-3

I have configured the nagios master server and nagios client servers, still after lot of debugging i couldn't achieve the communication btwn these two :( i am getting this generic error CHECK_NRPE: Error - Could not complete SSL handshake.

So i have a doubt on this check_nrpe plugin is it using the ssh in its back end to communicate?? or if this is not then does it use port 443 which of SSL to communicate. Someone please help me to understand this :)

MadHatter
  • 79,770
  • 20
  • 184
  • 232
Nishanth
  • 83
  • 3
  • 8
  • possible duplicate of [CHECK\_NRPE: Error - Could not complete SSL handshake](http://serverfault.com/questions/502902/check-nrpe-error-could-not-complete-ssl-handshake) – Keith Jun 22 '15 at 20:04

1 Answers1

1

By default, the NRPE daemon listens on TCP port 5666, whether it's configured to do SSL or not.

The usual causes of the error message you're getting are a firewall blocking TCP/5666, the NAGIOS server not being listed in the NRPE daemon's allowed_hosts, or a mismatch between the SSL expectations of the two ends of the connection.

MadHatter
  • 79,770
  • 20
  • 184
  • 232
  • thank you :) so when i do a telnet on 5666 it is connecting, the allowed host entry on nagios client server is perfect. any other common issues are there for this error? – Nishanth Jun 22 '15 at 10:14
  • The SSL expectation mismatch; check that the `-n` flag is being used by both `nrpe` and `check_nrpe`, or by neither; if only one is using it, that won't work. – MadHatter Jun 22 '15 at 10:15
  • sorry i am not sure how to check this can you please guide me out? – Nishanth Jun 22 '15 at 10:18
  • You can use `ps` to find out what flags a process is running with. The `check_nrpe` config will be in the NAGIOS config files. – MadHatter Jun 22 '15 at 10:19
  • yes thanks for your suggestion using ps command, i could able to confirm both nrpe and check_nrpe doesn't use -n flag. – Nishanth Jun 22 '15 at 10:26
  • Then one of them must have SSL compiled in as a default, while the other doesn't. Try adding `-n` to both. – MadHatter Jun 22 '15 at 10:29
  • Added -n flag on both nrpe and check_nrpe now the below error comes CHECK_NRPE: Error receiving data from daemon. – Nishanth Jun 22 '15 at 10:44
  • Now check that what plugin the daemon is configured to run, it can run, as the user the `nrpe` daemon is running as. Another good confirmation at this point is to run `check_nrpe -H a.b.c.d` from the NAGIOS server - ie, connect to the relevant client, but without specifying any check. The daemon should respond with its version number, which confirms that end-to-end connectivity is good. – MadHatter Jun 22 '15 at 10:55
  • Its the same error [root@~]# /usr/local/nagios/libexec/check_nrpe -n -H 10.101.180.51 CHECK_NRPE: Error receiving data from daemon. [root@~]# – Nishanth Jun 22 '15 at 11:00
  • I'm sorry, but his question's mutating. You asked about what port nrpe ran on, and how to switch SSL on and off, and I've answered that. Now it's turning into a "*get my nrpe running for me*", and that's not what Server Fault is for. I've put this question back to what it was; please consider accepting my answer, and do some more research and testing on your own - there are other questions on SF that feature the error message you're getting - and perhaps write a new question if you find that you need to. – MadHatter Jun 22 '15 at 11:36