Details

    • Type: Incident report
    • Status: Closed
    • Priority: Critical
    • Resolution: Fixed
    • Affects Version/s: 3.0.24
    • Fix Version/s: 3.0.23
    • Component/s: Agent (G), Server (S)
    • Labels:
      None
    • Environment:
      Ubuntu 18.04 LTS, zabbix-frontend-php 3.4.15, zabbix-server-mysql 3.4.15, php7.0

      Description

      Steps to reproduce:

      On Zabbix-client, I create a psk 

      skylab@zabbix-client:~$ sudo sh -c "openssl rand -hex 32 > /etc/zabbix/zabbix_agentd.psk"
      skylab@zabbix-client:~$
      skylab@zabbix-client:~$ cat /etc/zabbix/zabbix_agentd.psk
      b9b82ded68b781b73e83801ec54e0dbd4837b4b6631e5631e58e4145a22000e1

      Then I changed the configuration of zabbix

       

      /etc/zabbix/zabbix_agentd.conf

       

      TLSConnect=psk

      TLSAccept=psk

      TLSPSKIdentity=PSK 001

      TLSPSKFile=/etc/zabbix/zabbix_agentd.psk

       

       

       

      Next I restart zabbix agent

      skylab@zabbix-client:/etc/zabbix$ sudo systemctl restart zabbix-agent

      and here is zabbix path location

      skylab@zabbix-client:/etc/zabbix$ ls -lrt /etc/zabbix/
      total 32
      drwxr-xr-x 2 root root 4096 Oct 29 2017 zabbix_agentd.conf.d
      rw-rr- 1 root root 10295 Dec 28 11:18 zabbix_agentd.conf.orig
      rw-rr- 1 root root 65 Dec 28 13:49 zabbix_agentd.psk
      rw-rr- 1 root root 10309 Dec 28 14:28 zabbix_agentd.conf

       

      Then I input the value to zabbix front end at Configuration/ Host

      Host name: zabbix-client

      IP address: 10.10.1.91

      Templates: Template OS Linux

      Encryption: PSK; PSK identity: PSK 001, PSK: /etc/zabbix/zabbix_agentd.psk

       

      Click Add button and alert appears: 

      • Incorrect value for field "tls_psk": an even number of hexadecimal characters is expected.
        Check log server, I found

      19682:20181228:141632.514 cannot send list of active checks to "127.0.0.1": host [Zabbix server] not monitored
      19682:20181228:141715.503 failed to accept an incoming connection: from 10.10.1.91: TLS handshake set result code to 1: file ../ssl/statem/statem_srvr.c line 2077: error:1419E0DF:SSL routines:tls_process_cke_psk_preamble:psk identity not found: TLS write fatal alert "unknown PSK identity"

       

      But, the PSK was generated correct. So I don't know why? Could you please help me fix it? or give me any advices for this case?

      Thank you so much!
       
       

        Attachments

        1. Capture.PNG
          51 kB
          Hung Vo
        2. Capture.PNG
          61 kB
          Hung Vo
        3. Capture1.PNG
          57 kB
          Hung Vo
        4. Screen Shot 2018-12-28 at 2.57.19 PM.png
          485 kB
          Tien The PHAN

          Activity

            People

            • Assignee:
              Unassigned
              Reporter:
              tphanix Tien The PHAN
            • Votes:
              0 Vote for this issue
              Watchers:
              2 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved: