Ad Widget

Collapse

PSK, does it have to be unique PSK per agent?

Collapse
X
Collapse
 
  • Page of 1
  • Time
  • Show
Clear All
new posts
Previous template Next
  • Clontarf[X]
    Member
    • Jan 2017
    • 80
    #1

    PSK, does it have to be unique PSK per agent?

    As the title says, the documentation/wording on configuring PSK isn't clear to me. Maybe I can't read very well

    https://www.zabbix.com/documentation...re_shared_keys

    It is a user responsibility to ensure that there are no two PSKs with the same identity string but different values. Failing to do so may lead to unpredictable disruptions of communication between Zabbix components using PSKs with this PSK identity string.
    So, can I not have two hosts in Zabbix which both are configured with the following;

    Host A
    PSK identity: PSK001
    PSK: 1234....

    Host B
    PSK identity: PSK001
    PSK: 1234...

    Which of the above would I need to change? Does each host need a unique identity? Does each host need a unique PSK? Or does each host require unique values for both?
    Tags: encryption, psk
    • zux
      Member
      • Sep 2018
      • 93
      #2
      PSK identity needs to be unique, the PSK probably should be, but i think it can work if it's not.

        Comment

        • Clontarf[X]
          Member
          • Jan 2017
          • 80
          #3
          Originally posted by zux
          PSK identity needs to be unique, the PSK probably should be, but i think it can work if it's not.
          Thanks, so for each installed Zabbix Agent, I could configure the PSKIdentity to be something like "{$HOST.NAME}PSK"?
            😞 1

            Comment

            • rodajrc
              #3.1
              rodajrc commented
              13-04-2024, 18:38
              Editing a comment
              Hey, did you managed to do what you said? Using macros or anything variable in the PSKIndentity parameter? I'm having issues with this and I can't find the way to do what you said.
            • solution
              Senior Member
              • Jun 2020
              • 269
              #4
              ...to ensure that there are no two PSKs with the same identity string but different values...

              You can use the same PSK on ALL Hosts if the PSK Identity and Value are the same.

              example:
              Works: Same PSK Identity and Value
              HostA
              PSK Identity: PSKAAA
              PSK Value: 12345

              Host B:
              PSK Identity: PSKAAA
              PSK Value: 12345


              does not work: Same PSK Identity but Different Value
              HostA
              PSK Identity: PSKAAA
              PSK Value: 12345

              Host B:
              PSK Identity: PSKAAA
              PSK Value: 67890

              In my environment I use the same PSK on all Hosts and have never had any problems.

              Wellington
                👍 1

                Comment

                Previous template Next
                Working...