Nagios Support Forum

Support for Nagios products and services
https://support.nagios.com/forum/

Could not complete SSL handshake (check_nrpe is fine)

https://support.nagios.com/forum/viewtopic.php?t=26181

Page 4 of 5

Re: Could not complete SSL handshake (check_nrpe is fine)

Posted: Mon Apr 07, 2014 4:52 pm
by slansing
Can you remove the '-n' from your check_nrpe command as it has been proven not to work since you had compiled that remote host with ssl support. Otherwise you can duplicate the command and change it's name, then remove the '-n' so you don't mess with other service commands using the original check_nrpe command.

Re: Could not complete SSL handshake (check_nrpe is fine)

Posted: Tue Apr 08, 2014 8:46 am
by hazmat
Thanks, but no difference.

Re: Could not complete SSL handshake (check_nrpe is fine)

Posted: Tue Apr 08, 2014 3:53 pm
by slansing
When you do try running check_nrpe from the Core server to the remote system, what errors are you seeing in the remote server's log now?

Re: Could not complete SSL handshake (check_nrpe is fine)

Posted: Wed Apr 09, 2014 9:07 am
by hazmat
If run from the command line from the Core server, I get:

Apr 9 10:05:03 xinetd[20118]: START: nrpe pid=28471 from=1.2.3.4
Apr 9 10:05:03 nrpe[28471]: INFO: SSL/TLS initialized. All network traffic will be encrypted.
Apr 9 10:05:03 xinetd[20118]: EXIT: nrpe status=0 pid=28471 duration=0(sec)

In the remote server's log. I see nothing in the log if run via the application.

Re: Could not complete SSL handshake (check_nrpe is fine)

Posted: Wed Apr 09, 2014 4:42 pm
by lmiltchev
You should have something in the remote server's system log... Can you post the log for a review?
You can try reinstalling the openssl package on the remote box and see if this is going to fix the issue.

Re: Could not complete SSL handshake (check_nrpe is fine)

Posted: Wed Apr 09, 2014 4:47 pm
by abrist

Code: Select all

check_command                   check_nrpe!check_disk!-a '-w 20% -c 10% -p /var'
It looks like you are declaring the check_disk arg string ( -a ' * ' ) in the service check args, you should eliminate it from the command_line.
Change:

Code: Select all

command_line    /usr/local/nagios/libexec/check_nrpe -n -H $HOSTADDRESS$ -c $ARG1$ -a $ARG2$ $ARG3$ $ARG4$
To:

Code: Select all

command_line    /usr/local/nagios/libexec/check_nrpe -n -H $HOSTADDRESS$ -c $ARG1$ $ARG2$
Andy then restart nagios:

Code: Select all

service nagios restart

Re: Could not complete SSL handshake (check_nrpe is fine)

Posted: Fri Apr 11, 2014 5:23 am
by mkot
Hi, if I remember I had the same issue like you. All I need to do was configure NRPE v2.15 like this:

Code: Select all

 ./configure --with-ssl=/usr/bin/openssl --with-ssl-lib=/usr/lib/i386-linux-gnu
(you may need to install libssl-dev at your server.) I was using this method at Ubuntu and CentOS servers. And commands for monitoring some stuff:

Monitored host:

Code: Select all

command[check_sw_raid]=/usr/local/nagios/libexec/check_raid
command[check_/]=/usr/local/nagios/libexec/check_disk -w 20% -c 10% -p /dev/md2
command[check_/boot]=/usr/local/nagios/libexec/check_disk -w 20% -c 10% -p /dev/md0
command[check_mem]=/usr/local/nagios/libexec/check_mem.pl -w 98 -c 99
command[check_cpu]=/usr/local/nagios/libexec/check_cpu.sh -w 50 -c 85
Nagios server (for check_sw_raid - sw=software):

Code: Select all

define service{
        use                     local-service
        host_name               domena-pn, localhost
        service_description     SW RAID Status
        check_command           check_nrpe!check_sw_raid
        notifications_enabled   1
        flap_detection_enabled  0
        active_checks_enabled   1
        passive_checks_enabled  0
        }
Oh, I think that Could not complete SSL handshake is also when you use different version of plugins at your host and nagios server.

Re: Could not complete SSL handshake (check_nrpe is fine)

Posted: Fri Apr 11, 2014 12:19 pm
by sreinhardt
Thanks Mkot, hopefully that helps them out and we hear back either way!

Re: Could not complete SSL handshake (check_nrpe is fine)

Posted: Fri Apr 11, 2014 12:21 pm
by abrist
mkot wrote: Oh, I think that Could not complete SSL handshake is also when you use different version of plugins at your host and nagios server.
As plugins run through nrpe are run from the remote host, using different versions of the plugins between the server and remote host is inconsequential.
mkot wrote:./configure --with-ssl=/usr/bin/openssl --with-ssl-lib=/usr/lib/i386-linux-gnu
This is only necessary if the configure script does not detect his openssl lib.
@OP, how is it going?

Re: Could not complete SSL handshake (check_nrpe is fine)

Posted: Fri Apr 25, 2014 3:36 pm
by hazmat
Apologies for the delay, and thanks for the continued help. I was away on vacation.

Sorry if this is a stupid question, but how do I tell if the openssl lib has not been detected? I did not build this myself.
All times are UTC-05:00
Page 4 of 5

Powered by phpBB® Forum Software © phpBB Limited