Pre-Shared Key (PSK) encryption is a method of securing communication between Zabbix server and Zabbix agents.Enabling PSK encryption in Zabbix provides an extra level of security to your monitoring infrastructure.
Steps to enable PSK encryption on Zabbix agent server
On zabbix agent server
1. Generate a PSK secret key in the location /etc/zabbix using the command
openssl rand -hex 64 > encrypt.psk
This command generate a 64-byte random hexadecimal string and saves in a file named encrypt.psk
2. Then configure zabbix agent configuration file zabbix_agentd.conf
vim zabbix_agentd.conf
add the following lines at the bottom of the configuration file
TLSConnect=psk
TLSAccept=psk
TLSPSKFile=/etc/zabbix/encrypt.psk
TLSPSKIdentity=bNb*******ouSt
where TLSPSK Identity is used by both the agent and server to verify that they are communicating with the correct PSK.
save and exit the configuration file.
3. Restart the zabbix agent
systemctl restart zabbix-agent
On Zabbix Server User interface
4. Update the host in zabbix server user interface
In the host’s encryption section, configure PSK encryption options as shown in the screenshot.
'Connections to host' = PSK
'Connections from host' = PSK
'PSK Identity' = [used in the Zabbix agent configuration file]
'PSK' = [hexadecimal string generated from the OpenSSL command]
Wait for few minutes, then the verify on Zabbix Server User interface.
The screenshot above confirms that Zabbix Server and Agent successfully communicate via PSK encryption.
Our Support Team is available to help you with enabling encryption with zabbix agents if you encounter any issues or errors.
