Can't couple check_nrpe*nrpe over SSL in debian 9

This forum is intended for the discussion of Nagios plugin development. Feature requests, patches, bug fixes, and all types of development-related discussions are welcome!

NOTE: The SourceForge.net nagiosplug-devel mailing list has been deprecated in favor of this forum in order to expedite support and provide additional features not available on the old mailing list.

Can't couple check_nrpe*nrpe over SSL in debian 9

Postby Oldrich Sapak » Thu May 25, 2017 6:03 am

I can't couple check_nrpe*nrpe over SSL in debian 9.0, openssl 1.1.0e-2,
even in the same system (localhost):

/usr/lib/nagios/plugins/check_nrpe -H localhost -c check_load
CHECK_NRPE: Error - Could not complete SSL handshake with 127.0.0.1: 1

It is the same with NRPE 3.0.1-3 from the debian repository, or
NRPE 3.1.0 compiled.
Oldrich Sapak
 
Posts: 1
Joined: Thu May 25, 2017 3:07 am

Re: Can't couple check_nrpe*nrpe over SSL in debian 9

Postby dwhitfield » Thu May 25, 2017 2:40 pm

If I understand your issue correctly, there are two solutions:

1. Configure daemon to run without SSL by defining the -n argument in the daemon service
Requires check_nrpe client to also use the -n argument
The check_nrpe client to will not be able to just use the -n argument alone, the daemon also requires it
2. Configure daemon to run using SSL/TLS certificates
the client and check_nrpe require certificates (need to clarify if only one end is required, not both)
NRPE client can use a certificate for encryption
The NRPE client can request the check_nrpe plugin provide a valid certificate
https://support.nagios.com/kb/article/n ... urity.html

Please see https://github.com/NagiosEnterprises/nrpe/issues/119
Be sure to check out our Knowledgebase for helpful articles and solutions!
User avatar
dwhitfield
The Doctor
 
Posts: 3736
Joined: Wed Sep 21, 2016 10:29 am
Location: Nagios Enterprises, LLC


Return to Nagios Plugin Development

Who is online

Users browsing this forum: No registered users and 4 guests