CHECK_NRPE: Error - Could not complete SSL handshake

[Andreas Ericsson]

Nathan Oyler wrote:
> I've fixed the problem. 
> 
> I'm not exactly sure what the problem is, but I've fixed it.
> 
> I did a google search for the error message and started reading through
> the code to see what happens when it gives out the error message I was
> getting.
> 
> To change all of the nrpe.cfg's I wrote my first perl script which
> seemed quite successful. I can send that if you'd like.
> 
> To fix the problem, I deleted all whitespace from the end of the
> allowed_hosts line and the next comment, then I added new whitespace.
> 
> Now it works.
> 
> I have no idea why it worked on one host and not another, as the edits
> were done on every box with the exact same perl script, and look exactly
> the same.
> 
> But, if I redo the whitespace manually, it fixes it.
> 
> If you'd like me to send the perl script, or one of these files that
> doesn't work, let me know.
> 

I'm interested in the files that doesn't work. Preferrably along with a 
fixed version of the same file. The script won't do me any good though.
Thanks.

> Thanks.
> 
> 
>>-----Original Message-----
>>From: nagios-users-admin at lists.sourceforge.net [mailto:nagios-users-
>>admin at lists.sourceforge.net] On Behalf Of Nathan Oyler
>>Sent: Tuesday, November 30, 2004 9:07 AM
>>To: Andreas Ericsson; Nagios-users at lists.sourceforge.net
>>Subject: RE: [Nagios-users] CHECK_NRPE: Error - Could not complete SSL
>>handshake
>>
>>
>>Below.
>>
>>
>>>Nathan Oyler wrote:
>>>
>>>>I've read the frequently asked questions, and I am still stumped.
>>>>
>>>>
>>>>
>>>>I have Nagios running perfectly fine on one machine. I've planned
> 
> to
> 
>>>>move Nagios off of that machine, so installed a clean install of
>>
>>Fedora
>>
>>>>Core 3, and started going. Installed nagios 1.2 from source.
>>
>>Installed
>>
>>>>plugins from source. Installed nrpe plugin from source.
>>>>
>>>>
>>>>
>>>>On most machines I receive the "Could not complete SSL handshake"
>>>>
>>>
>>>What does "ldd nrpe" say on your monitored systems? Unless they are
>>>linked with openssl you won't be able to monitor them with an
>>>ssl-enabled client. Try running the check_nrpe program with the "-n"
>>>flag to turn ssl off.
>>
>>[Nathan Oyler]
>>
>>The machine that works, and the machine that doesn't both give the
> 
> exact
> 
>>same links when running ldd nrpe.
>>
>>They are both linked with open ssl like
>>
>>"        libssl.so.2 => /lib/libssl.so.2 (0x4001c000)"
>>
>>However, when running check_nrpe using -n, both fail but with
> 
> different
> 
>>error messages.
>>
>>A check from the currently stable and running Nagios on FC2 to a host
>>that fails on the new nagios.
>>
>>"sh-2.05b$ ./check_nrpe -n -H 7b1.dc
>>CHECK_NRPE: Error receiving data from daemon."
>>
>>A check from the currently stable and running Nagios to a host that
>>works on the new nagios.
>>
>>"sh-2.05b$ ./check_nrpe -n -H 7b2.dc
>>CHECK_NRPE: Error receiving data from daemon."
>>
>>A check from the machine failing with nrpe to a box that doesn't work
>>for it.
>>
>>"[root at triad8 plugins]# ./check_nrpe -n -H 7b1.dc
>>CHECK_NRPE: Received 0 bytes from daemon.  Check the remote server
> 
> logs
> 
>>for error messages."
>>
>>Nov 30 09:00:06 7b1 nrpe[6390]: Error: Could not complete SSL
> 
> handshake.
> 
>>1
>>Nov 30 09:02:37 7b1 nrpe[6405]: Host 172.16.1.138 is not allowed to
> 
> talk
> 
>>to us!
>>Nov 30 09:03:25 7b1 nrpe[6407]: Host 172.16.1.138 is not allowed to
> 
> talk
> 
>>to us!
>>
>>
>>The Allowed hosts field in nrpe.cfg does include 172.16.1.138 on both
>>machines.
>>
>>
>>
>>
>>
>>
>>
>>>>
>>>>On a few machines, it works. These all work from the initial box I
>>
>>setup
>>
>>>>Nagios with.
>>>>
>>>>
>>>>
>>>>I have added the IP address in allow on every nrpe instance, as
> 
> well
> 
>>as
>>
