CHECK_NRPE: Error - Could not complete SSL handshake
Andreas Ericsson
ae at op5.se
Wed Dec 1 00:56:40 CET 2004
Nathan Oyler wrote:
> Last message on the subject.
>
> The problem was, I wrote a perl script to add the ip address to the
> allowed hosts line, and added a space at the end.
>
> The script that takes that information in grab's *
>
> "int is_an_allowed_host(char *);"
>
> If you have an extra space, it won't work. I've changed my perl script
> to remove the space before the newline, and everything is fine.
>
> If I am correct in diagnosing the problem, I'd suggest that someone
> change that line to intelligently grab charcters ignoring whitespace.
It's done in the current version (which I promise to put up for download
as soon as I've removed the PKI code from it).
The intermediate fix would be
sed -i 's/[\t ]*$//' nrpe.conf
sed v4.0.9 or later is required for the -i switch. I believe 4.1.1 is
the first to not clobber the old file without mangling its
ownership/permission settings.
>
> Thanks for everyone's help, I really appreciate it.
>
>
>>-----Original Message-----
>>From: nagios-users-admin at lists.sourceforge.net [mailto:nagios-users-
>>admin at lists.sourceforge.net] On Behalf Of Andreas Ericsson
>>Sent: Tuesday, November 30, 2004 9:45 AM
>>To: Nagios-users at lists.sourceforge.net
>>Subject: Re: [Nagios-users] CHECK_NRPE: Error - Could not complete SSL
>>handshake
>>
>>Nathan Oyler wrote:
>>
>>>I've fixed the problem.
>>>
>>>I'm not exactly sure what the problem is, but I've fixed it.
>>>
>>>I did a google search for the error message and started reading
>
> through
>
>>>the code to see what happens when it gives out the error message I
>
> was
>
>>>getting.
>>>
>>>To change all of the nrpe.cfg's I wrote my first perl script which
>>>seemed quite successful. I can send that if you'd like.
>>>
>>>To fix the problem, I deleted all whitespace from the end of the
>>>allowed_hosts line and the next comment, then I added new
>
> whitespace.
>
>>>Now it works.
>>>
>>>I have no idea why it worked on one host and not another, as the
>
> edits
>
>>>were done on every box with the exact same perl script, and look
>
> exactly
>
>>>the same.
>>>
>>>But, if I redo the whitespace manually, it fixes it.
>>>
>>>If you'd like me to send the perl script, or one of these files that
>>>doesn't work, let me know.
>>>
>>
>>I'm interested in the files that doesn't work. Preferrably along with
>
> a
>
>>fixed version of the same file. The script won't do me any good
>
> though.
>
>>Thanks.
>>
>>
>>>Thanks.
>>>
>>>
>>>
>>>>-----Original Message-----
>>>>From: nagios-users-admin at lists.sourceforge.net [mailto:nagios-users-
>>>>admin at lists.sourceforge.net] On Behalf Of Nathan Oyler
>>>>Sent: Tuesday, November 30, 2004 9:07 AM
>>>>To: Andreas Ericsson; Nagios-users at lists.sourceforge.net
>>>>Subject: RE: [Nagios-users] CHECK_NRPE: Error - Could not complete
>
> SSL
>
>>>>handshake
>>>>
>>>>
>>>>Below.
>>>>
>>>>
>>>>
>>>>>Nathan Oyler wrote:
>>>>>
>>>>>
>>>>>>I've read the frequently asked questions, and I am still stumped.
>>>>>>
>>>>>>
>>>>>>
>>>>>>I have Nagios running perfectly fine on one machine. I've planned
>>>
>>>to
>>>
>>>
>>>>>>move Nagios off of that machine, so installed a clean install of
>>>>
>>>>Fedora
>>>>
>>>>
>>>>>>Core 3, and started going. Installed nagios 1.2 from source.
>>>>
>>>>Installed
>>>>
>>>>
>>>>>>plugins from source. Installed nrpe plugin from source.
