I.T. Security and Linux Administration

Apr 19 2012   2:11PM GMT

NRPE: Could not complete SSL handshake

Eric Hansen Eric Hansen Profile: Eric Hansen

In setting up a server to remotely monitor various other servers I run, I decided to go the route of NRPE instead of SNMP (which I have set up for Cacti).  However, even after installing the SSL libs on both machines and compiling NRPE, I discovered one problem: the monitoring server could not connect to the remote host via NRPE.  When logged into the remote server, which is running Ubuntu 11.10 (32-bit), I could run check_nrpe -H localhost and it display NRPE v2.12.  However, the monitoring server running Debian Squeeze (32-bit) would give me this error:

root@hq:/tmp/nrpe-2.13# /usr/local/nagios/libexec/check_nrpe -H <ip address>

CHECK_NRPE: Error – Could not complete SSL handshake.

I ensured the permissions for /usr/local/nagios/* was set correctly, both versions of NRPE were compiled with SSL, and that the IP address of the Debian machine was found in both ALLOWED_HOSTS in the nrpe.cfg file and only_from in the xinetd.d/nrpe file.  Everything looked in order, and still kept receiving this issue.  Then, I looked at the output of ps aux | grep nrpe, which showed that the NRPE process was using the wrong configuration file.  So what I needed to do on the Ubuntu server was edit the init script (which was made during the apt-get install nagios-nrpe-server step I did earlier).  These are the two lines I had to edit:
DAEMON=/etc/nagios/bin/nrpe
CONFIG=/etc/nagios/nrpe.cfg
Both of these had to point to /usr/local/nagios/libexec for DAEMON and /usr/local/nagios/etc for CONFIG.  I restarted nagios-nrpe-server on Ubuntu and then ran the check_nrpe command from Debian again, getting this:
root@hq:/tmp/nrpe-2.13# /usr/local/nagios/libexec/check_nrpe -H <ip>
NRPE v2.13
Everything is back to working order and NRPE is working just as planned.

 Comment on this Post

 
There was an error processing your information. Please try again later.
Thanks. We'll let you know when a new response is added.
Send me notifications when other members comment.

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy

Forgot Password

No problem! Submit your e-mail address below. We'll send you an e-mail containing your password.

Your password has been sent to: