您的位置: 首页  >  文章  >  NRPE出现“CHECK_NRPE: Error - Could not complete SSL handshake.”错误

NRPE出现“CHECK_NRPE: Error - Could not complete SSL handshake.”错误

分类: 文章 2024-10-23 11:48:22

解决方案一

  1. 在监控端使用NRPE检测存活状态时提示“CHECK_NRPE: Error - Could not complete SSL handshake.”

    /usr/local/nagios/libexec/check_nrpe -H 被监控端IP

    NRPE出现“CHECK_NRPE: Error - Could not complete SSL handshake.”错误

  2. 打开被监控端nrpe配置文件

    #vim /usr/local/nagios/etc/nrpe.cfg

    NRPE出现“CHECK_NRPE: Error - Could not complete SSL handshake.”错误

  3. 在allowed_hosts中添加监控端IP地址

    NRPE出现“CHECK_NRPE: Error - Could not complete SSL handshake.”错误

  4. 重启xinetd进程

    /etc/init.d/xinetd restart

    NRPE出现“CHECK_NRPE: Error - Could not complete SSL handshake.”错误

  5. 将NRPE端口加入到防火墙

    NRPE出现“CHECK_NRPE: Error - Could not complete SSL handshake.”错误

  6. 重启防火墙

    /etc/init.d/iptables restart

    NRPE出现“CHECK_NRPE: Error - Could not complete SSL handshake.”错误

  7. 7

    再次尝试查看NRPE状态发现已经正常了

    /usr/local/nagios/libexec/check_nrpe -H 被监控端IP

    NRPE出现“CHECK_NRPE: Error - Could not complete SSL handshake.”错误

 

解决方案二

Title: Debugging "CHECK_NRPE: Error - Could not complete SSL handshake" errors
FAQ ID: F0191
Submitted By: Greg Haygood, Ethan Galstad and Others
Last Updated: 11/03/2004
 
Description: When attempting to use the check_nrpe plugin, the following error message is printed:
CHECK_NRPE: Error - Could not complete SSL handshake
 
Solution: This error message could be due to several problems:
  • Different versions. Make sure you are using the same version of the check_nrpe plugin and the NRPE daemon. Newer versions of NRPE are usually not backward compatible with older versions.
  • SSL is disabled. Make sure both the NRPE daemon and the check_nrpe plugin were compiled with SSL support and that neither are being run without SSL support (using command line switches).
  • Incorrect file permissions. Make sure the NRPE config file (nrpe.cfg) is readable by the user (i.e. nagios) that executes the NRPE binary from inetd/xinetd.
  • Pseudo-random device files are not readable. Greg Haygood noted the following... "After wringing my hair out and digging around with truss, I figured out the problem on my Solaris 8 boxen. The files /devices/pseudo/random* (linked through /dev/*random, and provided by Sun patch 112438) were not readable by the nagios user I use to launch NRPE. Making the character devices world-readable solved it."
  • Unallowed address. If you're running the NRPE daemon under xinetd, make sure that you have a line in the xinetd config file that say "only_from = xxx.xxx.xxx.xxx", where xxx.xxx.xxx.xxx is the IP address that you're connected to the NRPE daemon from.

Dave van Nierop added that "Fortunately, for HPUX 11.i (11.11) and later Nagios users, HP now supports /dev/random and /dev/urandom via a kernel loadable module. Prior to running the NRPE 2.0 configure script, you will need to download this program from http://www.software.hp.com/cgi-bin/swdepot_parser.cgi/cgi/displayProductInfo.pl?productNumber=KRNG11I. Installation does require a server reboot. For detailed information, consult http://newfdawg.com/SSHpart5.htm

 

 

相关推荐