Nagios Client - NRPE SSL handshake doesn


#1

hello all,

I am just trying to install Nrpe in my remote host linux but got stucked. The document I followed is this :
nagios.sourceforge.net/docs/nrpe/NRPE.pdf

But when i issue the test command like
abc# /usr/local/nagios/libexec/check_nrpe -H localhost
this returns me error like this :
CHECK_NRPE: Error - Could not complete SSL handshake.

I have verified in /etc/services and /etc/xinetd.d/nrpe files for the necessary checks. still no luck. How do i remove nrpe and nagios plugin in clinet completely and re-do it again ? can someone guide on this ?

Madal


#2

Hi,

this thread may (or not) help you:
meulie.net/portal_plugins/fo … .php?11851

note: someone is saying that you can’t test nrpe with the -H localhost (although I just tried and it seems to work)


#3

Hello Loose,

I tried to test from the nagios server but it still complains like this :

abc# /usr/local/nagios/libexec/check_nrpe -H 192.168.1.1
CHECK_NRPE: Error - Could not complete SSL handshake.

For testing purpose I turned off both client and server


#4

to check without ssl:
add the option “-n” in both command lines (client and server):

also, try to do a “ldd check_nrpe” and “ldd nrpe” on your servers; it will tell you which librairies both are using, and you might see some surprises (like missing libs :))


#5

okay when i complied the nrpe i get one error like this
checking for Kerberos include files… could not find include files

and by issuing command ldd check_nrpe output shows :
linux-gate.so.1 => (0x00674000)
libssl.so.6 => /lib/libssl.so.6 (0x078b8000)
libcrypto.so.6 => /lib/libcrypto.so.6 (0x00116000)
libnsl.so.1 => /lib/libnsl.so.1 (0x00ddf000)
libc.so.6 => /lib/libc.so.6 (0x00349000)
libgssapi_krb5.so.2 => /usr/lib/libgssapi_krb5.so.2 (0x002bb000)
libkrb5.so.3 => /usr/lib/libkrb5.so.3 (0x07823000)
libcom_err.so.2 => /lib/libcom_err.so.2 (0x0026f000)
libk5crypto.so.3 => /usr/lib/libk5crypto.so.3 (0x002eb000)
libresolv.so.2 => /lib/libresolv.so.2 (0x00101000)
libdl.so.2 => /lib/libdl.so.2 (0x004b7000)
libz.so.1 => /usr/lib/libz.so.1 (0x004d6000)
/lib/ld-linux.so.2 (0x0032b000)
libkrb5support.so.0 => /usr/lib/libkrb5support.so.0 (0x002b0000)
libkeyutils.so.1 => /lib/libkeyutils.so.1 (0x00313000)
libselinux.so.1 => /lib/libselinux.so.1 (0x00d7d000)
libsepol.so.1 => /lib/libsepol.so.1 (0x00d97000)

and issuing in server ldd nrpe i get this
ldd: ./nrpe: No such file or directory

am i issuing in server too ldd check_nrpe ??

using -n reports like this in clients and servers

test# /usr/local/nagios/libexec/check_nrpe -n -H 192.168.1.1
CHECK_NRPE: Error receiving data from daemon.

no luck yet

M


#6

Try to look in the remote host log files for any errors with nrpe and also in the monitor host.

I faced tons of problems with nrpe so i’m kinda expert now :smiley:

Did you check whether ssl version is the same ?


#7

how do i check which version of ssl i am using ?


#8

also, you can try to compile with the option “–disable-ssl” … it’s a bit harsh, but at least, you won’t have to bother with this :slight_smile:


#9

I re-complied the NRPE in both client and in server with --disable-ssl option and it does work. My worries is, is this really secure or recommended ?

Thanks

Madal