Enable PSK Encryption for Zabbix Agent on Linux : Zabbix 4.2

Enable PSK Encryption for Zabbix Agent on Linux : Zabbix 4.2

Channel:
United Kingdom SBCODE
Subscribers:
25,200
Published on ● Video Link: https://www.youtube.com/watch?v=98eUkrdWpG8


Duration: 5:54
4,057 views
46

Zabbix Course : https://sbcode.net/zabbix/
Coupons : https://sbcode.net/coupons

By default, agent communication is done in clear text.
For encryption we have an option to use PSK-based encryption.
PSK means pre shared key.
The PSK option consists of two important values, the PSK identity and the PSK Secret.
The secret should be minimum a 128-bit (16-byte PSK, entered as 32 hexadecimal digits) up to 2048-bit (256-byte PSK, entered as 512 hexadecimal digits)

All the commands in this video can be copy/pasted from https://sbcode.net/zabbix/agent-psk-encryption/

For more info on my Zabbix Course visit https://sbcode.net/zabbix/



You can generate a 256 bit PSK secret with openssl using the command

$ openssl rand -hex 32

In this lecture, I also save it straight to a file.

I first create and navigate to a folder

/home/zabbix/

I then run,

$ openssl rand -hex 32

Save the output to a file called secret.psk
See video for the method I used to output the random hex directly into a file named secret.psk

I also make sure that only the Zabbix user can read the file.

$ chown zabbix:zabbix secret.psk

$ chmod 640 secret.psk

I then reconfigure the Zabbix agent configuration file.

$ sudo nano /etc/zabbix/zabbix_agentd.conf

and change the options near the bottom,

TLSConnect=psk
TLSAccept=psk
TLSPSKFile=/home/zabbix/secret.psk
TLSPSKIdentity=[whatever you like. not sensitive info. this part not unencrypted]

I then restart the agent

$ sudo service zabbix-agent restart

I then go into the Zabbix Server User interface and configure the PSK encryption options for the host.

I select the
'Connections to host' = PSK
'Connections from host' = PSK
'PSK Identity' = [what ever you used in the Zabbix agent config]
'PSK' = [the long hex string generated from the OpenSSL command above]

After a minute or two, the Zabbix Server and Agent will successfully communicate using PSK encryption.



Other Videos By SBCODE


2019-09-13Apple Strudel from Home Grown Apples
2019-09-11Getting Started with the Grafana Zabbix Plugin : Grafana 7, Zabbix 4.2
2019-09-07Replace Diverter Valve Cartridge on a Vaillant Ecotec 832
2019-09-05Analysing a Low Temperature Stirling Engine
2019-08-11UserParameters in Zabbix, with Examples
2019-08-01Log File Monitoring : Nginx Proxy HTTP Status Codes
2019-07-26Monitoring SSL Certificate Expiry Using Zabbix
2019-07-24Zabbix Alert Flapping
2019-07-21Factory Reset TP Link WA850RE N300 Wifi Range Extender
2019-07-14Connect SIM800C to PC via USB TTL UART
2019-07-13Enable PSK Encryption for Zabbix Agent on Linux : Zabbix 4.2
2019-07-05Creating a New Media Type - Slack
2019-07-05Install and Configure Zabbix Proxy 4.2
2019-07-05Setup A Send Only SMTP server and Configure the Email Media Type in Zabbix 4
2019-07-05Configure a SSL certificate for Zabbix Server Front end
2019-06-24SMS API in 5 minutes with AWS SNS and NodeJS
2019-06-18Install Zabbix Agent on Mac OSX : Zabbix 4.2
2019-06-15Fixing Lack of Free Swap Space Error on Zabbix Server 4.2
2019-05-25SH3D : Create A Roof
2019-05-25SH3D : Importing a Floorplan Blueprint
2019-05-18100 Percent Test Coverage in Python


Tags:
zabbix
zabbix course
zabbix psk
psk encryption
zabbix training