Nagios Support Forum

Hi. I added a server for Nagios to monitor. I have nrpe installed on the client via xinetd and as far as I know it's properly set up. When I run check_nrpe from the Nagios server, I get "NRPE v2.12". And this is running with ssl. When I restart Nagios on the server, the client shows "Error: Could not complete SSL handshake. 1" in /var/log/messages. The server shows "SERVICE ALERT: <hostname>;Current Load;UNKNOWN;SOFT;1;CHECK_NRPE: Error receiving data from daemon". Any ideas what could be wrong here? I feel like I've tried everything.

Thanks.

What versions of openssl and openssl-devel do you have installed? rpm -qa | grep opessl
What oses are you running on?
Could you give the exact commands that are and are not working? Also have you tried the both from the command line or just the check_nrpe and not additional arguments?

Thanks so much for the reply, Spenser. The Nagios server, RHEL 5.3 (Tikanga), is running openssl-0.9.8e-7.el5 and openssl-devel-0.9.8e-7.el5. The client, RHEL 5.8 (Tikanga), is running openssl-0.9.8e-22.el5_8.3. The check_nrpe command I used was:

# check_nrpe -H <IP> 63636
NRPE v2.12

Everything except for ping and ssh come back as unknown.

I hope I've answered your questions. Thanks again.

You have answered them just fine. I asked about openssl, as we are at an interesting time with 1.0.1 being pushed fairly mainstream and breaking compatibility with past versions.
Have you configured the other system(remote nrpe) with all the commands you wish to run?
Are any of those commands using arguments from the nagios server?
Did you use a compiled package or build from source?

I have played around with the commands, which work locally on the client, but nothing I try (I have 'dont_blame_nrpe' set to 1) will give me anything other than 'Error: Could not complete SSL handshake. 1' when it runs from the server. There must be something obvious I'm missing here. It's running as nagios:nagios and I even went as far as putting user nagios under group wheel just so it can do anything. Interestingly, running a command from the server from the command line does work. I tried check_load and got the client's load.

On the client, I don't have any compilers so I had to work with a pre-compiled nrpe.

Did you put the Nagios server's IP on the "only_from" line in the "/etc/xinetd.d/nrpe" on the client? Do you know if the nrpe was compiled with or without ssl support?

I did. I have:

only_from = 127.0.0.1 1.2.3.4

where 1.2.3.4 is the server's IP. I'm pretty sure nrpe was compiled with ssl because if I try running check_nrpe from the server's command line with no arguments I get "NRPE v2.12", but with -n it says "Error receiving data from daemon."

If this helps, from nrpe --help:

NRPE - Nagios Remote Plugin Executor
Copyright (c) 1999-2008 Ethan Galstad ([email protected])
Version: 2.12
Last Modified: 03-10-2008
License: GPL v2 with exemptions (-l for more info)
SSL/TLS Available: Anonymous DH Mode, OpenSSL 0.9.6 or higher required
TCP Wrappers Available

Your allowed hosts actually need to be comma delimited, not space. Try:

Are you sure NRPE is running under xinetd and not running as a standalone daemon? What is the output of the following command?

I'm positive that nrpe is running under xinetd. But Spenser, are you sure about the xinetd 'only_from' being comma-delimited? I tried that, but after that any nagios command from the nagios server came back as 'Connection refused by host'. With space-delimited, they run as I've reported. Everything works from the command line on both sides, but from the nagios server to nrpe on the client, for each command it runs (other than ping and ssh) nrpe on the client reports:

Mar 21 15:57:13 xxxx xinetd[22836]: START: nrpe pid=23804 from=1.2.3.4
Mar 21 15:57:13 xxxx nrpe[23804]: INFO: SSL/TLS initialized. All network traffic will be encrypted.
Mar 21 15:57:13 xxxx nrpe[23804]: Error: Could not complete SSL handshake. 1
Mar 21 15:57:13 xxxx xinetd[22836]: EXIT: nrpe status=0 pid=23804 duration=0(sec)

And the nagios web console says Unknown and "CHECK_NRPE: Error receiving data from daemon".