snmpusm - creates and maintains SNMPv3 users on a network entity


   snmpusm [COMMON OPTIONS] AGENT delete USER
   snmpusm  [COMMON  OPTIONS] [-Ca] [-Cx] AGENT passwd OLD-PASSPHRASE NEW-
   snmpusm [COMMON OPTIONS] <-Ca  |  -Cx>  -Ck  AGENT  passwd  OLD-KEY-OR-
   snmpusm [COMMON OPTIONS] [-Ca] [-Cx] AGENT changekey [USER]


   snmpusm  is  an  SNMP  application  that  can  be  used  to  do  simple
   maintenance on the users known to an SNMP agent,  by  manipulating  the
   agent's  User-based  Security Module (USM) table.  The user needs write
   access to the usmUserTable MIB table.  This tool can be used to create,
   delete,  clone,  and  change  the  passphrase  of users configured on a
   running SNMP agent.


   Common options for all snmpusm commands:

          Set usmUserEngineID to be used as  part  of  the  index  of  the
          usmUserTable.  Default is to use the contextEngineID (set via -E
          or probed) as the usmUserEngineID.

          Set the usmUserPublic value of the (new) user to  the  specified

   Options for the passwd and changekey commands:

   -Ca    Change the authentication key.

   -Cx    Change the privacy key.

   -Ck    Allows  one to use localized key (must start with 0x) instead of
          passphrase.  When this option is used, either  the  -Ca  or  -Cx
          option (but not both) must also be used.


   An unauthenticated SNMPv3 user can be created using the command

          snmpusm [COMMON OPTIONS] AGENT create USER

   This  constructs  an  (inactive)  entry  in  the  usmUserTable, with no
   authentication or privacy settings.  In principle, this user should  be
   useable for 'noAuthNoPriv' requests, but in practise the Net-SNMP agent
   will not allow such an entry to  be  made  active.   The  user  can  be
   created  via the createAndWait operation instead by using the -Ca flag.
   This will prevent the user from being marked as  active  in  any  agent
   until explicitly activated later via the activate command.

   In order to activate this entry, it is necessary to "clone" an existing
   user, using the command


   The USER entry  then  inherits  the  same  authentication  and  privacy
   settings (including pass phrases) as the CLONEFROM user.

   These two steps can be combined into one, by using the command


   The  two  forms  of  the create sub-command require that the user being
   created does not already exist.   The  cloneFrom  sub-command  requires
   that the user being cloned to does already exist.

   Cloning  is  the  only  way to specify which authentication and privacy
   protocols to use for a given user, and it is only possible to  do  this
   once.  Subsequent attempts to reclone onto the same user will appear to
   succeed, but will be  silently  ignored.   This  (somewhat  unexpected)
   behaviour  is mandated by the SNMPv3 USM specifications (RFC 3414).  To
   change the authentication and privacy settings for a given user, it  is
   necessary to delete and recreate the user entry.  This is not necessary
   for simply changing the pass phrases (see below).  This means that  the
   agent  must  be initialized with at least one user for each combination
   of authentication and privacy protocols.  See the snmpd.conf(5)  manual
   page for details of the createUser configuration directive.


   A user can be deleted from the usmUserTable using the command

          snmpusm [COMMON OPTIONS] AGENT delete USER


   User  profiles contain private keys that are never transmitted over the
   wire in clear text (regardless of whether the  administration  requests
   are  encrypted  or  not).   To  change the secret key for a user, it is
   necessary to specify the user's old passphrase as well as the new  one.
   This uses the command

          snmpusm [COMMON OPTIONS] [-Ca] [-Cx] AGENT passwd OLD-PASSPHRASE

   After cloning a new user  entry  from  the  appropriate  template,  you
   should immediately change the new user's passphrase.

   If  USER  is  not specified, this command will change the passphrase of
   the (SNMPv3) user issuing the command.  If the -Ca or -Cx  options  are
   specified,  then  only  the authentication or privacy keys are changed.
   If these options are not specified, then both  the  authentication  and
   privacy keys are changed.

          snmpusm [COMMON OPTIONS] [-Ca] [-Cx] AGENT changekey [USER]

   This command changes the key in a perfect-forward-secrecy compliant way
   through a diffie-helman exchange.  The remote agent  must  support  the
   SNMP-USM-DH-OBJECTS-MIB  for  this command to work.  The resulting keys
   are printed to the console and  may  be  then  set  in  future  command
   invocations  using  the --defAuthLocalizedKey and --defPrivLocalizedKey
   options or in your snmp.conf file  using  the  defAuthLocalizedKey  and
   defPrivLocalizedKey keywords.

   Note  that  since  these  keys are randomly generated based on a diffie
   helman exchange, they are no longer derived from a  more  easily  typed
   password.  They are, however, much more secure.

