Page 1 of 1
NRPE - SSL handshare (xinetd + nrpe)
Posted: Fri Aug 31, 2012 2:15 pm
by inventsekar
Hi,
Installed Nagios Core on ubuntu 12.04. the verification was well, nagios service is running fine. Remote host was AWS Amazon Linux machine, nagios plugin, nrpe installation went well.
locally check_nrpe -H localhost is good on both core and remote servers.
netstat -at | grep nrpe is good.
but, from nagios core server when i check check_nrpe -H <remote host ip> i get ssl handshake issue.
searched on google for hours, but no luck.
i feel all is well on the nagios core side. just something was wrong on the remote host side. now i would like to remove the nagios plugin, nrpe and all from the remote host and try re-installing. please suggest if anything else needs to be done other than nrpe.pdf from nagios website.
Re: NRPE - SSL handshare (xinetd + nrpe)
Posted: Mon Sep 03, 2012 6:25 pm
by jsmurphy
The answers you seek will be in /var/log/messages on the remote host... it will tell you exactly why it's failing.
If I had to take a wild stab in the dark without the exact error message, I would say that NRPE on the remote host was compiled without open-ssl installed or with SSL disabled on compile.
As a work around that doesn't require reinstalling the agent, on the Nagios server try running the check with the -n switch(check_nrpe -H <host ip> -n), which will tell it to run the command with SSL disabled. This will however transmit the command in plain text which is all kinds of bad if security is a concern.
Re: NRPE - SSL handshare (xinetd + nrpe)
Posted: Mon Sep 03, 2012 6:44 pm
by inventsekar
Hi,
thanks a lot for your reply...this installation gave me really a difficult time...i was trying some steps again and again and now, the output is:
root@nagios-core:~# /usr/local/nagios/libexec/check_nrpe -H remote_host_ip -n
CHECK_NRPE: Error receiving data from daemon.
root@nagios-core:~# /usr/local/nagios/libexec/check_nrpe -H remote_host_ip
CHECK_NRPE: Error - Could not complete SSL handshake.
root@nagios-core:~#
Re: NRPE - SSL handshare (xinetd + nrpe)
Posted: Tue Sep 04, 2012 2:33 pm
by eng_m_g
inventsekar wrote:Hi,
thanks a lot for your reply...this installation gave me really a difficult time...i was trying some steps again and again and now, the output is:
root@nagios-core:~# /usr/local/nagios/libexec/check_nrpe -H remote_host_ip -n
CHECK_NRPE: Error receiving data from daemon.
root@nagios-core:~# /usr/local/nagios/libexec/check_nrpe -H remote_host_ip
CHECK_NRPE: Error - Could not complete SSL handshake.
root@nagios-core:~#
Dear inventsekar,
your problem was so easy , so don't worry about it
if u installed NRPE under xinetd(as per the online documentation) so u forgot to add the ip of monitoring server in ur nrpe machine as :
Edit the /etc/xinetd.d/nrpe file and add the IP address of the monitoring server to the
only_from directive. only_from = 127.0.0.1 <nagios_ip_address>
Add the following entry for the NRPE daemon to the /etc/services file.
nrpe 5666/tcp # NRPE
service xinetd restart
Re: NRPE - SSL handshare (xinetd + nrpe)
Posted: Tue Sep 04, 2012 4:57 pm
by jsmurphy
I dare say eng_m_g is spot on here, you have two different problems using the -n flag will solve the first one and adding the IP address of your Nagios server to the allowed hosts should solve your other one