Error: Could not complete SSL handshake

[spostma]

A nagios machine built from the latest ova template. The nrpe client was downloaded from the link with in the nagios server config wizard. The OS on the client is Redhat 6.3. When run under xinetd, I recieve errors:

Feb 11 15:32:27 oak xinetd[25125]: START: nrpe pid=25135 from=::ffff:10.1.200.252
Feb 11 15:32:27 oak nrpe[25135]: INFO: SSL/TLS initialized. All network traffic will be encrypted.
Feb 11 15:32:27 oak nrpe[25135]: Error: Could not complete SSL handshake. 1
Feb 11 15:32:27 oak xinetd[25125]: EXIT: nrpe status=0 pid=25135 duration=0(sec)
Feb 11 15:34:27 oak xinetd[25125]: START: nrpe pid=25138 from=::ffff:10.1.200.252
Feb 11 15:34:27 oak nrpe[25138]: INFO: SSL/TLS initialized. All network traffic will be encrypted.
Feb 11 15:34:27 oak nrpe[25138]: Error: Could not complete SSL handshake. 1
Feb 11 15:34:27 oak xinetd[25125]: EXIT: nrpe status=0 pid=25138 duration=0(sec)
Feb 11 15:37:28 oak xinetd[25125]: START: nrpe pid=25145 from=::ffff:10.1.200.252
Feb 11 15:37:28 oak nrpe[25145]: INFO: SSL/TLS initialized. All network traffic will be encrypted.
Feb 11 15:37:28 oak nrpe[25145]: Error: Could not complete SSL handshake. 1
Feb 11 15:37:28 oak xinetd[25125]: EXIT: nrpe status=0 pid=25145 duration=0(sec)


If I run nrpe as a stand alone demon,
http://www.siamkia.com/open-source-help ... shake.html
I get errors:

Feb 11 15:04:27 oak nrpe[24948]: Error: Could not complete SSL handshake. 1
Feb 11 15:07:27 oak nrpe[24956]: Error: Could not complete SSL handshake. 1
Feb 11 15:09:27 oak nrpe[24960]: Error: Could not complete SSL handshake. 1
Feb 11 15:12:27 oak nrpe[25003]: Error: Could not complete SSL handshake. 1
Feb 11 15:14:27 oak nrpe[25011]: Error: Could not complete SSL handshake. 1



Iptables has been flushed, The client has been removed and re-added to nagios config several times, with and without ssl.
without ssl enabled I recieve :
CHECK_NRPE: Error receiving data from daemon.


Thanks for your Time,
Steve

[abrist]

These following suggestions assume you are using xinetd to run nrpe:

1. Have you added your XI server's ip to the "only_from" directive in the file /etc/xinetd.d/nrpe on the remote host?

Code: Select all

[root@localhost]# cat /etc/xinetd.d/nrpe
# default: on
# description: NRPE (Nagios Remote Plugin Executor)
service nrpe
{
        flags           = REUSE
        socket_type     = stream
        port            = 5666
        wait            = no
        user            = nagios
        group           = nagios
        server          = /usr/local/nagios/bin/nrpe
        server_args     = -c /usr/local/nagios/etc/nrpe.cfg --inetd
        log_on_failure  += USERID
        disable         = no
        only_from       = 127.0.0.1 [ip of XI server here]
}

2. Have you added the line:

Code: Select all

nrpe    5666/tcp

to /etc/services?

[spcmidrange]

Start nrpe with a -n to disable SSL:

Code: Select all

# description: NRPE (Nagios Remote Plugin Executor)
service nrpe
{
        flags           = REUSE
        socket_type     = stream
        port            = 5666
        wait            = no
        user            = nagios
        group           = nagios
        server          = /usr/local/nrpe/bin/nrpe
        server_args     = -c /usr/local/nrpe/etc/nrpe.cfg -n --inetd
        log_on_failure  += USERID
        disable         = no
        only_from       = 127.0.0.1 172.20.1.172
}

I believe i also have SSL disabled on the monitoring host. We have AIX boxes monitored with nrpe and its easier to turn it off

Cheers!

[spostma]

Thanks! I used both suggestions above and was able to connect.
Steve