[CentOS] Could not complete SSL handshake to Amazon EC2 host

Fri May 1 05:32:28 UTC 2015
Tim Dunphy <bluethundr at gmail.com>

Hi Eric,

 Thanks for your reply. I do have nrpe running under xinetd on the host I'm
trying to monitor.

 And running the nrpe checl locally:

[root at ops:~] #/usr/local/nagios/libexec/check_nrpe -H localhost
NRPE v2.15

[root at ops:~] #grep only_from /etc/xinetd.d/nrpe
        only_from       = 127.0.0.1 216.120.248.126

And I do have port 5666 open on the security group for this host.

And I made sure the local firewall was stopped, because I am blocking ports
with the security groups instead.

[root at ops:~] #service iptables status
Firewall is stopped.

It's only when checking from the monitoring host that nrpe fails:

[root at monitor1:~] #/usr/local/nagios/libexec/check_nrpe -H ops.jokefire.com
CHECK_NRPE: Error - Could not complete SSL handshake.

Really, really puzzling. This is driving me up a wall!! I hopeI can solve
this soon....

Thanks for any and all help with this one!!
Tim

On Fri, May 1, 2015 at 1:02 AM, Eric Lehmann <e.lehmann88 at gmail.com> wrote:

> Hi
> Does the deamon run under xinetd? Then  you have to configure the only_from
> in  */etc/**xinetd.d**/**nrpe* to.
>
> Regards
> Eric
> Am 01.05.2015 06:46 schrieb "Tim Dunphy" <bluethundr at gmail.com>:
>
> > Hello,
> >
> >  I am trying to monitor a host in the Amazon EC2 cloud.
> >
> > Yet when I try to check NRPE from the monitoring host I am getting an SSL
> > handshake error:
> >
> > [root at monitor1:~] #/usr/local/nagios/libexec/check_nrpe -H
> > ops.jokefire.com
> > CHECK_NRPE: Error - Could not complete SSL handshake.
> >
> > And if I telnet into the host on port 5666 to see if the FW port is open,
> > the connection closes right away:
> >
> > [root at monitor1:~] #telnet ops.somewhere.com 5666
> > Trying 54.225.218.125...
> > Connected to ops.somewhere.com.
> > Escape character is '^]'.
> > Connection closed by foreign host.
> >
> > You can see there it connects, but then it closes immediately after the
> > connection.
> >
> >  I have NRPE running on the host I want to monitor:
> >
> > [root at ops:~] #lsof -i :5666
> > COMMAND  PID USER   FD   TYPE DEVICE SIZE NODE NAME
> > xinetd  1434 root    5u  IPv4   4063       TCP *:nrpe (LISTEN)
> >
> > And I have the IP of my nagios server listed in the xinetd conf file:
> >
> > [root at ops:~] #cat /etc/xinetd.d/nrpe
> > # default: on
> > # description: NRPE (Nagios Remote Plugin Executor)
> > service nrpe
> > {
> >         flags           = REUSE
> >         socket_type     = stream
> >         port            = 5666
> >         wait            = no
> >         user            = nagios
> >         group           = nagios
> >         server          = /usr/local/nagios/bin/nrpe
> >         server_args     = -c /usr/local/nagios/etc/nrpe.cfg --inetd
> >         log_on_failure  += USERID
> >         disable         = no
> >         only_from       = 127.0.0.1 xx.xx.xx.xx   # <- representing my
> real
> > nagios server IP
> > }
> >
> >
> >
> > And I have my default security group for that host open on port 5666 to
> the
> > world for this experiment.  I plan on locking that down again to the
> single
> > IP of my monitoring host once I get this resolved.
> >
> > Does anyone have any suggestions on how I can get that problem solved?
> >
> > Thanks,
> > Tim
> >
> > --
> > GPG me!!
> >
> > gpg --keyserver pool.sks-keyservers.net --recv-keys F186197B
> > _______________________________________________
> > CentOS mailing list
> > CentOS at centos.org
> > http://lists.centos.org/mailman/listinfo/centos
> >
> _______________________________________________
> CentOS mailing list
> CentOS at centos.org
> http://lists.centos.org/mailman/listinfo/centos
>



-- 
GPG me!!

gpg --keyserver pool.sks-keyservers.net --recv-keys F186197B