LinuxQuestions.org
Review your favorite Linux distribution.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Newbie
User Name
Password
Linux - Newbie This Linux forum is for members that are new to Linux.
Just starting out and have a question? If it is not in the man pages or the how-to's this is the place!

Notices


Reply
  Search this Thread
Old 10-28-2009, 06:34 AM   #1
TrotskyIcepick
LQ Newbie
 
Registered: Oct 2009
Posts: 2

Rep: Reputation: 0
NAGIOS: NRPE error : Could not complete SSL handshake


Hi All,

I have checked the previous post relating to this issue and it doesn't help at all

I had nrpe running under xinetd on a remote host and working fine accepting monitoring requests from my nagios server. Then, all of a sudden literally 5 minutes later it stopped working with the error : could not complete SSL handshake.

Nothing has been changed in the nrpe config, it simply stopped working. This has happened on 3 nrpe hosts at them same time for no apparent reason.

The following is logged when xinetd starts:

nrpe[11013]: INFO: SSL/TLS initialized. All network traffic will be encrypted

when I run ./check_nrpe -H localhost it gives the SSL error and logs:

xinetd[11058]: FAIL: nrpe address from=127.0.0.1

I get Connection closed by foreign host when I telnet to port 5666.

As I said, everything was working fine then boom it stopped working and nothing has been changed.

Any help would be greatly appreciated.

Thanks In Advance
Andrew Jones

Last edited by TrotskyIcepick; 10-28-2009 at 06:42 AM.
 
Old 10-29-2009, 07:37 AM   #2
MensaWater
LQ Guru
 
Registered: May 2005
Location: Atlanta Georgia USA
Distribution: Redhat (RHEL), CentOS, Fedora, CoreOS, Debian, FreeBSD, HP-UX, Solaris, SCO
Posts: 6,834
Blog Entries: 14

Rep: Reputation: 1081Reputation: 1081Reputation: 1081Reputation: 1081Reputation: 1081Reputation: 1081Reputation: 1081Reputation: 1081
For the check_nrpe to work on local host you'd have to insure you allowed 127.0.0.1 as a host in nrpe.cfg (not just the Nagios master's IP).

Also you might want to verify you don't have iptables blocking port 5666.
 
Old 11-02-2009, 03:46 AM   #3
TrotskyIcepick
LQ Newbie
 
Registered: Oct 2009
Posts: 2

Original Poster
Rep: Reputation: 0
Thanks for the response. I do have 127.0.0.1 allowed in nrpe.cfg (though surely this is irrelevant since nrpe is running under XINETD and this configuration is ignored??).

Iptables is not blocking port 5666.

This issue is not now particularly important as my monitoring server is able to issue commands to the nrpe daemon and works fine, the problem only occurs when running check commands locally.

Regards
Andrew Jones
 
Old 11-02-2009, 03:25 PM   #4
MensaWater
LQ Guru
 
Registered: May 2005
Location: Atlanta Georgia USA
Distribution: Redhat (RHEL), CentOS, Fedora, CoreOS, Debian, FreeBSD, HP-UX, Solaris, SCO
Posts: 6,834
Blog Entries: 14

Rep: Reputation: 1081Reputation: 1081Reputation: 1081Reputation: 1081Reputation: 1081Reputation: 1081Reputation: 1081Reputation: 1081
I haven't done the inetd/xinetd setup for nrpe. However, the main point of inetd/xinetd is simply to listen on the port you've configured. It has some security aspects as well but none of this would eliminate the nrpe.cfg which deals not only with the port to listen on but also which hosts are allowed to connect, which commands to access, which user to run as and other configuration things that would be outside the scope of inetd/xinetd.

That is to say I believe you still need a properly configured nrpe.cfg on that server.

Remember check_nrpe is checking the host you specify. The fact that it works on your remote (or even 10,000) remotes would not indicate that the nrpe.cfg on the local host is correct. Similarly the fact that it works on the local host would not let you know if nrpe.cfg on all or any of the remote hosts was correct. check_nrpe is a check program only and has no configuration of its own - it relies on the nrpe.cfg of the host you're contacting.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
Nagios/nrpe: SSL Issues Killbot_5000 Linux - Security 18 09-21-2010 05:27 PM
Nagios...NRPE and SSL communication...Must be a how to somewhere?? helptonewbie Linux - Newbie 4 05-14-2008 10:08 AM
could not complete SSL handshake - nagios kiruthika Linux - Software 2 07-10-2007 12:22 AM
SSL probelm during nagios nrpe installation kiruthika Linux - Newbie 0 07-09-2007 04:07 AM


All times are GMT -5. The time now is 05:32 PM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration