VMware Cloud Community
creativedynamo
Contributor
Contributor
‎05-06-2022 09:44 AM

VCSA 6.7.0.51000 -- unable to: snmp.set --authentication md5

Hello,

I'm in need to utilize md5 for authentication on my VCSA vm.  When I attempt to do it, I get rejected:

Command> snmp.set --authentication MD5

Error in method: Could not recognize the specified protocol. (code
com.vmware.applmgmt.err_snmp_bad_protocol_value)

However, the other two listed options work as expected:

Command> snmp.set --authentication sha1
Command> snmp.set --authentication none

(and trying md5 one more time after those had worked...)
Command> snmp.set --authentication md5

Error in method: Could not recognize the specified protocol. (code
com.vmware.applmgmt.err_snmp_bad_protocol_value)

 

When looking up the documentation (last updated 2019), it (still) shows md5 as a configuration option:

https://docs.vmware.com/en/VMware-vSphere/6.7/com.vmware.vsphere.vcsa.doc/GUID-0FC67CE0-3E2F-4E26-A8...

 

  1. (Optional) Run the snmp.set --authentication command to configure authentication.
    For example, run the following command:
     
    snmp.set --authentication protocol
    Here, protocol must be either none, for no authentication, SHA1, or MD5.

 

Has this option been removed in a previous patch (I wasn't able to find reference to it if so)?  Any suggestions would be appreciated, thanks!

-Chris

ps. I realize neither SHA1 or MD5 is considered secure anymore, but the env I'm working with is using MD5 so there's a need in this particular case.

0 Kudos
4 Replies
ITMike89
Contributor
Contributor
‎06-28-2022 08:44 AM

I'm having a similar issue configuring SNMP on some of my ESXi 7.0 hosts.

When using the command "esxcli system snmp set --authentication MD5" I get the below message:

Invalid data constraint for parameter 'authentication'. Expected a single value from the set [none, SHA1, reset] got 'MD5'

I haven't found anything in any release notes or via google citing that this is something that's been deprecated, in fact, all documentation that I have found has listed MD5 as a valid option.

The hosts having this issue are running ESXi Version 7.0.3 Build 19482537

0 Kudos
BillionthOne
Contributor
Contributor
‎06-28-2022 07:42 PM

*redacted*

0 Kudos
ITMike89
Contributor
Contributor
‎07-12-2022 08:28 AM

Since my comment, I have found that MD5 has been deprecated and although is shown as a viable config for ESXi 7.0 another KB article I found notes this has been changed.

Here's the link to the article: https://kb.vmware.com/s/article/76239

0 Kudos
creativedynamo
Contributor
Contributor
‎07-15-2022 10:43 AM

Thanks ITMike89 for your post and followup with the link.

Unfortunately in my case I'm on 6.7 so that link, while definitely saying "... as MD5 is not supported now.", refers to 7.0 and isn't the same version I'm on.

Hopefully your answer will be useful for others though. 👍

0 Kudos