[CentOS] Could not complete SSL handshake to Amazon EC2 host

Fri May 1 05:02:44 UTC 2015
Eric Lehmann <e.lehmann88 at gmail.com>

Hi
Does the deamon run under xinetd? Then  you have to configure the only_from
in  */etc/**xinetd.d**/**nrpe* to.

Regards
Eric
Am 01.05.2015 06:46 schrieb "Tim Dunphy" <bluethundr at gmail.com>:

> Hello,
>
>  I am trying to monitor a host in the Amazon EC2 cloud.
>
> Yet when I try to check NRPE from the monitoring host I am getting an SSL
> handshake error:
>
> [root at monitor1:~] #/usr/local/nagios/libexec/check_nrpe -H
> ops.jokefire.com
> CHECK_NRPE: Error - Could not complete SSL handshake.
>
> And if I telnet into the host on port 5666 to see if the FW port is open,
> the connection closes right away:
>
> [root at monitor1:~] #telnet ops.somewhere.com 5666
> Trying 54.225.218.125...
> Connected to ops.somewhere.com.
> Escape character is '^]'.
> Connection closed by foreign host.
>
> You can see there it connects, but then it closes immediately after the
> connection.
>
>  I have NRPE running on the host I want to monitor:
>
> [root at ops:~] #lsof -i :5666
> COMMAND  PID USER   FD   TYPE DEVICE SIZE NODE NAME
> xinetd  1434 root    5u  IPv4   4063       TCP *:nrpe (LISTEN)
>
> And I have the IP of my nagios server listed in the xinetd conf file:
>
> [root at ops:~] #cat /etc/xinetd.d/nrpe
> # default: on
> # description: NRPE (Nagios Remote Plugin Executor)
> service nrpe
> {
>         flags           = REUSE
>         socket_type     = stream
>         port            = 5666
>         wait            = no
>         user            = nagios
>         group           = nagios
>         server          = /usr/local/nagios/bin/nrpe
>         server_args     = -c /usr/local/nagios/etc/nrpe.cfg --inetd
>         log_on_failure  += USERID
>         disable         = no
>         only_from       = 127.0.0.1 xx.xx.xx.xx   # <- representing my real
> nagios server IP
> }
>
>
>
> And I have my default security group for that host open on port 5666 to the
> world for this experiment.  I plan on locking that down again to the single
> IP of my monitoring host once I get this resolved.
>
> Does anyone have any suggestions on how I can get that problem solved?
>
> Thanks,
> Tim
>
> --
> GPG me!!
>
> gpg --keyserver pool.sks-keyservers.net --recv-keys F186197B
> _______________________________________________
> CentOS mailing list
> CentOS at centos.org
> http://lists.centos.org/mailman/listinfo/centos
>