Page 1 of 1

Can't couple check_nrpe*nrpe over SSL in debian 9

Posted: Thu May 25, 2017 6:03 am
by Oldrich Sapak
I can't couple check_nrpe*nrpe over SSL in debian 9.0, openssl 1.1.0e-2,
even in the same system (localhost):

/usr/lib/nagios/plugins/check_nrpe -H localhost -c check_load
CHECK_NRPE: Error - Could not complete SSL handshake with 127.0.0.1: 1

It is the same with NRPE 3.0.1-3 from the debian repository, or
NRPE 3.1.0 compiled.

Re: Can't couple check_nrpe*nrpe over SSL in debian 9

Posted: Thu May 25, 2017 2:40 pm
by dwhitfield
If I understand your issue correctly, there are two solutions:

1. Configure daemon to run without SSL by defining the -n argument in the daemon service
Requires check_nrpe client to also use the -n argument
The check_nrpe client to will not be able to just use the -n argument alone, the daemon also requires it
2. Configure daemon to run using SSL/TLS certificates
the client and check_nrpe require certificates (need to clarify if only one end is required, not both)
NRPE client can use a certificate for encryption
The NRPE client can request the check_nrpe plugin provide a valid certificate
https://support.nagios.com/kb/article/n ... urity.html

Please see https://github.com/NagiosEnterprises/nrpe/issues/119