Nagios Support Forum

Hello, I am in the process of upgrading us to Ubuntu 20. However since we still have some servers that are Ubuntu 14 with monitoring on them, but the new upgraded server gets the following error on them.

CHECK_NRPE: Receive header underflow - only -1 bytes received (4 expected).

This is after disabling SSL.

check_nrpe -H $HOSTADDRESS$ -t 30 -2 -n -c $ARG1$ $ARG2$


Moderator's Note: The profile has been shared with the support team but has been removed from the public forum.

Hi,

If you compile the NRPE agent with SSL, then you would see the error. What error are you seeing when you run the same command without the -n option?

To test, please run the full check command from the command line and post the whole output to the thread. For details on the process, please review the instructions in the article below.

Nagios XI - How To Test Check Commands From The Command-line

Also, did you re-compile the agent on the remote host? If so did you enabled command arguments when doing so?

Regards,
Benajmin

Here is the output without -n

root@srvnagp03:/usr/local/nagios/libexec# ./check_nrpe -H wthjwp01 -t 30 -2 -c check_procs -a '-c 10:50 -a delayed'
CHECK_NRPE: (ssl_err != 5) Error - Could not complete SSL handshake with 172.31.57.89: 1

Hi @dietdrpepper,

Perfect, thank you. So the likely cause of that error is a change in IP address of the XI server. Please check the nrpe.cfg settings on the remote Ubuntu systems to make sure the allowed host option is set correctly.

In most cases, that file is in the following location. However, it can vary depending on how the NRPE agent was installed. The following article has detailed instructions for updating the setting.

NRPE - CHECK_NRPE: Error - Could Not Complete SSL Handshake

After making the change, be sure to re-start NRPE (and verify that it's running) and then test again from the CLI in Nagiso XI as before. Let me know if that takes care of the issue, please post any error output if it fails.

--Benjamin

I've double checked and even added the new nagios server IP address to /usr/local/nagios/etc/nrpe.cfg even though in the comments it states that this file is ignored if running undere inetd or xinetd, which we run it under xinetd.
Remote server is Ubuntu 16.

Restarted xinetd on that server and tried to do the normal command along with a couple of others:

root@srvnagp03:~# cd /usr/local/nagios/libexec/
root@srvnagp03:/usr/local/nagios/libexec# ./check_nrpe -H wthjwp01 -t 30 -2 -c check_procs -a '-c 10:50 -a delayed'
CHECK_NRPE: (ssl_err != 5) Error - Could not complete SSL handshake with 172.31.57.89: 1
root@srvnagp03:/usr/local/nagios/libexec# ./check_nrpe -H wthjwp01 -t 30 -2 -c check_procs
CHECK_NRPE: (ssl_err != 5) Error - Could not complete SSL handshake with 172.31.57.89: 1
root@srvnagp03:/usr/local/nagios/libexec# ./check_nrpe -H wthjwp01 -t 30 -2 -n -c check_procs
CHECK_NRPE: Receive header underflow - only -1 bytes received (4 expected).
root@srvnagp03:/usr/local/nagios/libexec# ./check_nrpe -H wthjwp01 -t 30 -2 -c check_procs -a '-c 10:50 -a delayed'
CHECK_NRPE: (ssl_err != 5) Error - Could not complete SSL handshake with 172.31.57.89: 1
root@srvnagp03:/usr/local/nagios/libexec#

Please run this command from the XI server command line and send the full output:
Check the remote system's /var/log/syslog as well to see if you see any related messages.

