CHECK_NRPE: Error - Could not complete SSL handshake

Nathan Oyler noyler at khimetrics.com
Tue Nov 30 19:19:54 CET 2004
Previous message: CHECK_NRPE: Error - Could not complete SSL handshake
Next message: apache2 issues
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Last message on the subject.

The problem was, I wrote a perl script to add the ip address to the
allowed hosts line, and added a space at the end.

The script that takes that information in grab's *

"int is_an_allowed_host(char *);"

If you have an extra space, it won't work. I've changed my perl script
to remove the space before the newline, and everything is fine.

If I am correct in diagnosing the problem, I'd suggest that someone
change that line to intelligently grab charcters ignoring whitespace.

Thanks for everyone's help, I really appreciate it.

> -----Original Message-----
> From: nagios-users-admin at lists.sourceforge.net [mailto:nagios-users-
> admin at lists.sourceforge.net] On Behalf Of Andreas Ericsson
> Sent: Tuesday, November 30, 2004 9:45 AM
> To: Nagios-users at lists.sourceforge.net
> Subject: Re: [Nagios-users] CHECK_NRPE: Error - Could not complete SSL
> handshake
> 
> Nathan Oyler wrote:
> > I've fixed the problem.
> >
> > I'm not exactly sure what the problem is, but I've fixed it.
> >
> > I did a google search for the error message and started reading
through
> > the code to see what happens when it gives out the error message I
was
> > getting.
> >
> > To change all of the nrpe.cfg's I wrote my first perl script which
> > seemed quite successful. I can send that if you'd like.
> >
> > To fix the problem, I deleted all whitespace from the end of the
> > allowed_hosts line and the next comment, then I added new
whitespace.
> >
> > Now it works.
> >
> > I have no idea why it worked on one host and not another, as the
edits
> > were done on every box with the exact same perl script, and look
exactly
> > the same.
> >
> > But, if I redo the whitespace manually, it fixes it.
> >
> > If you'd like me to send the perl script, or one of these files that
> > doesn't work, let me know.
> >
> 
> I'm interested in the files that doesn't work. Preferrably along with
a
> fixed version of the same file. The script won't do me any good
though.
> Thanks.
> 
> > Thanks.
> >
> >
> >>-----Original Message-----
> >>From: nagios-users-admin at lists.sourceforge.net [mailto:nagios-users-
> >>admin at lists.sourceforge.net] On Behalf Of Nathan Oyler
> >>Sent: Tuesday, November 30, 2004 9:07 AM
> >>To: Andreas Ericsson; Nagios-users at lists.sourceforge.net
> >>Subject: RE: [Nagios-users] CHECK_NRPE: Error - Could not complete
SSL
> >>handshake
> >>
> >>
> >>Below.
> >>
> >>
> >>>Nathan Oyler wrote:
> >>>
> >>>>I've read the frequently asked questions, and I am still stumped.
> >>>>
> >>>>
> >>>>
> >>>>I have Nagios running perfectly fine on one machine. I've planned
> >
> > to
> >
> >>>>move Nagios off of that machine, so installed a clean install of
> >>
> >>Fedora
> >>
> >>>>Core 3, and started going. Installed nagios 1.2 from source.
> >>
> >>Installed
> >>
> >>>>plugins from source. Installed nrpe plugin from source.
> >>>>
> >>>>
> >>>>
> >>>>On most machines I receive the "Could not complete SSL handshake"
> >>>>
> >>>
> >>>What does "ldd nrpe" say on your monitored systems? Unless they are
> >>>linked with openssl you won't be able to monitor them with an
> >>>ssl-enabled client. Try running the check_nrpe program with the
"-n"
> >>>flag to turn ssl off.
> >>
> >>[Nathan Oyler]
> >>
> >>The machine that works, and the machine that doesn't both give the
> >
> > exact
> >
> >>same links when running ldd nrpe.
> >>
> >>They are both linked with open ssl like
> >>
> >>"        libssl.so.2 => /lib/libssl.so.2 (0x4001c000)"
> >>
> >>However, when running check_nrpe using -n, both fail but with
> >
> > different
> >
> >>error messages.
> >>
> >>A check from the currently stable and running Nagios on FC2 to a
host
> >>that fails on the new nagios.
> >>
> >>"sh-2.05b$ ./check_nrpe -n -H 7b1.dc
> >>CHECK_NRPE: Error receiving data from daemon."
> >>
> >>A check from the currently stable and running Nagios to a host that
> >>works on the new nagios.
> >>
> >>"sh-2.05b$ ./check_nrpe -n -H 7b2.dc
> >>CHECK_NRPE: Error receiving data from daemon."
> >>
> >>A check from the machine failing with nrpe to a box that doesn't
work
> >>for it.
> >>
> >>"[root at triad8 plugins]# ./check_nrpe -n -H 7b1.dc
> >>CHECK_NRPE: Received 0 bytes from daemon.  Check the remote server
> >
> > logs
> >
> >>for error messages."
> >>
> >>Nov 30 09:00:06 7b1 nrpe[6390]: Error: Could not complete SSL
> >
> > handshake.
> >
> >>1
> >>Nov 30 09:02:37 7b1 nrpe[6405]: Host 172.16.1.138 is not allowed to
> >
> > talk
> >
> >>to us!
> >>Nov 30 09:03:25 7b1 nrpe[6407]: Host 172.16.1.138 is not allowed to
> >
> > talk
> >
> >>to us!
> >>
> >>
> >>The Allowed hosts field in nrpe.cfg does include 172.16.1.138 on
both
> >>machines.
> >>
> >>
> >>
> >>
> >>
> >>
> >>
> >>>>
> >>>>On a few machines, it works. These all work from the initial box I
> >>
> >>setup
> >>
