PSK in Zabbix

November 15, 2021 The Geek Decoder No Comments Zabbix

Generate a key:

# openssl rand -hex 32
c68a0164045a04ea2f1d821e3d3275e782d671a166613b3d81c07f99e3b92843

Configuring PSK for server-agent communication
On the hos, edit the zabbix agent file

nano /etc/zabbix/zabbix_agentd.conf

Add:

####### TLS-RELATED PARAMETERS #######
TLSConnect=psk
TLSAccept=psk
TLSPSKIdentity=PSK 001
TLSPSKFile=/etc/zabbix/zabbix.psk

Create the /etc/zabbix/zabbix.psk file:

echo c68a0164045a04ea2f1d821e3d3275e782d671a166613b3d81c07f99e3b92843 > /etc/zabbix/zabbix.psk

Restart the agent. 

systemctl restart  zabbix-agent.service

Now you can test the connection using zabbix_get, for example:

$ zabbix_get -s 127.0.0.1 -k "system.cpu.load[all,avg1]" --tls-connect=psk \
            --tls-psk-identity="PSK 001" --tls-psk-file=/etc/zabbix/zabbix.psk

Configure PSK encryption for this agent in Zabbix frontend:

Go to: Configuration → Hosts
Select host and click on Encryption tab

Leave a Comment

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.