>>>>>>
>>>>>>
>>>>>>
>>>>>>On most machines I receive the "Could not complete SSL handshake"
>>>>>>
>>>>>
>>>>>What does "ldd nrpe" say on your monitored systems? Unless they are
>>>>>linked with openssl you won't be able to monitor them with an
>>>>>ssl-enabled client. Try running the check_nrpe program with the
>
> "-n"
>
>>>>>flag to turn ssl off.
>>>>
>>>>[Nathan Oyler]
>>>>
>>>>The machine that works, and the machine that doesn't both give the
>>>
>>>exact
>>>
>>>
>>>>same links when running ldd nrpe.
>>>>
>>>>They are both linked with open ssl like
>>>>
>>>>" libssl.so.2 => /lib/libssl.so.2 (0x4001c000)"
>>>>
>>>>However, when running check_nrpe using -n, both fail but with
>>>
>>>different
>>>
>>>
>>>>error messages.
>>>>
>>>>A check from the currently stable and running Nagios on FC2 to a
>
> host
>
>>>>that fails on the new nagios.
>>>>
>>>>"sh-2.05b$ ./check_nrpe -n -H 7b1.dc
>>>>CHECK_NRPE: Error receiving data from daemon."
>>>>
>>>>A check from the currently stable and running Nagios to a host that
>>>>works on the new nagios.
>>>>
>>>>"sh-2.05b$ ./check_nrpe -n -H 7b2.dc
>>>>CHECK_NRPE: Error receiving data from daemon."
>>>>
>>>>A check from the machine failing with nrpe to a box that doesn't
>
> work
>
>>>>for it.
>>>>
>>>>"[root at triad8 plugins]# ./check_nrpe -n -H 7b1.dc
>>>>CHECK_NRPE: Received 0 bytes from daemon. Check the remote server
>>>
>>>logs
>>>
>>>
>>>>for error messages."
>>>>
>>>>Nov 30 09:00:06 7b1 nrpe[6390]: Error: Could not complete SSL
>>>
>>>handshake.
>>>
>>>
>>>>1
>>>>Nov 30 09:02:37 7b1 nrpe[6405]: Host 172.16.1.138 is not allowed to
>>>
>>>talk
>>>
>>>
>>>>to us!
>>>>Nov 30 09:03:25 7b1 nrpe[6407]: Host 172.16.1.138 is not allowed to
>>>
>>>talk
>>>
>>>
>>>>to us!
>>>>
>>>>
>>>>The Allowed hosts field in nrpe.cfg does include 172.16.1.138 on
>
> both
>
>>>>machines.
>>>>
>>>>
>>>>
>>>>
>>>>
>>>>
>>>>
>>>>
>>>>>>On a few machines, it works. These all work from the initial box I
>>>>
>>>>setup
>>>>
>>>>
>>>>>>Nagios with.
>>>>>>
>>>>>>
>>>>>>
>>>>>>I have added the IP address in allow on every nrpe instance, as
>>>
>>>well
>>>
>>>
>>>>as
>>>>
>>>>
>>>>>>restarted it. Some machines actually work, and display NRPEv2.0.
>>>>>>
>>>>>>
>>>>>>
>>>>>>Other machines on the same blade center do not work. They should
>>>
>>>be
>>>
>>>
>>>>the
>>>>
>>>>
>>>>>>exact same machines installed the exact same way. (Should being
>>>>>>operative, but through history files I cannot find any
>>>
>>>differences.
>>>
>>>
>>>>>>These boxes were loaded within the last 2 months, barely touched
>>>>
>>>>since.)
>>>>
>>>>
>>>>>>
>>>>>>If I run the nrpe check from the box that currently runs Nagios I
>>>>
>>>>get
>>>>
>>>>
>>>>>>NRPEv2.0
>>>>>>
>>>>>>
>>>>>>
>>>>>>Even on boxes that don't work from the new box.
>>>>>>
>>>>>>
>>>>>>
>>>>>>I have reinstalled Nagios from source. I've installed from RPM,
>>>
>>>I've
>>>
>>>
>>>>>>checked OPENSSL versions, which there is no pattern relevant to
>>>
>>>the
>>>
>>>
>>>>>>problem, and what version.
>>>>>>
>>>>>>
>>>>>>
>>>>>>I am completely stumped. I hate messaging the list with something
>>>>
>>>>that's
>>>>
>>>>
>>>>>>explained on the FAQ and am awaiting what obvious thing I've
>>>>
>>>>overlooked.
