By default, agent communication is done in clear text. For encryption we have an option to use PSK-based encryption. PSK means pre shared key. The PSK option consists of two important values, the PSK identity and the PSK Secret. The secret should be minimum a 128-bit (16-byte PSK, entered as 32 hexadecimal digits) up to 2048-bit (256-byte PSK, entered as 512 hexadecimal digits)
You can generate a 256 bit PSK secret with openssl using the command:
I will save it directly to the zabbix directory
I then run,
I also make sure that only the Zabbix user can read the file.
I then edit the Zabbix agent configuration file.
and change the options near the bottom,
I then restart the agent
The configuration of the zabbix server is as follows
Configuration > Host > we choose the host for which to put psk and we click on it > Encryption > I select the :
‘Connections to host’ = PSK
‘Connections from host’ = PSK
‘PSK Identity’ = [what ever you used in the Zabbix agent config]
‘PSK’ = [the long hex string generated from the OpenSSL command above]
After a minute or two, the Zabbix Server and Agent will successfully communicate using PSK encryption.