RE: [Isms] #8: Do we need a mapping between the SSH key andSNMPengineID?

To: "'Kaushik Narayan (kaushik)'" <kaushik at cisco.com>, dbharrington at comcast.net, isms at ietf.org
Subject: RE: [Isms] #8: Do we need a mapping between the SSH key andSNMPengineID?
From: Miao Fuyou <miaofy at huawei.com>
Date: Mon, 17 Oct 2005 17:28:02 +0800
Cc:
Importance: Normal
In-reply-to: <618694EF0B657246A4D55A97E38274C3B99980@xmb-sjc-22d.amer.cisco.com>
List-archive: <http://www1.ietf.org/pipermail/isms>
List-help: <mailto:isms-request@lists.ietf.org?subject=help>
List-id: Mailing list for the ISMS working group <isms.lists.ietf.org>
List-post: <mailto:isms@lists.ietf.org>
List-subscribe: <https://www1.ietf.org/mailman/listinfo/isms>, <mailto:isms-request@lists.ietf.org?subject=subscribe>
List-unsubscribe: <https://www1.ietf.org/mailman/listinfo/isms>, <mailto:isms-request@lists.ietf.org?subject=unsubscribe>
Sender: isms-bounces at lists.ietf.org

SSH transport is different from TCP tranport for SNMP. SSHSM starts a SNMP
agent as subsystem of SSH server contrasting to TCP as forked child process,
it means each subsytem is independent to each other. Will they share same
snmpEngineID, just like in UDP or TCP transporting? In other word, do all
subsystems started by a SSH server are same SNMP entity? 

If not, I believe snmpEngineID must be allocated dynamicaly enough. In such
case mapping SSH key and snmpEngineID is difficult.

-----Original Message-----
From: isms-bounces at lists.ietf.org [mailto:isms-bounces at lists.ietf.org] On
Behalf Of Kaushik Narayan (kaushik)
Sent: Saturday, October 15, 2005 12:10 AM
To: dbharrington at comcast.net; isms at ietf.org
Subject: RE: [Isms] #8: Do we need a mapping between the SSH key
andSNMPengineID?


 


I think we should consider using/mapping the identity of the SNMP engine to

the SNMP engine ID, this will be particularly useful when you have multiple
SNMP engines on the same host (single SSH server). I am not quite sure about
the spoofing issue since that should be taken care by server (agent)
authentication by the SSH transport protocol.


-----Original Message-----
From: isms-bounces at lists.ietf.org [mailto:isms-bounces at lists.ietf.org]
On Behalf Of David B Harrington
Sent: Thursday, October 13, 2005 2:51 PM
To: isms at ietf.org
Subject: [Isms] #8: Do we need a mapping between the SSH key and
SNMPengineID?

#8: Do we need a mapping between the SSH key (or other SSH engine
identifier) and SNMP engineID? What happens if an agent "spoofs" another
engineID, and an NMS perfoms a SET of sensitive parameters to the agent? 





David Harrington
dbharrington at comcast.net




_______________________________________________
Isms mailing list
Isms at lists.ietf.org
https://www1.ietf.org/mailman/listinfo/isms

_______________________________________________
Isms mailing list
Isms at lists.ietf.org
https://www1.ietf.org/mailman/listinfo/isms


_______________________________________________
Isms mailing list
Isms at lists.ietf.org
https://www1.ietf.org/mailman/listinfo/isms

Follow-Ups:
- RE: [Isms] #8: Do we need a mapping between the SSH key andSNMPengineID?
  - From: David B Harrington

References:
- RE: [Isms] #8: Do we need a mapping between the SSH key and SNMPengineID?
  - From: Kaushik Narayan \(kaushik\)

Prev by Date: RE: [Isms] #8: Do we need a mapping between the SSH key and SNMPengineID?
Next by Date: Re: [Isms] #31: Is maxSizeResponseScopedPDU relevant?
Previous by thread: RE: [Isms] #8: Do we need a mapping between the SSH key and SNMPengineID?
Next by thread: RE: [Isms] #8: Do we need a mapping between the SSH key andSNMPengineID?
Index(es):
- Date
- Thread

RE: [Isms] #8: Do we need a mapping between the SSH key andSNMPengineID?

Note: Messages sent to this list are the opinions of the senders and do not imply endorsement by the IETF.