1

I'm standing up a new Nagios server, and I have run into a bit of a snag. Our existing server is running FreeBSD 11 w/ Nagios 4.3.4 and nrpe2. It can communicate w/ the nrpe2 daemons on our various servers (Ubuntu Xenial boxes, for the most part) as well as a few FreeBSD boxes running nrpe3. The new Nagios server, however, cannot talk to the nrpe2 clients (it can reach the nrpe3 clients). The error I get is:

CHECK_NRPE: (ssl_err != 5) Error - Could not complete SSL handshake with <insert_private_ip_here>: 1

I've tried adding in debug output on the client machines, but that's still the only error message I'm getting. From what I can see, nrpe3 and nrpe2 are supposed to be able to communicate, so my guess is this has something to do with different SSL/TLS versions and/or enabled ciphers, but I have been unable to find any documentation confirming that guess, or listing which ones I should enable to enable the two versions to communicate.

What is the actual problem here, and how do I fix it?

Hank Gay
  • 375
  • 3
  • 11

1 Answers1

1

Have you tried using the -2 argument in your check_nrpe command definition for these hosts?

-2, --v2-packets-only Only use version 2 packets, not version

I have separate check_nrpev2 command defined for older hosts, in file (Nagios 4!) /etc/nagios4/objects/commands.cfg:

define command{
        command_name    check_nrpe
        command_line    $USER1$/check_nrpe -H $HOSTADDRESS$ -c $ARG1$
        }

# use version 2 packets for older clients
define command{
        command_name    check_nrpev2
        command_line    $USER1$/check_nrpe -H $HOSTADDRESS$ -2 -c $ARG1$
        }
Paul
  • 3,037
  • 6
  • 27
  • 40
Roddie
  • 113
  • 6