How to generate Hash passwords for SNMPv3 authentication and privacy settings on NOKIA SROS?

Question

NOKIA SROS does not provide an in-built way to generate hash during configuration of SNMPv3 authentication and privacy. It does not accept plain-texts. It does not provide a way to generate a way itself.

*A:OCEAN-12R5>config>system>security>user>snmp# authentication md5 SamplePassword@123 privacy des-key SamplePassword@123
MINOR: CLI MD5 authentication key must be a 32 hex-character string.
*A:OCEAN-12R5>config>system>security>user>snmp#

As it can be seen that, SROS does not accept plain-text passwords. (In this case, "SamplePassword@123").

Answer 1

Hash generation on Nokia SROS is based on algorithm mentioned in RFC 3414. (Section A2 - Password To Key). Link for RFC 3414: https://datatracker.ietf.org/doc/html/rfc3414

Though there is no in-built support SROS itself to generate these hash passwords, there are external libraries to do the same in various languages which are based on the algorithm mentioned in RFC 3414.

You can refer to python library https://pypi.org/project/SNMPv3-Hash-Generator/ to generate the hash password for your SROS.

Once above library is installed, it expects few arguments. Refer to help section of the tool. I am mentioning the same for reference.

linux-virtualbox:~$ snmpv3-hashgen -h
usage: snmpv3-hashgen [-h] [--auth AUTH] [--priv PRIV] [--engine ENGINE] [--user USER] [--mode {auth,priv,none}] [--hash {md5,sha1,sha224,sha256,sha384,sha512}] [--json | --yaml | --toml]

Convert an SNMPv3 auth or priv passphrase to hashes.

optional arguments:
  -h, --help            show this help message and exit
  --auth AUTH           Authentication passphrase to be derived as utf8 string
  --priv PRIV           Privacy passphrase to be derived as utf8 string
  --engine ENGINE       Engine ID as hex string
  --user USER           SNMPv3 USM username (default "librenms")
  --mode {auth,priv,none}
                        SNMPv3 mode (default "priv")
  --hash {md5,sha1,sha224,sha256,sha384,sha512}
                        Hash algorithm to use (default "sha1")
  --json                Emit output as json
  --yaml                Emit output as yaml
  --toml                Emit output as toml