[CentOS] Could not complete SSL handshake to Amazon EC2 host

Eric Lehmann e.lehmann88 at gmail.com
Fri May 1 09:46:28 UTC 2015 

This is strange...
Do you have SSL aktive on both systems? Run nrpr localy without parameters
(this should return some nrpe stats) and check ldd for libssl.
Am 01.05.2015 07:32 schrieb "Tim Dunphy" <bluethundr at gmail.com>:

> Hi Eric,
>
>  Thanks for your reply. I do have nrpe running under xinetd on the host I'm
> trying to monitor.
>
>  And running the nrpe checl locally:
>
> [root at ops:~] #/usr/local/nagios/libexec/check_nrpe -H localhost
> NRPE v2.15
>
> [root at ops:~] #grep only_from /etc/xinetd.d/nrpe
>         only_from       = 127.0.0.1 216.120.248.126
>
> And I do have port 5666 open on the security group for this host.
>
> And I made sure the local firewall was stopped, because I am blocking ports
> with the security groups instead.
>
> [root at ops:~] #service iptables status
> Firewall is stopped.
>
> It's only when checking from the monitoring host that nrpe fails:
>
> [root at monitor1:~] #/usr/local/nagios/libexec/check_nrpe -H
> ops.jokefire.com
> CHECK_NRPE: Error - Could not complete SSL handshake.
>
> Really, really puzzling. This is driving me up a wall!! I hopeI can solve
> this soon....
>
> Thanks for any and all help with this one!!
> Tim
>
> On Fri, May 1, 2015 at 1:02 AM, Eric Lehmann <e.lehmann88 at gmail.com>
> wrote:
>
> > Hi
> > Does the deamon run under xinetd? Then  you have to configure the
> only_from
> > in  */etc/**xinetd.d**/**nrpe* to.
> >
> > Regards
> > Eric
> > Am 01.05.2015 06:46 schrieb "Tim Dunphy" <bluethundr at gmail.com>:
> >
> > > Hello,
> > >
> > >  I am trying to monitor a host in the Amazon EC2 cloud.
> > >
> > > Yet when I try to check NRPE from the monitoring host I am getting an
> SSL
> > > handshake error:
> > >
> > > [root at monitor1:~] #/usr/local/nagios/libexec/check_nrpe -H
> > > ops.jokefire.com
> > > CHECK_NRPE: Error - Could not complete SSL handshake.
> > >
> > > And if I telnet into the host on port 5666 to see if the FW port is
> open,
> > > the connection closes right away:
> > >
> > > [root at monitor1:~] #telnet ops.somewhere.com 5666
> > > Trying 54.225.218.125...
> > > Connected to ops.somewhere.com.
> > > Escape character is '^]'.
> > > Connection closed by foreign host.
> > >
> > > You can see there it connects, but then it closes immediately after the
> > > connection.
> > >
> > >  I have NRPE running on the host I want to monitor:
> > >
> > > [root at ops:~] #lsof -i :5666
> > > COMMAND  PID USER   FD   TYPE DEVICE SIZE NODE NAME
> > > xinetd  1434 root    5u  IPv4   4063       TCP *:nrpe (LISTEN)
> > >
> > > And I have the IP of my nagios server listed in the xinetd conf file:
> > >
> > > [root at ops:~] #cat /etc/xinetd.d/nrpe
> > > # default: on
> > > # description: NRPE (Nagios Remote Plugin Executor)
> > > service nrpe
> > > {
> > >         flags           = REUSE
> > >         socket_type     = stream
> > >         port            = 5666
> > >         wait            = no
> > >         user            = nagios
> > >         group           = nagios
> > >         server          = /usr/local/nagios/bin/nrpe
> > >         server_args     = -c /usr/local/nagios/etc/nrpe.cfg --inetd
> > >         log_on_failure  += USERID
> > >         disable         = no
> > >         only_from       = 127.0.0.1 xx.xx.xx.xx   # <- representing my
> > real
> > > nagios server IP
> > > }
> > >
> > >
> > >
> > > And I have my default security group for that host open on port 5666 to
> > the
> > > world for this experiment.  I plan on locking that down again to the
> > single
> > > IP of my monitoring host once I get this resolved.
> > >
> > > Does anyone have any suggestions on how I can get that problem solved?
> > >
> > > Thanks,
> > > Tim
> > >
> > > --
> > > GPG me!!
> > >
> > > gpg --keyserver pool.sks-keyservers.net --recv-keys F186197B
> > > _______________________________________________
> > > CentOS mailing list
> > > CentOS at centos.org
> > > http://lists.centos.org/mailman/listinfo/centos
> > >
> > _______________________________________________
> > CentOS mailing list
> > CentOS at centos.org
> > http://lists.centos.org/mailman/listinfo/centos
> >
>
>
>
> --
> GPG me!!
>
> gpg --keyserver pool.sks-keyservers.net --recv-keys F186197B
> _______________________________________________
> CentOS mailing list
> CentOS at centos.org
> http://lists.centos.org/mailman/listinfo/centos
>

More information about the CentOS mailing list