NRPE SSL Handshake not working

[sheen.lim]

Hello Nagios Community,

I recently started studying the Nagios Core Tool and so far I'm very impressed. I however is getting some issues with NRPE.

I have 2 Ubuntu 17 Servers.
1 installed with NAGIOS Core and NRPE client, server name is "Server1",
the other is installed with NRPE Server, server name is "Server2".

When I query NRPE from NRPE Client (Server1), i get this error message and log information.
sheenlim08@Server1:~$ /usr/lib/nagios/plugins/check_nrpe -H 192.168.36.144 -c check_load
CHECK_NRPE: Error - Could not connect to 192.168.36.144: Connection reset by peer
sheenlim08@Server1:~$ tail /var/log/syslog
Aug 8 09:04:21 Server1 systemd[1]: Started Session 1 of user sheenlim08.
Aug 8 09:04:21 Server1 systemd[1633]: Reached target Timers.
Aug 8 09:04:21 Server1 systemd[1633]: Reached target Sockets.
Aug 8 09:04:21 Server1 systemd[1633]: Reached target Paths.
Aug 8 09:04:21 Server1 systemd[1633]: Reached target Basic System.
Aug 8 09:04:21 Server1 systemd[1633]: Reached target Default.
Aug 8 09:04:21 Server1 systemd[1633]: Startup finished in 36ms.
Aug 8 09:04:21 Server1 systemd[1]: Started User Manager for UID 1000.
Aug 8 09:04:47 Server1 nagios3: HOST ALERT: H:PH-CDO-Server3;UP;SOFT;2;PING OK - Packet loss = 0%, RTA = 0.72 ms
Aug 8 09:06:05 Server1 check_nrpe: Error: Could not complete SSL handshake with 192.168.36.144: rc=-1 SSL-error=5


Below is the log information I get from the NRPE server side ("Server3" - The server to be monitored).
sheenlim08@Server3:~$ tail /var/log/syslog
Aug 8 09:04:39 Server3 systemd[1]: Time has been changed
Aug 8 09:04:39 Server3 systemd[1]: snapd.refresh.timer: Adding 3h 10min 20.187594s random time.
Aug 8 09:04:39 Server3 systemd[1]: snapd.refresh.timer: Adding 3h 23min 43.621384s random time.
Aug 8 09:04:39 Server3 systemd[1]: apt-daily.timer: Adding 11h 40min 3.650958s random time.
Aug 8 09:04:39 Server3 systemd[1]: motd-news.timer: Adding 9min 5.795450s random time.
Aug 8 09:04:39 Server3 systemd-timesyncd[597]: Synchronized to time server 91.189.89.198:123 (ntp.ubuntu.com).
Aug 8 09:06:05 Server3 nrpe[1578]: Error: Request packet version was invalid!
Aug 8 09:06:05 Server3 nrpe[1578]: Could not read request from client 192.168.36.137, bailing out...
Aug 8 09:06:25 Server3 nrpe[1585]: Error: Request packet version was invalid!
Aug 8 09:06:25 Server3 nrpe[1585]: Could not read request from client 192.168.36.137, bailing out...

When running the command "sheenlim08@Server1:~$ /usr/lib/nagios/plugins/check_nrpe -H 192.168.36.144 -c check_load" with option "-n", i do get good result, so SSL is not working which is used by default by nagios and is confirmed according to the syslog on the server running NRPE client. (see above)

I want the SSL to work, what are my requirement to make this feature work? I am open to using OpenSource SSL certificates if required from https://letsencrypt.org or any other opensource SSL certificates.

[bolson]

What version of Nagios Core are you running and what version of NRPE on the host to be monitored?

On the host to be monitored, run the following command and post your result:

Code: Select all

/usr/local/nagios/libexec/check_nrpe -H localhost -n

Also

Code: Select all

cat /etc/xinetd.d/nrpe

[sheen.lim]

I am not sure what happend, but I ended up deploying new Virtual Machine on another test environment and this time it works great.
Not sure what went wrong, I used the same OS image and package.

Maybe I misconfigured it somewhere? But why was I getting good result when option "-n" was added on the check_nrpe command? At this point im not really sure but it looks like this stop to happen on my new test environment.

[bolson]

So is everything working properly now? May we close this topic?