[Solved] Yet another Could not complete SSL handshake error

[jbruyet]

Hey all, I just moved my Nagios monitoring from my FreeBSD server to my CentOS 6.5 server. I'm now in the clean-up phase and I've hit a snag -- I'm unable to get monitoring to work on my Linux servers.

The error:

Code: Select all

CHECK_NRPE: Error - Could not complete SSL handshake. 

Both the server and client now have the same version of nrpe (I just installed the new nrpe on the client but still no joy):

Client:

Code: Select all

NRPE - Nagios Remote Plugin Executor
Copyright (c) 1999-2008 Ethan Galstad (nagios@nagios.org)
Version: 2.15
Last Modified: 09-06-2013
License: GPL v2 with exemptions (-l for more info)
SSL/TLS Available: Anonymous DH Mode, OpenSSL 0.9.6 or higher required

Server:

Code: Select all

NRPE Plugin for Nagios
Copyright (c) 1999-2008 Ethan Galstad (nagios@nagios.org)
Version: 2.15
Last Modified: 09-06-2013
License: GPL v2 with exemptions (-l for more info)
SSL/TLS Available: Anonymous DH Mode, OpenSSL 0.9.6 or higher required

I even tried including the -n switch but that didn't help:

Code: Select all

[root@FreeNag objects]#  /usr/local/nagios/libexec/check_nrpe -H 192.168.2.83 -n
CHECK_NRPE: Error receiving data from daemon.
[root@FreeNag objects]#  /usr/local/nagios/libexec/check_nrpe -H 192.168.2.83
CHECK_NRPE: Error - Could not complete SSL handshake.

The only possible issue I can find is that the SSL versions are a little off:

Code: Select all

root@srvBackup:/usr/local/nagios/etc# openssl version
OpenSSL 0.9.8o 01 Jun 2010

[root@FreeNag objects]# openssl version
OpenSSL 1.0.1e-fips 11 Feb 2013

I tried upgrading srvBackup (through apt-get) but no upgrades are available, then I removed and reinstalled openssl but it's the same version. Should I try to remove openssl and try reinstalling from another source?

Thanks,

Joe B

[abrist]

The only possible issue I can find is that the SSL versions are a little off:

There was a hard break in ssl supported version, so this could very well be the case.
When you try to connect, the error should be logged in the nrpe daemon server's messages.

Code: Select all

tail -20 /var/log/messages

[jbruyet]

Hi abrist, I can't find anything nrpe-related:

Code: Select all

[root@FreeNag objects]# grep nrpe /var/log/messages
[root@FreeNag objects]#

That's on the server and the client.

Thanks,

Joe B

[lmiltchev]

Did you add nagios server's IP to the "allowed_hosts" line in the "nrpe.cfg" file on the client (or to the "only_from" line in the "/etc/xinetd.d/nrpe" if nrpe is running under xinetd)?

[jbruyet]

Thank you, lmiltchev, for that answer. All of my Linux servers are now all green except for one, and that one is slowly getting greener. What a rookie mistake -- I made the changes to my Windows servers but never even thought about my Linux servers. AND, with the SSL error message I would never have thought about looking for the answer in an allowed_hosts section of a config file.

Thanks again,

Joe B

[tmcdonald]

The good thing about mistakes is that you (hopefully) learn something from them!

Is it safe to close this up now?