NRPE SSL Handshake not working
Posted: Mon Aug 07, 2017 8:15 pm
Hello Nagios Community,
I recently started studying the Nagios Core Tool and so far I'm very impressed. I however is getting some issues with NRPE.
I have 2 Ubuntu 17 Servers.
1 installed with NAGIOS Core and NRPE client, server name is "Server1",
the other is installed with NRPE Server, server name is "Server2".
When I query NRPE from NRPE Client (Server1), i get this error message and log information.
sheenlim08@Server1:~$ /usr/lib/nagios/plugins/check_nrpe -H 192.168.36.144 -c check_load
CHECK_NRPE: Error - Could not connect to 192.168.36.144: Connection reset by peer
sheenlim08@Server1:~$ tail /var/log/syslog
Aug 8 09:04:21 Server1 systemd[1]: Started Session 1 of user sheenlim08.
Aug 8 09:04:21 Server1 systemd[1633]: Reached target Timers.
Aug 8 09:04:21 Server1 systemd[1633]: Reached target Sockets.
Aug 8 09:04:21 Server1 systemd[1633]: Reached target Paths.
Aug 8 09:04:21 Server1 systemd[1633]: Reached target Basic System.
Aug 8 09:04:21 Server1 systemd[1633]: Reached target Default.
Aug 8 09:04:21 Server1 systemd[1633]: Startup finished in 36ms.
Aug 8 09:04:21 Server1 systemd[1]: Started User Manager for UID 1000.
Aug 8 09:04:47 Server1 nagios3: HOST ALERT: H:PH-CDO-Server3;UP;SOFT;2;PING OK - Packet loss = 0%, RTA = 0.72 ms
Aug 8 09:06:05 Server1 check_nrpe: Error: Could not complete SSL handshake with 192.168.36.144: rc=-1 SSL-error=5
Below is the log information I get from the NRPE server side ("Server3" - The server to be monitored).
sheenlim08@Server3:~$ tail /var/log/syslog
Aug 8 09:04:39 Server3 systemd[1]: Time has been changed
Aug 8 09:04:39 Server3 systemd[1]: snapd.refresh.timer: Adding 3h 10min 20.187594s random time.
Aug 8 09:04:39 Server3 systemd[1]: snapd.refresh.timer: Adding 3h 23min 43.621384s random time.
Aug 8 09:04:39 Server3 systemd[1]: apt-daily.timer: Adding 11h 40min 3.650958s random time.
Aug 8 09:04:39 Server3 systemd[1]: motd-news.timer: Adding 9min 5.795450s random time.
Aug 8 09:04:39 Server3 systemd-timesyncd[597]: Synchronized to time server 91.189.89.198:123 (ntp.ubuntu.com).
Aug 8 09:06:05 Server3 nrpe[1578]: Error: Request packet version was invalid!
Aug 8 09:06:05 Server3 nrpe[1578]: Could not read request from client 192.168.36.137, bailing out...
Aug 8 09:06:25 Server3 nrpe[1585]: Error: Request packet version was invalid!
Aug 8 09:06:25 Server3 nrpe[1585]: Could not read request from client 192.168.36.137, bailing out...
When running the command "sheenlim08@Server1:~$ /usr/lib/nagios/plugins/check_nrpe -H 192.168.36.144 -c check_load" with option "-n", i do get good result, so SSL is not working which is used by default by nagios and is confirmed according to the syslog on the server running NRPE client. (see above)
I want the SSL to work, what are my requirement to make this feature work? I am open to using OpenSource SSL certificates if required from https://letsencrypt.org or any other opensource SSL certificates.
I recently started studying the Nagios Core Tool and so far I'm very impressed. I however is getting some issues with NRPE.
I have 2 Ubuntu 17 Servers.
1 installed with NAGIOS Core and NRPE client, server name is "Server1",
the other is installed with NRPE Server, server name is "Server2".
When I query NRPE from NRPE Client (Server1), i get this error message and log information.
sheenlim08@Server1:~$ /usr/lib/nagios/plugins/check_nrpe -H 192.168.36.144 -c check_load
CHECK_NRPE: Error - Could not connect to 192.168.36.144: Connection reset by peer
sheenlim08@Server1:~$ tail /var/log/syslog
Aug 8 09:04:21 Server1 systemd[1]: Started Session 1 of user sheenlim08.
Aug 8 09:04:21 Server1 systemd[1633]: Reached target Timers.
Aug 8 09:04:21 Server1 systemd[1633]: Reached target Sockets.
Aug 8 09:04:21 Server1 systemd[1633]: Reached target Paths.
Aug 8 09:04:21 Server1 systemd[1633]: Reached target Basic System.
Aug 8 09:04:21 Server1 systemd[1633]: Reached target Default.
Aug 8 09:04:21 Server1 systemd[1633]: Startup finished in 36ms.
Aug 8 09:04:21 Server1 systemd[1]: Started User Manager for UID 1000.
Aug 8 09:04:47 Server1 nagios3: HOST ALERT: H:PH-CDO-Server3;UP;SOFT;2;PING OK - Packet loss = 0%, RTA = 0.72 ms
Aug 8 09:06:05 Server1 check_nrpe: Error: Could not complete SSL handshake with 192.168.36.144: rc=-1 SSL-error=5
Below is the log information I get from the NRPE server side ("Server3" - The server to be monitored).
sheenlim08@Server3:~$ tail /var/log/syslog
Aug 8 09:04:39 Server3 systemd[1]: Time has been changed
Aug 8 09:04:39 Server3 systemd[1]: snapd.refresh.timer: Adding 3h 10min 20.187594s random time.
Aug 8 09:04:39 Server3 systemd[1]: snapd.refresh.timer: Adding 3h 23min 43.621384s random time.
Aug 8 09:04:39 Server3 systemd[1]: apt-daily.timer: Adding 11h 40min 3.650958s random time.
Aug 8 09:04:39 Server3 systemd[1]: motd-news.timer: Adding 9min 5.795450s random time.
Aug 8 09:04:39 Server3 systemd-timesyncd[597]: Synchronized to time server 91.189.89.198:123 (ntp.ubuntu.com).
Aug 8 09:06:05 Server3 nrpe[1578]: Error: Request packet version was invalid!
Aug 8 09:06:05 Server3 nrpe[1578]: Could not read request from client 192.168.36.137, bailing out...
Aug 8 09:06:25 Server3 nrpe[1585]: Error: Request packet version was invalid!
Aug 8 09:06:25 Server3 nrpe[1585]: Could not read request from client 192.168.36.137, bailing out...
When running the command "sheenlim08@Server1:~$ /usr/lib/nagios/plugins/check_nrpe -H 192.168.36.144 -c check_load" with option "-n", i do get good result, so SSL is not working which is used by default by nagios and is confirmed according to the syslog on the server running NRPE client. (see above)
I want the SSL to work, what are my requirement to make this feature work? I am open to using OpenSource SSL certificates if required from https://letsencrypt.org or any other opensource SSL certificates.