Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

PSK requires Stunnel version 5.09 or higher. For an example of setting up authentication using PSK, see https://www.stunnel.org/auth.htmlImage Removed. Note that the minimum PSK key length is 20 chars. Use the following steps to enable PSK for Agents.

  1. Change PSK key file owner and group to 'uptimeagent', for example:
    Code Block
    languagesql
    chown uptimeagent /opt/uptime-agent/conf/psk.txt 
    chgrp uptimeagent /opt/uptime-agent/conf/psk.txt

    The following is an example of Stunnel configuration for the PSK support:

    Code Block
    languagesql
    exec = /opt/uptime-agent/bin/uptimeagent 
    options = NO_SSLv2

...

  1. 
    options = NO_SSLv3 
    options = NO_TLSv1 
    options = NO_TLSv1.1

...

  1. 
    
    ciphers=PSK

...

  1. 
    PSKsecrets=/opt/uptime-agent/conf/psk.txt 
    PSKidentity=

...

  1. test1


    Code Block
    languagesql
    Example of content of /opt/uptime-agent/conf/psk.txt: 
    test1:qqtest11qqtest11qqtest11
  2. When adding Agents to the Monitoring Station, be sure to select select Use SSL, Use TLS-PSK, and specify PSK identity/key or enable corresponding options on the Global Credentials Settings page. On the Global Credentials Settings page, configure the list of PSK identities and keys for specific IP addresses or IP ranges. These identities and keys will be are used when the Use Uptime Agent Global Configuration option is selected.

...

  1. To edit existing Agent configuration, click Config > Global Credentials Settings, and then click Edit Configuration, as shown in the following image.
    Image Added
    For the PSK, in the IP/Hostname/IPRange field, indicate which Hostnames or IP address ranges to specify using one of the following formats:

...

    • a single subnet (e.g., 10.1.50)

...

    • multiple, comma-separated subnet entries (e.g., 10.1.50, 10.1.51, 10.1.52)

...

    • an IP address range (e.g., 10.1.53.65-120)

...

    • multiple subnets and an IP address range (e.g., 10.1.50, 10.1.51, 10.1.52, 10.1.53.65-120)

You may provide ranges only for address, but not subnets. Subnet Enter subnet ranges should be entered as a comma-separated series, as described above.