   To  change  from  a  localized  key  back  to a password, the following
   variant of the passwd sub-command is used:

          snmpusm [COMMON OPTIONS] <-Ca | -Cx> -Ck AGENT  passwd  OLD-KEY-

   Either  the  -Ca  or the -Cx option must be specified.  The OLD-KEY-OR-
   PASSPHRASE and/or  NEW-KEY-OR-PASSPHRASE  arguments  can  either  be  a
   passphrase  or  a localized key starting with "0x", e.g. as printed out
   by the changekey sub-command.

   Note that snmpusm REQUIRES  an argument specifying the agent  to  query
   as described in the .I snmpcmd(1) manual page.


   Let's  assume  for  our  examples  that  the  following  VACM  and  USM
   configurations lines were in the snmpd.conf file for a Net-SNMP  agent.
   These   lines   set  up  a  default  user  called  "initial"  with  the
   authentication passphrase "setup_passphrase" so that we can perform the
   initial setup of an agent:

          # VACM configuration entries
          rwuser initial
          # lets add the new user we'll create too:
          rwuser wes
          # USM configuration entries
          createUser initial MD5 setup_passphrase DES

   Note:  the  "initial"  user's  setup should be removed after creating a
   real user that you grant administrative privileges to  (like  the  user
   "wes" we'll be creating in this example.

   Note: passphrases must be 8 characters minimum in length.

   Create a new user
   snmpusm  -v3  -u initial -n "" -l authNoPriv -a MD5 -A setup_passphrase
   localhost create wes initial

          Creates a new user, here named "wes" using the user "initial" to
          do  it.   "wes"  is  cloned from "initial" in the process, so he
          inherits that user's passphrase ("setup_passphrase").

   Change the user's passphrase
   snmpusm -v 3 -u wes -n "" -l  authNoPriv  -a  MD5  -A  setup_passphrase
   localhost passwd setup_passphrase new_passphrase

          After  creating  the  user "wes" with the same passphrase as the
          "initial" user, we need to change his passphrase for  him.   The
          above  command  changes  it  from  "setup_passphrase", which was
          inherited from the initial user, to "new_passphrase".

   Test the new user
   snmpget -v 3 -u wes -n  ""  -l  authNoPriv  -a  MD5  -A  new_passphrase
   localhost sysUpTime.0

          If  the above commands were successful, this command should have
          properly performed an authenticated SNMPv3 GET  request  to  the

   Now, go remove the vacm "group" snmpd.conf entry for the "initial" user
   and  you  have  a  valid  user  'wes'  that  you  can  use  for  future
   transactions instead of initial.


   Manipulating the usmUserTable using this command can only be done using
   SNMPv3.  This command will not work with the community-based  versions,
   even if they have write access to the table.


   snmpd.conf(5), snmp.conf(5), RFC 3414


Personal Opportunity - Free software gives you access to billions of dollars of software at no cost. Use this software for your business, personal use or to develop a profitable skill. Access to source code provides access to a level of capabilities/information that companies protect though copyrights. Open source is a core component of the Internet and it is available to you. Leverage the billions of dollars in resources and capabilities to build a career, establish a business or change the world. The potential is endless for those who understand the opportunity.

Business Opportunity - Goldman Sachs, IBM and countless large corporations are leveraging open source to reduce costs, develop products and increase their bottom lines. Learn what these companies know about open source and how open source can give you the advantage.

Free Software

Free Software provides computer programs and capabilities at no cost but more importantly, it provides the freedom to run, edit, contribute to, and share the software. The importance of free software is a matter of access, not price. Software at no cost is a benefit but ownership rights to the software and source code is far more significant.

Free Office Software - The Libre Office suite provides top desktop productivity tools for free. This includes, a word processor, spreadsheet, presentation engine, drawing and flowcharting, database and math applications. Libre Office is available for Linux or Windows.

Free Books

The Free Books Library is a collection of thousands of the most popular public domain books in an online readable format. The collection includes great classical literature and more recent works where the U.S. copyright has expired. These books are yours to read and use without restrictions.

Source Code - Want to change a program or know how it works? Open Source provides the source code for its programs so that anyone can use, modify or learn how to write those programs themselves. Visit the GNU source code repositories to download the source.


Study at Harvard, Stanford or MIT - Open edX provides free online courses from Harvard, MIT, Columbia, UC Berkeley and other top Universities. Hundreds of courses for almost all major subjects and course levels. Open edx also offers some paid courses and selected certifications.

Linux Manual Pages - A man or manual page is a form of software documentation found on Linux/Unix operating systems. Topics covered include computer programs (including library and system calls), formal standards and conventions, and even abstract concepts.