> >>>>Nagios with.
> >>>>
> >>>>
> >>>>
> >>>>I have added the IP address in allow on every nrpe instance, as
> >
> > well
> >
> >>as
> >>
> >>>>restarted it. Some machines actually work, and display NRPEv2.0.
> >>>>
> >>>>
> >>>>
> >>>>Other machines on the same blade center do not work.  They should
> >
> > be
> >
> >>the
> >>
> >>>>exact same machines installed the exact same way. (Should being
> >>>>operative, but through history files I cannot find any
> >
> > differences.
> >
> >>>>These boxes were loaded within the last 2 months, barely touched
> >>
> >>since.)
> >>
> >>>>
> >>>>
> >>>>If I run the nrpe check from the box that currently runs Nagios I
> >>
> >>get
> >>
> >>>>NRPEv2.0
> >>>>
> >>>>
> >>>>
> >>>>Even on boxes that don't work from the new box.
> >>>>
> >>>>
> >>>>
> >>>>I have reinstalled Nagios from source. I've installed from RPM,
> >
> > I've
> >
> >>>>checked OPENSSL versions, which there is no pattern relevant to
> >
> > the
> >
> >>>>problem, and what version.
> >>>>
> >>>>
> >>>>
> >>>>I am completely stumped. I hate messaging the list with something
> >>
> >>that's
> >>
> >>>>explained on the FAQ and am awaiting what obvious thing I've
> >>
> >>overlooked.
> >>
> >>>>
> >>>>
> >>>>
> >>>>Thanks.
> >>>>
> >>>>
> >>>
> >>>--
> >>>Andreas Ericsson                   andreas.ericsson at op5.se
> >>>OP5 AB                             www.op5.se
> >>>Lead Developer
> >>>
> >>>
> >>>-------------------------------------------------------
> >>>SF email is sponsored by - The IT Product Guide
> >>>Read honest & candid reviews on hundreds of IT Products from real
> >>
> >>users.
> >>
> >>>Discover which products truly live up to the hype. Start reading
> >
> > now.
> >
> >>>http://productguide.itmanagersjournal.com/
> >>>_______________________________________________
> >>>Nagios-users mailing list
> >>>Nagios-users at lists.sourceforge.net
> >>>https://lists.sourceforge.net/lists/listinfo/nagios-users
> >>>::: Please include Nagios version, plugin version (-v) and OS when
> >>>reporting any issue.
> >>>::: Messages without supporting info will risk being sent to
> >
> > /dev/null
> >
> >>
> >>
> >>
> >>-------------------------------------------------------
> >>SF email is sponsored by - The IT Product Guide
> >>Read honest & candid reviews on hundreds of IT Products from real
> >
> > users.
> >
> >>Discover which products truly live up to the hype. Start reading
now.
> >>http://productguide.itmanagersjournal.com/
> >>_______________________________________________
> >>Nagios-users mailing list
> >>Nagios-users at lists.sourceforge.net
> >>https://lists.sourceforge.net/lists/listinfo/nagios-users
> >>::: Please include Nagios version, plugin version (-v) and OS when
> >>reporting any issue.
> >>::: Messages without supporting info will risk being sent to
/dev/null
> >
> >
> >
> >
> >
> > -------------------------------------------------------
> > SF email is sponsored by - The IT Product Guide
> > Read honest & candid reviews on hundreds of IT Products from real
users.
> > Discover which products truly live up to the hype. Start reading
now.
> > http://productguide.itmanagersjournal.com/
> > _______________________________________________
> > Nagios-users mailing list
> > Nagios-users at lists.sourceforge.net
> > https://lists.sourceforge.net/lists/listinfo/nagios-users
> > ::: Please include Nagios version, plugin version (-v) and OS when
> reporting any issue.
> > ::: Messages without supporting info will risk being sent to
/dev/null
> >
> 
> --
> Andreas Ericsson                   andreas.ericsson at op5.se
> OP5 AB                             www.op5.se
> Lead Developer
> 
> 
> -------------------------------------------------------
> SF email is sponsored by - The IT Product Guide
> Read honest & candid reviews on hundreds of IT Products from real
users.
> Discover which products truly live up to the hype. Start reading now.
> http://productguide.itmanagersjournal.com/
> _______________________________________________
> Nagios-users mailing list
> Nagios-users at lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/nagios-users
> ::: Please include Nagios version, plugin version (-v) and OS when
> reporting any issue.
> ::: Messages without supporting info will risk being sent to /dev/null




-------------------------------------------------------
SF email is sponsored by - The IT Product Guide
Read honest & candid reviews on hundreds of IT Products from real users.
Discover which products truly live up to the hype. Start reading now. 
http://productguide.itmanagersjournal.com/
_______________________________________________
Nagios-users mailing list
Nagios-users at lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/nagios-users
::: Please include Nagios version, plugin version (-v) and OS when reporting any issue. 
::: Messages without supporting info will risk being sent to /dev/null
Previous message: CHECK_NRPE: Error - Could not complete SSL handshake
Next message: apache2 issues
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
More information about the Users mailing list