mrostscw@srvnagp03:~$ /usr/local/nagios/libexec/check_nrpe -H wthjwp01 -s-1; tail -n50 /var/log/syslog
CHECK_NRPE: (ssl_err != 5) Error - Could not complete SSL handshake with xxx.xx.xx.xx: 1
May 20 18:08:31 srvnagp03 multipathd[723]: sda: add missing path
May 20 18:08:31 srvnagp03 multipathd[723]: sda: failed to get udev uid: Invalid argument
May 20 18:08:31 srvnagp03 multipathd[723]: sda: failed to get sysfs uid: Invalid argument
May 20 18:08:31 srvnagp03 multipathd[723]: sda: failed to get sgio uid: No such file or directory
May 20 18:08:36 srvnagp03 multipathd[723]: sda: add missing path
May 20 18:08:36 srvnagp03 multipathd[723]: sda: failed to get udev uid: Invalid argument
May 20 18:08:36 srvnagp03 multipathd[723]: sda: failed to get sysfs uid: Invalid argument
May 20 18:08:36 srvnagp03 multipathd[723]: sda: failed to get sgio uid: No such file or directory
May 20 18:08:41 srvnagp03 multipathd[723]: sda: add missing path
May 20 18:08:41 srvnagp03 multipathd[723]: sda: failed to get udev uid: Invalid argument
May 20 18:08:41 srvnagp03 multipathd[723]: sda: failed to get sysfs uid: Invalid argument
May 20 18:08:41 srvnagp03 multipathd[723]: sda: failed to get sgio uid: No such file or directory
May 20 18:08:46 srvnagp03 multipathd[723]: sda: add missing path
May 20 18:08:46 srvnagp03 multipathd[723]: sda: failed to get udev uid: Invalid argument
May 20 18:08:46 srvnagp03 multipathd[723]: sda: failed to get sysfs uid: Invalid argument
May 20 18:08:46 srvnagp03 multipathd[723]: sda: failed to get sgio uid: No such file or directory
May 20 18:08:47 srvnagp03 systemd[1]: Created slice User Slice of UID 1000.
May 20 18:08:47 srvnagp03 systemd[1]: Starting User Runtime Directory /run/user/1000...
May 20 18:08:47 srvnagp03 systemd[1]: Finished User Runtime Directory /run/user/1000.
May 20 18:08:47 srvnagp03 systemd[1]: Starting User Manager for UID 1000...
May 20 18:08:47 srvnagp03 systemd[1367829]: Reached target Paths.
May 20 18:08:47 srvnagp03 systemd[1367829]: Reached target Timers.
May 20 18:08:47 srvnagp03 systemd[1367829]: Starting D-Bus User Message Bus Socket.
May 20 18:08:47 srvnagp03 systemd[1367829]: Listening on GnuPG network certificate management daemon.
May 20 18:08:47 srvnagp03 systemd[1367829]: Listening on GnuPG cryptographic agent and passphrase cache (access for web browsers).
May 20 18:08:47 srvnagp03 systemd[1367829]: Listening on GnuPG cryptographic agent and passphrase cache (restricted).
May 20 18:08:47 srvnagp03 systemd[1367829]: Listening on GnuPG cryptographic agent (ssh-agent emulation).
May 20 18:08:47 srvnagp03 systemd[1367829]: Listening on GnuPG cryptographic agent and passphrase cache.
May 20 18:08:47 srvnagp03 systemd[1367829]: Listening on debconf communication socket.
May 20 18:08:47 srvnagp03 systemd[1367829]: Listening on REST API socket for snapd user session agent.
May 20 18:08:47 srvnagp03 systemd[1367829]: Listening on D-Bus User Message Bus Socket.
May 20 18:08:47 srvnagp03 systemd[1367829]: Reached target Sockets.
May 20 18:08:47 srvnagp03 systemd[1367829]: Reached target Basic System.
May 20 18:08:47 srvnagp03 systemd[1367829]: Reached target Main User Target.
May 20 18:08:47 srvnagp03 systemd[1]: Started User Manager for UID 1000.
May 20 18:08:47 srvnagp03 systemd[1367829]: Startup finished in 94ms.
May 20 18:08:47 srvnagp03 systemd[1]: Started Session 51767 of user mrostscw.
May 20 18:08:51 srvnagp03 multipathd[723]: sda: add missing path
May 20 18:08:51 srvnagp03 multipathd[723]: sda: failed to get udev uid: Invalid argument
May 20 18:08:51 srvnagp03 multipathd[723]: sda: failed to get sysfs uid: Invalid argument
May 20 18:08:51 srvnagp03 multipathd[723]: sda: failed to get sgio uid: No such file or directory
May 20 18:08:54 srvnagp03 check_nrpe: SSL Certificate File: None
May 20 18:08:54 srvnagp03 check_nrpe: SSL Private Key File: None
May 20 18:08:54 srvnagp03 check_nrpe: SSL CA Certificate File: None
May 20 18:08:54 srvnagp03 check_nrpe: SSL Cipher List: ALL:!MD5:@STRENGTH:@SECLEVEL=0
May 20 18:08:54 srvnagp03 check_nrpe: SSL Allow ADH: 1
May 20 18:08:54 srvnagp03 check_nrpe: SSL Log Options: 0xffffffff
May 20 18:08:54 srvnagp03 check_nrpe: SSL Version: TLSv1_plus And Above
May 20 18:08:54 srvnagp03 check_nrpe: Connected to 172.31.57.89
May 20 18:08:54 srvnagp03 check_nrpe: Error: (ERR_get_error_line_data = 337260938), Could not complete SSL handshake with xxx.xx.xx.xx: dh key too small

This is the reason it's failing:

May 20 18:08:54 xxxx check_nrpe: Error: (ERR_get_error_line_data = 337260938), Could not complete SSL handshake with X,X.57.89: dh key too small

You'll either need to lower the security on Ubuntu 20 system (not recommended) to allow it:

https://askubuntu.com/questions/1233186 ... rity-level

Or upgrade the NRPE agent on the remote system to the latest.