Can't couple check_nrpe*nrpe over SSL in debian 9

Support forum for Nagios Core, Nagios Plugins, NCPA, NRPE, NSCA, NDOUtils and more. Engage with the community of users including those using the open source solutions.
Locked
Oldrich Sapak
Posts: 1
Joined: Thu May 25, 2017 3:07 am

Can't couple check_nrpe*nrpe over SSL in debian 9

Post by Oldrich Sapak »

I can't couple check_nrpe*nrpe over SSL in debian 9.0, openssl 1.1.0e-2,
even in the same system (localhost):

/usr/lib/nagios/plugins/check_nrpe -H localhost -c check_load
CHECK_NRPE: Error - Could not complete SSL handshake with 127.0.0.1: 1

It is the same with NRPE 3.0.1-3 from the debian repository, or
NRPE 3.1.0 compiled.
dwhitfield
Former Nagios Staff
Posts: 4583
Joined: Wed Sep 21, 2016 10:29 am
Location: NoLo, Minneapolis, MN
Contact:

Re: Can't couple check_nrpe*nrpe over SSL in debian 9

Post by dwhitfield »

If I understand your issue correctly, there are two solutions:

1. Configure daemon to run without SSL by defining the -n argument in the daemon service
Requires check_nrpe client to also use the -n argument
The check_nrpe client to will not be able to just use the -n argument alone, the daemon also requires it
2. Configure daemon to run using SSL/TLS certificates
the client and check_nrpe require certificates (need to clarify if only one end is required, not both)
NRPE client can use a certificate for encryption
The NRPE client can request the check_nrpe plugin provide a valid certificate
https://support.nagios.com/kb/article/n ... urity.html

Please see https://github.com/NagiosEnterprises/nrpe/issues/119
Locked