PSK in Zabbix

Generate a key:

# openssl rand -hex 32
460354364052d7492a7f212ab9802cdf7d01234011df4f70f9aaeb5f70487203

Configuring PSK for server-agent communication
On the hos, edit the zabbix agent file

nano /etc/zabbix/zabbix_agentd.conf

Add:

####### TLS-RELATED PARAMETERS #######
TLSConnect=psk
TLSAccept=psk
TLSPSKIdentity=PSK 001
TLSPSKFile=/etc/zabbix/zabbix.psk

Create the /etc/zabbix/zabbix.psk file:

echo 460354364052d7492a7f212ab9802cdf7d01234011df4f70f9aaeb5f70487203 > /etc/zabbix/zabbix.psk

Restart the agent.

systemctl restart  zabbix-agent.service

Now you can test the connection using zabbix_get, for example:

$ zabbix_get -s 127.0.0.1 -k "system.cpu.load[all,avg1]" --tls-connect=psk \
            --tls-psk-identity="PSK 001" --tls-psk-file=/etc/zabbix/zabbix.psk

Configure PSK encryption for this agent in Zabbix frontend:

Go to: Configuration → Hosts
Select host and click on Encryption tab