CHECK_NRPE: Error ? Could not complete SSL handshake 错误解决
HECK_NRPE: Error ? Could not complete SSL handshake
1、Different versions. Make sure you are using the same version of the check_nrpe plugin and the NRPE daemon. Newer versions of NRPE are usually not backward compatible with older versions.
2、SSL is disabled. Make sure both the NRPE daemon and the check_nrpe plugin were compiled with SSL support and that neither are being run without SSL support (using command line switches).
3、Incorrect file permissions. Make sure the NRPE config file (nrpe.cfg) is readable by the user (i.e. nagios) that executes the NRPE binary from inetd/xinetd.
4、Pseudo-random device files are not readable. Greg Haygood noted the following… “After wringing my hair out and digging around with truss, I figured out the problem on my Solaris 8 boxen. The files /devices/pseudo/random* (linked through /dev/*random, and provided by Sun patch 11243 were not readable by the nagios user I use to launch NRPE. Making the character devices world-readable solved it.”
5、Unallowed address. If you’re running the NRPE daemon under xinetd, make sure that you have a line in the xinetd config file that say “only_from = xxx.xxx.xxx.xxx”, where xxx.xxx.xxx.xxx is the IP address that you’re connected to the NRPE daemon from.
简单说一下,大概的内容,不是严格翻译。
1. 确认check_nrpe 和 nrpe daemon的版本一定要一致。
2. 确认 check_nrpe和nrpe deamon端同时启用或者禁用ssl支持。
3. 确认nrep.cfg可以被nrpe(或者nagios,反正是执行nrep或者xinetd/inetd程序的)用户正常读取。
4. 有关伪随机设备的问题。这个只会在solaris 8上出现,需要一个补丁Sun patch 112438。
5. 确定nagios主机在xinetd的 only_from中,如果没有使用xinetd,则要确认nrpe.cfg中的配置。
另外,赠送l两个,
1. 检查一下你的Windows或者Linux自带的防火墙,是否把端口给filter掉了。
2. 把nrpe的的log打开,可以发现更多有用的信息。
很有可以能是客户端的配置文件 nrpe.cfg
allowed_hosts=192.168.200.29
这行没加server端的许可ip