Uploaded image for project: 'ZABBIX BUGS AND ISSUES'
  1. ZABBIX BUGS AND ISSUES
  2. ZBX-20409

Secure Autoregistration not working as described

    XMLWordPrintable

Details

    • Problem report
    • Status: Open
    • Trivial
    • Resolution: Unresolved
    • 5.4.9
    • None
    • Agent (G)
    • None
    • Windows

    Description

      Steps to reproduce:

      1. Create PSK in Administration > Auto Registration
        1. Example: AutoRegPSK / {}RANDOM VALUE{}
      2. Install Zabbix Agent 2 MSI (First Client)
        1. Enable PSK
        2. Enter Previously set PSK (AutoRegPSK and Value)
        3. Auto Registration works and client set.
      3. Repeat previous steps for Agent 2 MSI install. (2nd Client)
        1. Will not register to server
      4. Server Logs
      357068:20220105:174113.240 autoregistration from "192.168.199.116" denied (host:"WHATEVERHOST" ip:"1.2.3.4" port:10050): connection used PSK which is not configured for autoregistration
      357063:20220105:180758.283 host PSK and autoregistration PSK have the same identity "AutoRegPSK" but different PSK values, autoregistration will not be allowed

      This error is repeated about every 5-10 seconds.

      Based on the "Secure Autoregistration" section 

      A secure way of autoregistration is possible by configuring PSK-based authentication with encrypted connections.

      The level of encryption is configured globally in Administration → General, in the Autoregistration section accessible through the dropdown to the right. It is possible to select no encryption, TLS encryption with PSK authentication or both (so that some hosts may register without encryption while others through encryption).

      Authentication by PSK is verified by Zabbix server before adding a host. If successful, the host is added and Connections from/to host are set to 'PSK' only with identity/pre-shared key the same as in the global autoregistration setting.

      I cannot imagine this is for a single client at a time? If so, how is this easier than setting up the connection manually? 

      If I am doing something wrong I am happy to fix. We are doing a deployment of 200+ agent installs and I am needing them to be PSK encrypted. I thought this would be the way to accomplish this. 

      Attachments

        Issue Links

          Activity

            People

              vcredidio Victor Breda Credidio
              jwoodard80 Jonathan Woodard
              Votes:
              1 Vote for this issue
              Watchers:
              3 Start watching this issue

              Dates

                Created:
                Updated: