Page 1 of 1
SOLVED: NRPE: Error: Could not complete SSL handshake. 1
Posted: Tue Nov 18, 2014 1:21 am
by tjay
Hi all,
I have been having issues trying to get NRPE working on CentOS-6.6 x64.
I have a fresh installation of CentOS-6.6-Minimal and installed NRPE from EPEL.
Whenever i try query it from my nagios server
i get
Code: Select all
Error: Could not complete SSL handshake. 1
in the
/var/log/messages of my CentOS server.
I have tried it with and without SSL (with the
arguement)
I have made sure that the nagios server is in the allowed_hosts and restarted nrpe (and the server).
I have also tried a fresh install of CentOS-6.5-Minimal too and still receive the issue.
The CentOS machine is installed on VirtualBox and using a bridge interface.
Anyone have any ideas why i keep getting this error?
Cheers
Re: NRPE: Error: Could not complete SSL handshake. 1
Posted: Tue Nov 18, 2014 2:08 pm
by lmiltchev
How did you install NRPE on the client (from source, repo)? Are you running NRPE as a "standalone" daemon or under xinetd?
Run the following commands on the remote box and show us the output:
Code: Select all
ps axuw | grep nrpe
netstat -at | grep nrpe
grep allowed_hosts /path/to/the/nrpe.cfg
Did you restart nrpe after adding the nagios IP address on the "allowed_hosts" line?
Re: NRPE: Error: Could not complete SSL handshake. 1
Posted: Wed Nov 19, 2014 1:48 am
by tjay
lmiltchev wrote:How did you install NRPE on the client (from source, repo)? Are you running NRPE as a "standalone" daemon or under xinetd?
Run the following commands on the remote box and show us the output:
Code: Select all
ps axuw | grep nrpe
netstat -at | grep nrpe
grep allowed_hosts /path/to/the/nrpe.cfg
Did you restart nrpe after adding the nagios IP address on the "allowed_hosts" line?
Thanks for the reply.
As mentioned in my original post i installed NRPE from the EPEL repo.
I am running nrpe client in standalone mode without xinetd
The result of the requested commands returned:
Code: Select all
ps axuw | grep nrpe
nrpe 10866 0.0 0.2 41464 1412 ? Ss Nov18 0:03 /usr/sbin/nrpe -c /etc/nagios/nrpe.cfg -d
The command
netstat -at |grep nrpe returned nothing so i changed it to
netstat -apt | grep nrpe to give the grep something to find
Code: Select all
netstat -apt | grep nrpe
tcp 0 0 *:5666 *:* LISTEN 10866/nrpe
tcp 0 0 *:5666 *:* LISTEN 10866/nrpe
Code: Select all
grep allowed_hosts /etc/nagios/nrpe.cfg
allowed_hosts=127.0.0.1,172.16.200.105
I have also tried telnet from the nagios server to port 5666 on the target machine and i can access the port.
Code: Select all
telnet 172.16.200.110 5666
Trying 172.16.200.110...
Connected to 172.16.200.110.
Escape character is '^]'.
I have also run the following commands on the machine
Code: Select all
/usr/lib64/nagios/plugins/check_nrpe -H 127.0.0.1
NRPE v2.15
Code: Select all
/usr/lib64/nagios/plugins/check_nrpe -H 127.0.0.1 -n
CHECK_NRPE: Error receiving data from daemon.
Code: Select all
ldd /usr/sbin/nrpe
linux-vdso.so.1 => (0x00007fff3e4fe000)
libssl.so.10 => /usr/lib64/libssl.so.10 (0x00007ff4fd7d6000)
libcrypto.so.10 => /usr/lib64/libcrypto.so.10 (0x00007ff4fd3f3000)
libnsl.so.1 => /lib64/libnsl.so.1 (0x00007ff4fd1d9000)
libwrap.so.0 => /lib64/libwrap.so.0 (0x00007ff4fcfce000)
libc.so.6 => /lib64/libc.so.6 (0x00007ff4fcc3a000)
libgssapi_krb5.so.2 => /lib64/libgssapi_krb5.so.2 (0x00007ff4fc9f5000)
libkrb5.so.3 => /lib64/libkrb5.so.3 (0x00007ff4fc70f000)
libcom_err.so.2 => /lib64/libcom_err.so.2 (0x00007ff4fc50b000)
libk5crypto.so.3 => /lib64/libk5crypto.so.3 (0x00007ff4fc2de000)
libdl.so.2 => /lib64/libdl.so.2 (0x00007ff4fc0da000)
libz.so.1 => /lib64/libz.so.1 (0x00007ff4fbec4000)
/lib64/ld-linux-x86-64.so.2 (0x00007ff4fda48000)
libkrb5support.so.0 => /lib64/libkrb5support.so.0 (0x00007ff4fbcb8000)
libkeyutils.so.1 => /lib64/libkeyutils.so.1 (0x00007ff4fbab5000)
libresolv.so.2 => /lib64/libresolv.so.2 (0x00007ff4fb89b000)
libpthread.so.0 => /lib64/libpthread.so.0 (0x00007ff4fb67d000)
libselinux.so.1 => /lib64/libselinux.so.1 (0x00007ff4fb45e000)
Code: Select all
egrep -v "^#.*$|^$" /etc/nagios/nrpe.cfg
log_facility=daemon
pid_file=/var/run/nrpe/nrpe.pid
server_port=5666
nrpe_user=nrpe
nrpe_group=nrpe
allowed_hosts=127.0.0.1,172.16.200.105
dont_blame_nrpe=0
debug=1
command_timeout=60
connection_timeout=300
include_dir=/etc/nrpe.d
Code: Select all
service nrpe restart; tail -f /var/log/messages
Nov 19 06:29:05 test-centos nrpe[27801]: INFO: SSL/TLS initialized. All network traffic will be encrypted.
Nov 19 06:29:05 test-centos nrpe[27802]: Starting up daemon
Nov 19 06:29:05 test-centos nrpe[27802]: Server listening on 0.0.0.0 port 5666.
Nov 19 06:29:05 test-centos nrpe[27802]: Server listening on :: port 5666.
Nov 19 06:29:05 test-centos nrpe[27802]: Listening for connections on port 0
Nov 19 06:29:05 test-centos nrpe[27802]: Allowing connections from: 127.0.0.1,172.16.200.105
Code: Select all
NRPE Plugin for Nagios
Copyright (c) 1999-2008 Ethan Galstad ([email protected])
Version: 2.15
Last Modified: 09-06-2013
License: GPL v2 with exemptions (-l for more info)
I hope some of this information is useful. I am racking my brains trying to find out why this is not working.
I have a CentOS machine with this working but it is running CentOS 6-5 (which i have tried on the VirtutalBox instance with no success).
Re: NRPE: Error: Could not complete SSL handshake. 1
Posted: Wed Nov 19, 2014 5:13 pm
by sreinhardt
What version of openssl do you have on the two boxes?
rpm -qa | grep openssl
Re: NRPE: Error: Could not complete SSL handshake. 1
Posted: Wed Nov 19, 2014 5:26 pm
by lmiltchev
Whenever i try query it from my nagios server
./check_nrpe -H 192.168.56.10
i get
Error: Could not complete SSL handshake. 1
I have also tried telnet from the nagios server to port 5666 on the target machine and i can access the port.
telnet 172.16.200.110 5666
Trying 172.16.200.110...
Connected to 172.16.200.110.
Escape character is '^]'.
Which one is the correct IP for the client?
Also, what is the ip of the nagios server?
Re: NRPE: Error: Could not complete SSL handshake. 1
Posted: Wed Nov 19, 2014 6:53 pm
by Box293
Can you also post the contents of any files in:
/etc/nrpe.d
Re: NRPE: Error: Could not complete SSL handshake. 1
Posted: Thu Dec 04, 2014 11:01 am
by tjay
Hi guys,
Thanks for all the suggestions.
I have managed to solve the issue.
It seems it was the nagios server itself. It was pull nrpe from our pkgrepo and it was compiled with without ssl and the CentOS yum package was.
Took a while but i got there.
Thanks guys
Re: SOLVED: NRPE: Error: Could not complete SSL handshake. 1
Posted: Thu Dec 04, 2014 11:03 am
by slansing
Ahh, that would certainly do it, thank you for letting us know what the resolution was in your case!