NAGIOS: NRPE error : Could not complete SSL handshake
Linux - NewbieThis Linux forum is for members that are new to Linux.
Just starting out and have a question?
If it is not in the man pages or the how-to's this is the place!
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
NAGIOS: NRPE error : Could not complete SSL handshake
Hi All,
I have checked the previous post relating to this issue and it doesn't help at all
I had nrpe running under xinetd on a remote host and working fine accepting monitoring requests from my nagios server. Then, all of a sudden literally 5 minutes later it stopped working with the error : could not complete SSL handshake.
Nothing has been changed in the nrpe config, it simply stopped working. This has happened on 3 nrpe hosts at them same time for no apparent reason.
The following is logged when xinetd starts:
nrpe[11013]: INFO: SSL/TLS initialized. All network traffic will be encrypted
when I run ./check_nrpe -H localhost it gives the SSL error and logs:
xinetd[11058]: FAIL: nrpe address from=127.0.0.1
I get Connection closed by foreign host when I telnet to port 5666.
As I said, everything was working fine then boom it stopped working and nothing has been changed.
Any help would be greatly appreciated.
Thanks In Advance
Andrew Jones
Last edited by TrotskyIcepick; 10-28-2009 at 06:42 AM.
Thanks for the response. I do have 127.0.0.1 allowed in nrpe.cfg (though surely this is irrelevant since nrpe is running under XINETD and this configuration is ignored??).
Iptables is not blocking port 5666.
This issue is not now particularly important as my monitoring server is able to issue commands to the nrpe daemon and works fine, the problem only occurs when running check commands locally.
I haven't done the inetd/xinetd setup for nrpe. However, the main point of inetd/xinetd is simply to listen on the port you've configured. It has some security aspects as well but none of this would eliminate the nrpe.cfg which deals not only with the port to listen on but also which hosts are allowed to connect, which commands to access, which user to run as and other configuration things that would be outside the scope of inetd/xinetd.
That is to say I believe you still need a properly configured nrpe.cfg on that server.
Remember check_nrpe is checking the host you specify. The fact that it works on your remote (or even 10,000) remotes would not indicate that the nrpe.cfg on the local host is correct. Similarly the fact that it works on the local host would not let you know if nrpe.cfg on all or any of the remote hosts was correct. check_nrpe is a check program only and has no configuration of its own - it relies on the nrpe.cfg of the host you're contacting.
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.
