11.12.2024

Configuring PSK keys for Zabbix agent on Ubuntu and Windows

Zabbix have inbuilt encryption between parts of its monitoring network with PSK keys or certificates. Let’s look into configuring PSK encryption for the Zabbix agents.

Configuring the server

First, let's configure the encryption mode of the host we want to use.

Open the web interface, go to Configuration -> Hosts, go to the host you want to configure PSK for, and open the Encryption tab. By default all connections are unencrypted, unmark that checkbox and choose the PSK option.

In the ‘PSK identity’ line write an ID for your key. After that create a key with any password generator of your choosing or use your own, then put it in the PSK line. Click Update.

Configuring PSK keys on the Ubuntu agent

Now we need to make a .psk file for storing the key accessible for the agent user, /etc/zabbix/zabbix_agentd.psk for example, paste your password inside the file.

Give Zabbix acces to it:

sudo chown zabbix:zabbix /etc/zabbix/zabbix_agentd.psk
sudo chmod 400 /etc/zabbix/zabbix_agentd.psk

Delete # symbol from the TLSConnect and TLSAccept lines, change their value to psk, and after that edit these lines to the end of the file:

TLSPSKFile=(path to key file)
TLSPSKIdentity=(ID of your key)

Restart the agent for the changes to take place.

Configuring PSK for the Windows agent

For the Windows version modify C:\\\\Program Files\\\\Zabbix Agent\\\\zabbix_agentd.conf file in the same way as those described earlier in the Ubuntu part.

Make zabbix_agentd.psk file in the default agent folder with your PSK in it.

Don't forget to restart the agent in the services menu.

Check if it works.

Conclusion

In this guide, we discovered how to set up PSK authorization on Windows and Ubuntu Zabbix Agents.