RE: [Isms] #8: Do we need a mapping between the SSH keyandSNMPengineID?
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
RE: [Isms] #8: Do we need a mapping between the SSH keyandSNMPengineID?
Hi, David,
-----Original Message-----
From: isms-bounces at lists.ietf.org [mailto:isms-bounces at lists.ietf.org] On
Behalf Of David B Harrington
Sent: Wednesday, October 19, 2005 12:52 AM
To: isms at ietf.org
Subject: RE: [Isms] #8: Do we need a mapping between the SSH
keyandSNMPengineID?
Hi Maio,
snmpEngineID should not be dynamically generated; that would defeat the
whole purpose of having an engineID - to uniquely and unambiguously identify
an engine within an administrative domain.
An engine may have multiple addresses, and its addresses may change over
time. But the snmpEngineID provides a consistent managed object to identify
the virtual database of which it is part.
David Harrington
dbharrington at comcast.net
> -----Original Message-----
> From: Miao Fuyou [mailto:miaofy at huawei.com]
> Sent: Monday, October 17, 2005 5:28 AM
> To: 'Kaushik Narayan (kaushik)'; dbharrington at comcast.net;
> isms at ietf.org
> Subject: RE: [Isms] #8: Do we need a mapping between the SSH
> key andSNMPengineID?
>
>
> SSH transport is different from TCP tranport for SNMP. SSHSM
> starts a SNMP
> agent as subsystem of SSH server contrasting to TCP as forked
> child process,
> it means each subsytem is independent to each other. Will
> they share same
> snmpEngineID, just like in UDP or TCP transporting? In other
> word, do all
> subsystems started by a SSH server are same SNMP entity?
>
> If not, I believe snmpEngineID must be allocated dynamicaly
> enough. In such
> case mapping SSH key and snmpEngineID is difficult.
>
> -----Original Message-----
> From: isms-bounces at lists.ietf.org
> [mailto:isms-bounces at lists.ietf.org] On
> Behalf Of Kaushik Narayan (kaushik)
> Sent: Saturday, October 15, 2005 12:10 AM
> To: dbharrington at comcast.net; isms at ietf.org
> Subject: RE: [Isms] #8: Do we need a mapping between the SSH key
> andSNMPengineID?
>
>
>
>
>
> I think we should consider using/mapping the identity of the
> SNMP engine to
> the SNMP engine ID, this will be particularly useful when you
> have multiple
> SNMP engines on the same host (single SSH server). I am not
> quite sure about
> the spoofing issue since that should be taken care by server (agent)
> authentication by the SSH transport protocol.
>
>
> -----Original Message-----
> From: isms-bounces at lists.ietf.org
[mailto:isms-bounces at lists.ietf.org]
> On Behalf Of David B Harrington
> Sent: Thursday, October 13, 2005 2:51 PM
> To: isms at ietf.org
> Subject: [Isms] #8: Do we need a mapping between the SSH key and
> SNMPengineID?
>
> #8: Do we need a mapping between the SSH key (or other SSH engine
> identifier) and SNMP engineID? What happens if an agent
> "spoofs" another
> engineID, and an NMS perfoms a SET of sensitive parameters to
> the agent?
>
>
>
>
>
> David Harrington
> dbharrington at comcast.net
>
>
>
>
> _______________________________________________
> Isms mailing list
> Isms at lists.ietf.org https://www1.ietf.org/mailman/listinfo/isms
>
> _______________________________________________
> Isms mailing list
> Isms at lists.ietf.org https://www1.ietf.org/mailman/listinfo/isms
>
>
_______________________________________________
Isms mailing list
Isms at lists.ietf.org
https://www1.ietf.org/mailman/listinfo/isms
_______________________________________________
Isms mailing list
Isms at lists.ietf.org
https://www1.ietf.org/mailman/listinfo/isms
Note: Messages sent to this list are the opinions of the senders and do not imply endorsement by the IETF.
