creates and maintains SNMPv3 users on a remote entity 




snmpusm [COMMON_OPTIONS] delete USER




The snmpusm utility is an SNMP application that can be used to do simple maintenance on a SNMP agent's User-based Security Module (USM) table. You can create, delete, clone, and change the passphrase of users configured on a running SNMP agent.

The SNMPv3 USM specifications (see RFC2574) dictate that users are created and maintained by adding and modifying rows to the usmUserTable MIB table. To create a new user you simply create the row using snmpset. User's profiles contain private keys that are never transmitted over the wire in clear text (regardless of whether the administration requests are encrypted or not).

The secret key for a user is initially set by cloning another user in the table, so that a new user inherits the cloned user's secret key. A user can only be cloned once, however, after which they must be deleted and re-created to be re-cloned. The authentication and privacy security types are also inherited during this cloning (for example, MD5 vs. SHA1). To change the secret key for a user, you must know the user's old passphrase as well as the new one. The passwd sub-command of the snmpusm command, therefore, requires both the new and the old pass-phrases to be supplied. After cloning from the appropriate template, you should immediately change the new users passphrase.

The Net-SNMP agent must first be initialized so that at least one user is setup in it before you can use this command to clone new ones.


Let's assume for our examples that the following VACM and USM configurations lines were in the snmpd.conf file for a Net-SNMP agent. These lines set up a default user called initial with the authentication passphrase setup_passphrase so that we can perform the initial setup of an agent:

# VACM configuration entries
rwuser initial
# lets add the new user we'll create too:
rwuser wes
# USM configuration entries
createUser initial MD5 setup_passphrase DES

Note: the initial user's setup should be removed after creating a real user that you grant administrative privileges to (like the user wes we'll be creating in this example.

Note: passphrases must be 8 characters minimum in length.

Create a New User

snmpusm -v3 -u initial -n "" -l authNoPriv -a MD5 -A setup_passphrase localhost create wes initial

Creates a new user, here named wes using the user initial to do it. wes is cloned from initial in the process, so he inherits that user's passphrase (setup_passphrase).

Change the User's Passphrase

snmpusm -v 3 -u wes -n "" -l authNoPriv -a MD5 -A setup_passphrase localhost passwd setup_passphrase new_passphrase

After creating the user wes with the same passphrase as the initial user, we need to change his passphrase for him. The above command changes it from setup_passphrase, which was inherited from the initial user, to new_passphrase.

Test the New User

snmpget -v 3 -u wes -n "" -l authNoPriv -a MD5 -A new_passphrase localhost sysUpTime.0

If the above commands were successful, this command should have properly performed an authenticated SNMPv3 GET request to the agent.

Now, go remove the vacm "group" snmpd.conf entry for the initial user and you have a valid user wes that you can use for future transactions instead of initial.


All UNIX systems. Windows 7. Windows Server 2008 R2. Windows 8. Windows Server 2012. Windows 10. Windows Server 2016.


PTC MKS Toolkit for System Administrators
PTC MKS Toolkit for Developers
PTC MKS Toolkit for Interoperability
PTC MKS Toolkit for Professional Developers
PTC MKS Toolkit for Professional Developers 64-Bit Edition
PTC MKS Toolkit for Enterprise Developers
PTC MKS Toolkit for Enterprise Developers 64-Bit Edition


File Formats:

RFC 2574

PTC MKS Toolkit 10.1 Documentation Build 15.