>>>>restarted it. Some machines actually work, and display NRPEv2.0.
>>>>
>>>>
>>>>
>>>>Other machines on the same blade center do not work.  They should
> 
> be
> 
>>the
>>
>>>>exact same machines installed the exact same way. (Should being
>>>>operative, but through history files I cannot find any
> 
> differences.
> 
>>>>These boxes were loaded within the last 2 months, barely touched
>>
>>since.)
>>
>>>>
>>>>
>>>>If I run the nrpe check from the box that currently runs Nagios I
>>
>>get
>>
>>>>NRPEv2.0
>>>>
>>>>
>>>>
>>>>Even on boxes that don't work from the new box.
>>>>
>>>>
>>>>
>>>>I have reinstalled Nagios from source. I've installed from RPM,
> 
> I've
> 
>>>>checked OPENSSL versions, which there is no pattern relevant to
> 
> the
> 
>>>>problem, and what version.
>>>>
>>>>
>>>>
>>>>I am completely stumped. I hate messaging the list with something
>>
>>that's
>>
>>>>explained on the FAQ and am awaiting what obvious thing I've
>>
>>overlooked.
>>
>>>>
>>>>
>>>>
>>>>Thanks.
>>>>
>>>>
>>>
>>>--
>>>Andreas Ericsson                   andreas.ericsson at op5.se
>>>OP5 AB                             www.op5.se
>>>Lead Developer
>>>
>>>
>>>-------------------------------------------------------
>>>SF email is sponsored by - The IT Product Guide
>>>Read honest & candid reviews on hundreds of IT Products from real
>>
>>users.
>>
>>>Discover which products truly live up to the hype. Start reading
> 
> now.
> 
>>>http://productguide.itmanagersjournal.com/
>>>_______________________________________________
>>>Nagios-users mailing list
>>>Nagios-users at lists.sourceforge.net
>>>https://lists.sourceforge.net/lists/listinfo/nagios-users
>>>::: Please include Nagios version, plugin version (-v) and OS when
>>>reporting any issue.
>>>::: Messages without supporting info will risk being sent to
> 
> /dev/null
> 
>>
>>
>>
>>-------------------------------------------------------
>>SF email is sponsored by - The IT Product Guide
>>Read honest & candid reviews on hundreds of IT Products from real
> 
> users.
> 
>>Discover which products truly live up to the hype. Start reading now.
>>http://productguide.itmanagersjournal.com/
>>_______________________________________________
>>Nagios-users mailing list
>>Nagios-users at lists.sourceforge.net
>>https://lists.sourceforge.net/lists/listinfo/nagios-users
>>::: Please include Nagios version, plugin version (-v) and OS when
>>reporting any issue.
>>::: Messages without supporting info will risk being sent to /dev/null
> 
> 
> 
> 
> 
> -------------------------------------------------------
> SF email is sponsored by - The IT Product Guide
> Read honest & candid reviews on hundreds of IT Products from real users.
> Discover which products truly live up to the hype. Start reading now. 
> http://productguide.itmanagersjournal.com/
> _______________________________________________
> Nagios-users mailing list
> Nagios-users at lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/nagios-users
> ::: Please include Nagios version, plugin version (-v) and OS when reporting any issue. 
> ::: Messages without supporting info will risk being sent to /dev/null
> 

-- 
Andreas Ericsson                   andreas.ericsson at op5.se
OP5 AB                             www.op5.se
Lead Developer


-------------------------------------------------------
SF email is sponsored by - The IT Product Guide
Read honest & candid reviews on hundreds of IT Products from real users.
Discover which products truly live up to the hype. Start reading now. 
http://productguide.itmanagersjournal.com/
_______________________________________________
Nagios-users mailing list
Nagios-users at lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/nagios-users
::: Please include Nagios version, plugin version (-v) and OS when reporting any issue. 
::: Messages without supporting info will risk being sent to /dev/null