-
Incident report
-
Resolution: Fixed
-
Critical
-
3.0.24
-
None
-
Ubuntu 18.04 LTS, zabbix-frontend-php 3.4.15, zabbix-server-mysql 3.4.15, php7.0
Steps to reproduce:
On Zabbix-client, I create a psk
skylab@zabbix-client:~$ sudo sh -c "openssl rand -hex 32 > /etc/zabbix/zabbix_agentd.psk"
skylab@zabbix-client:~$
skylab@zabbix-client:~$ cat /etc/zabbix/zabbix_agentd.psk
b9b82ded68b781b73e83801ec54e0dbd4837b4b6631e5631e58e4145a22000e1
Then I changed the configuration of zabbix
TLSConnect=psk
TLSAccept=psk
TLSPSKIdentity=PSK 001
TLSPSKFile=/etc/zabbix/zabbix_agentd.psk
Next I restart zabbix agent
skylab@zabbix-client:/etc/zabbix$ sudo systemctl restart zabbix-agent
and here is zabbix path location
skylab@zabbix-client:/etc/zabbix$ ls -lrt /etc/zabbix/
total 32
drwxr-xr-x 2 root root 4096 Oct 29 2017 zabbix_agentd.conf.d
rw-rr- 1 root root 10295 Dec 28 11:18 zabbix_agentd.conf.orig
rw-rr- 1 root root 65 Dec 28 13:49 zabbix_agentd.psk
rw-rr- 1 root root 10309 Dec 28 14:28 zabbix_agentd.conf
Then I input the value to zabbix front end at Configuration/ Host
Host name: zabbix-client
IP address: 10.10.1.91
Templates: Template OS Linux
Encryption: PSK; PSK identity: PSK 001, PSK: /etc/zabbix/zabbix_agentd.psk
Click Add button and alert appears:
- Incorrect value for field "tls_psk": an even number of hexadecimal characters is expected.
Check log server, I found
19682:20181228:141632.514 cannot send list of active checks to "127.0.0.1": host [Zabbix server] not monitored
19682:20181228:141715.503 failed to accept an incoming connection: from 10.10.1.91: TLS handshake set result code to 1: file ../ssl/statem/statem_srvr.c line 2077: error:1419E0DF:SSL routines:tls_process_cke_psk_preamble:psk identity not found: TLS write fatal alert "unknown PSK identity"
But, the PSK was generated correct. So I don't know why? Could you please help me fix it? or give me any advices for this case?
Thank you so much!
