Problema para borrar snmp-users en un Nexus

Imagino que alguien, alguna vez … pensó que era una buena idea crear un usuario de snmp-server en un nexus con la contraseña en claro. Claro que, si nadie se ha dado cuenta (y me temo que eso lleva meses ahí), lo mismo tenemos un problema. Cada vez que me pongo a mirar, sale algo. En fin.

El caso es que, lo mas rápido era borrar los usuarios (y crearlos de nuevo), pero resulta que no deja.

1. Removing SNMP Users:
• You can remove an SNMP user by using the no snmp-server user command in global configuration mode.
• However, some users like the admin account cannot be deactivated or removed directly, which is why you see the message:
no snmp-server user admin
admin account cannot be deactivated.
• If the SNMP user was created with a specific engine ID and that engine ID has changed, you may need to reconfigure the SNMP user before removal, as changing the engine ID after user creation can prevent removal.

2. Encrypting SNMP User Passwords:
• When creating or modifying SNMPv3 users, you can specify passwords in either plain text or encrypted (hashed) form.
• Use the snmp-server user command with the encrypted keyword to specify that the password is a message digest (MD5 or SHA) rather than plain text.
• Example to create a user with an encrypted password:
snmp-server user abcd public v3 encrypted auth md5 priv aes 128 • If you have a user with a plain text password, you can reconfigure the user with an encrypted password to avoid storing it in plain text.
• Passwords must meet minimum length requirements (recommended at least 8 characters) and can be specified as plain text or as a localized digest.

3. Additional Notes:
• The show running-config command may not display SNMP users configured with authentication and privacy (authPriv) modes, but you can view active SNMPv3 users with show snmp user.
• If you forget an SNMP user password, it cannot be recovered; you must reconfigure the user.
• For the admin user, since it cannot be removed, consider changing its password to a strong encrypted password instead of removing it.

Vamos que, lo mas rapido es volver a crearlo con una contraseña mas robusta (y crifrada)

snmp-server user admin network-admin auth md5 xxxxxx priv yyyyyy

https://edifice.io/es/noticias/crear-una-contrasena-segura-dos-infografias-para-sus-alumnos/

Se me olvidaba … todo esto en un Nexus (cisco Nexus9000 C9332C)

Deja un comentario

Este sitio usa Akismet para reducir el spam. Aprende cómo se procesan los datos de tus comentarios.