po closed subtask T1769: Remove complex SNMPv3 Transport Security Model (TSM) as Resolved.Oct 28 2019, 4:35 AM
c-po closed this task as Resolved.Oct 28 2019, 4:38 AM
c-po moved this task from Needs Triage to Finished on the VyOS 1.2 Crux (VyOS 1.2.4) board.
c-po mentioned this in T1819: Reboot kills SNMPv3 configuration.Nov 22 2019, 9:51 AM
dmbaturin changed Is it a breaking change? from Unspecified (possibly destroys the router) to Config syntax change (migratable).Sep 3 2021, 12:27 PM
dmbaturin set Issue type to Feature/functionality removal.
dmbaturin removed a project: VyOS 1.3 Equuleus.Sep 10 2021, 6:17 AM