Apr 19 2012 2:11PM GMT
Posted by: Eric Hansen
, SSL handshake
In setting up a server to remotely monitor various other servers I run, I decided to go the route of NRPE instead of SNMP (which I have set up for Cacti). However, even after installing the SSL libs on both machines and compiling NRPE, I discovered one problem: the monitoring server could not connect to the remote host via NRPE. When logged into the remote server, which is running Ubuntu 11.10 (32-bit), I could run check_nrpe -H localhost and it display NRPE v2.12. However, the monitoring server running Debian Squeeze (32-bit) would give me this error:
root@hq:/tmp/nrpe-2.13# /usr/local/nagios/libexec/check_nrpe -H <ip address>
CHECK_NRPE: Error – Could not complete SSL handshake.
I ensured the permissions for /usr/local/nagios/* was set correctly, both versions of NRPE were compiled with SSL, and that the IP address of the Debian machine was found in both ALLOWED_HOSTS in the nrpe.cfg file and only_from in the xinetd.d/nrpe file. Everything looked in order, and still kept receiving this issue. Then, I looked at the output of ps aux | grep nrpe, which showed that the NRPE process was using the wrong configuration file. So what I needed to do on the Ubuntu server was edit the init script (which was made during the apt-get install nagios-nrpe-server step I did earlier). These are the two lines I had to edit:
Both of these had to point to /usr/local/nagios/libexec for DAEMON and /usr/local/nagios/etc for CONFIG. I restarted nagios-nrpe-server on Ubuntu and then ran the check_nrpe command from Debian again, getting this:
root@hq:/tmp/nrpe-2.13# /usr/local/nagios/libexec/check_nrpe -H <ip>
Everything is back to working order and NRPE is working just as planned.