>>>>
>>>>
>>>>>>
>>>>>>
>>>>>>Thanks.
>>>>>>
>>>>>>
>>>>>
>>>>>--
>>>>>Andreas Ericsson andreas.ericsson at op5.se
>>>>>OP5 AB www.op5.se
>>>>>Lead Developer
>>>>>
>>>>>
>>>>>-------------------------------------------------------
>>>>>SF email is sponsored by - The IT Product Guide
>>>>>Read honest & candid reviews on hundreds of IT Products from real
>>>>
>>>>users.
>>>>
>>>>
>>>>>Discover which products truly live up to the hype. Start reading
>>>
>>>now.
>>>
>>>
>>>>>http://productguide.itmanagersjournal.com/
>>>>>_______________________________________________
>>>>>Nagios-users mailing list
>>>>>Nagios-users at lists.sourceforge.net
>>>>>https://lists.sourceforge.net/lists/listinfo/nagios-users
>>>>>::: Please include Nagios version, plugin version (-v) and OS when
>>>>>reporting any issue.
>>>>>::: Messages without supporting info will risk being sent to
>>>
>>>/dev/null
>>>
>>>
>>>>
>>>>
>>>>-------------------------------------------------------
>>>>SF email is sponsored by - The IT Product Guide
>>>>Read honest & candid reviews on hundreds of IT Products from real
>>>
>>>users.
>>>
>>>
>>>>Discover which products truly live up to the hype. Start reading
>
> now.
>
>>>>http://productguide.itmanagersjournal.com/
>>>>_______________________________________________
>>>>Nagios-users mailing list
>>>>Nagios-users at lists.sourceforge.net
>>>>https://lists.sourceforge.net/lists/listinfo/nagios-users
>>>>::: Please include Nagios version, plugin version (-v) and OS when
>>>>reporting any issue.
>>>>::: Messages without supporting info will risk being sent to
>
> /dev/null
>
>>>
>>>
>>>
>>>
>>>-------------------------------------------------------
>>>SF email is sponsored by - The IT Product Guide
>>>Read honest & candid reviews on hundreds of IT Products from real
>
> users.
>
>>>Discover which products truly live up to the hype. Start reading
>
> now.
>
>>>http://productguide.itmanagersjournal.com/
>>>_______________________________________________
>>>Nagios-users mailing list
>>>Nagios-users at lists.sourceforge.net
>>>https://lists.sourceforge.net/lists/listinfo/nagios-users
>>>::: Please include Nagios version, plugin version (-v) and OS when
>>
>>reporting any issue.
>>
>>>::: Messages without supporting info will risk being sent to
>
> /dev/null
>
>>--
>>Andreas Ericsson andreas.ericsson at op5.se
>>OP5 AB www.op5.se
>>Lead Developer
>>
>>
>>-------------------------------------------------------
>>SF email is sponsored by - The IT Product Guide
>>Read honest & candid reviews on hundreds of IT Products from real
>
> users.
>
>>Discover which products truly live up to the hype. Start reading now.
>>http://productguide.itmanagersjournal.com/
>>_______________________________________________
>>Nagios-users mailing list
>>Nagios-users at lists.sourceforge.net
>>https://lists.sourceforge.net/lists/listinfo/nagios-users
>>::: Please include Nagios version, plugin version (-v) and OS when
>>reporting any issue.
>>::: Messages without supporting info will risk being sent to /dev/null
>
>
>
>
--
Andreas Ericsson andreas.ericsson at op5.se
OP5 AB www.op5.se
Lead Developer
-------------------------------------------------------
SF email is sponsored by - The IT Product Guide
Read honest & candid reviews on hundreds of IT Products from real users.
Discover which products truly live up to the hype. Start reading now.
http://productguide.itmanagersjournal.com/
_______________________________________________
Nagios-users mailing list
Nagios-users at lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/nagios-users
::: Please include Nagios version, plugin version (-v) and OS when reporting any issue.
::: Messages without supporting info will risk being sent to /dev/null
More information about the Users
mailing list