"No Route to Host" error - ssh-key exchange issue even if plugin checks work?

Jonathan Wiggins jwiggins at salon.com
Thu Nov 11 02:36:23 CET 2010


On Nov 10, 2010, at 12:13 PM, Jonathan Wiggins wrote:

> I'm stuck troubleshooting an error message in the Service Status Details, where a monitored host  is being reported as "No Route to Host".
> 
> I can do remote plugin tests from the Nagios server to the monitored node without any problems, but referencing this page: http://www.troubleshootingwiki.org/Troubleshooting_Nagios_3.0  I see a paragraph about testing SSH key-exchange. 
> 
> Nagios Server = 10.0.100.130
> monitored node = 10.0.100.143
> 
> when I do an "ssh -vvvv 10.0.100.130" from the monitored node, it goes straight through, no login prompt. When the reverse is attempted: "ssh -vvvv 10.0.100.143" from Nagios box, I consistently get prompted for login. I was recommended to use DSA instead of RSA, but that made no difference. 
> 
> I've appended the contents of both id_rsa.pub and id_dsa.pub to the "authorized_keys" (and "known_hosts") files the exact same way to and from each box respectively.  Of course my tests on 2 test systems worked perfectly, but I'm missing something with this setup.
> 
> Additionally, if I do an NRPE check from Nagios > monitored node, it completes successfully.
> 
> /usr/local/nagios/libexec/check_tcp -H 10.0.100.143 -p 5666
> TCP OK - 0.000 second response time on port 5666|time=0.000361s;0.000000;0.000000;0.000000;10.000000
> 
> checking logs on monitored node:
> 
> grep nrpe  /var/log/messages
> 
> 
> /var/log/messages:Nov 10 12:01:26 monitorednode xinetd[5672]: START: nrpe pid=8607 from=10.0.100.130
> /var/log/messages:Nov 10 12:01:26 monitorednode nrpe[8607]: Error: Could not complete SSL handshake. 5 
> /var/log/messages:Nov 10 12:01:26 monitorednode xinetd[5672]: EXIT: nrpe status=0 pid=8607 duration=0(sec)
> /var/log/messages:Nov 10 12:03:29 monitorednode xinetd[5672]: START: nrpe pid=9220 from=10.0.100.130
> /var/log/messages:Nov 10 12:03:29 monitorednode nrpe[9220]: Error: Could not complete SSL handshake. 5 
> /var/log/messages:Nov 10 12:03:29 monitorednode xinetd[5672]: EXIT: nrpe status=0 pid=9220 duration=0(sec)
> 
> "Error could  not complete SSL handshake" seems to confirm my suspicions about the SSH key-exchange
> 
> 


Ok, i've solved the SSH key-exchange part of my problem (criss-crossed id_rsa.pub keys or something) - so I have that piece figured out. But the "No Route to Host" message is still visible in Service Host Details for my monitored node.

so.. am able to run the following against remote host:

/usr/local/nagios/libexec/check_tcp -H 10.0.100.143 -p 5666
TCP OK - 0.000 second response time on port 5666|time=0.000361s;0.000000;0.000000;0.000000;10.000000

and this:
ssh 10.0.100.143 /usr/local/nagios/libexec/check_procs 
PROCS OK: 603 processes

I see this in the messages files:

Nov  9 00:00:00 nagiosbox nagios: CURRENT SERVICE STATE: monitorednode;Home Page;CRITICAL;HARD;1;No route to host 
Nov 10 00:00:00 nagiosbox nagios: CURRENT HOST STATE: monitorednode;UP;HARD;1;PING OK - Packet loss = 0%, RTA = 0.21 ms 
Nov 10 00:00:00 nagiosbox nagios: CURRENT SERVICE STATE: monitorednode;Home Page;CRITICAL;HARD;1;No route to host

which looks like there is no packet loss on the PING to the host, but then it shows No Route To Host


Thanks again for the assistance.

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://www.monitoring-lists.org/archive/users/attachments/20101110/9b45c05c/attachment.html>
-------------- next part --------------
------------------------------------------------------------------------------
Centralized Desktop Delivery: Dell and VMware Reference Architecture
Simplifying enterprise desktop deployment and management using
Dell EqualLogic storage and VMware View: A highly scalable, end-to-end
client virtualization framework. Read more!
http://p.sf.net/sfu/dell-eql-dev2dev
-------------- next part --------------
_______________________________________________
Nagios-users mailing list
Nagios-users at lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/nagios-users
::: Please include Nagios version, plugin version (-v) and OS when reporting any issue. 
::: Messages without supporting info will risk being sent to /dev/null


More information about the Users mailing list