Let's start with a simple situation—a single new host for which the Zabbix server will accept PSK-encrypted incoming connections only for the ones we will send some values to using zabbix_sender
. For that to work, both Zabbix server and zabbix_sender
must be compiled with TLS support. The PSK configuration consists of a PSK identity and key. The identity is some string that is not considered to be secret—it is not encrypted during the communication; do not put sensitive information in the identity string. The key is a hex string.
Note
Zabbix requires the key to be at least 32 characters (hexadecimal digits) long. The maximum in Zabbix is 512 characters, but it might depend on the specific version of the backend library you are using.
We could just type the key in manually, but a slightly easier method might be using the openssl
command:
$ openssl rand -hex 64
This will generate a 512-bit key, which we will use in a moment. Navigate to Configuration | Hosts, click on...