Which packages needed for nrpe w/ ssl connection to work properly?

Andreas Ericsson ae at op5.se
Wed Nov 3 10:26:01 CET 2004

Previous message: Which packages needed for nrpe w/ ssl connection to work properly?
Next message: NTP error "CRITICAL: Dispersion too high"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

nagiosmaillist.4.lgetschel at spamgourmet.com wrote:
> All-
>   I have a couple of RH9 Linux systems that have been "hardened" (had 
> packages removed that weren't needed).
> 
>   When I try to use nrpe  to connect to these, I get the notorious 
> "CHECK_NRPE: Error - Could not complete SSL handshake".
> However, based on the faq page, the 5 listed 'possibilities' don't seem 
> to apply (I'm using the same files on multiple systems (and ssl is 
> working on the others), The file permissions are the same, dev/random is 
> world readable, and "allow from=" is the same file from other systems)
> 
>   I noticed that when I manually run this command from my nagios server 
> to a working node [i.e. ./check_nrpe -H dva0048 -c check_load ]
> it works fine.
>   When I run the same command from the "hardened" system to ANY other 
> node (both working and non-working ones) I receive the "CHECK_NRPE: 
> Error - Could not complete SSL handshake." for every one.
> 
> This led me to think the hardening process removed some "library" that 
> would be needed.
> 
> In a previous posting I asked about packages needed to compile nrpe, and 
> the (correct) response of  "openssl and openssl-devel"  doesn't seem to 
> quite apply here. (trying to install the openssl-devel required 
> krb5-devel which required krb5-libs, and after all that the handshake 
> error was still there.)
> 

You need to recompile the nrpe daemon after having installed openssl and 
openssl-devel. You'll also have to make sure you're running the same 
version of NRPE on both client and host. nrpe protocol 1 doesn't support 
SSL, and also has a few other glitches when run against (for example) a 
64 bit architecture from a 32 bit one, and where the sizeof(int) differs.

> Can anyone suggest any other reasons for this error or what to try next?
> 

Copy the nrpe binary, configuration and plugins from a system where it's 
working. Try running the plugins manually before anything else, and try 
check_nrpe -H ip-address (without specifying a command) before trying to 
run any commands. If you get back "NRPE Version 2.0" you'll know 
communication is working from check_nrpe to nrpe.

-- 
Andreas Ericsson                   andreas.ericsson at op5.se
OP5 AB                             www.op5.se
Lead Developer


-------------------------------------------------------
This SF.Net email is sponsored by:
Sybase ASE Linux Express Edition - download now for FREE
LinuxWorld Reader's Choice Award Winner for best database on Linux.
http://ads.osdn.com/?ad_id=5588&alloc_id=12065&op=click
_______________________________________________
Nagios-users mailing list
Nagios-users at lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/nagios-users
::: Please include Nagios version, plugin version (-v) and OS when reporting any issue. 
::: Messages without supporting info will risk being sent to /dev/null

Previous message: Which packages needed for nrpe w/ ssl connection to work properly?
Next message: NTP error "CRITICAL: Dispersion too high"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

More information about the Users mailing list