CHECK_NRPE: (ssl_err != 5) Error - Could not complete SSL handshake with [ip] 1
Found out it had to do with the major version difference 3.x connecting to 2.x. Adding -2 to the command line made no difference. Disabling SSL was an solution. But not preferred.
I recently upgraded (reinstalled) my vps from Debian Jessie to Debian Buster. I chose to install Nagios4 and NRPE client from Debian repositories. (Previous installation was build from source). I was using Nagios4x already, i guess the nrpe-plugins were a bit older.
On the other side i have an Netgear ReadyNAS Pro 6 to be monitored. This system is still running Debian Jessie. To stay compatible with Netgear updates, i am not doing an dist-upgrade on the OS. Debian Jessie has nagios-nrpe-server 2.x in it’s main repository.
While searching online, i came across a solution that rebuilds nagios-nrpe-server 2.x with a dh 2048 signature.
I tried to do the same thing, with success.
With https://wiki.debian.org/BuildingTutorial as base, i proceeded as following:
# Edit /etc/apt/sources.list, add an deb-src line deb-src http://mirrors.kernel.org/debian jessie main
Now update apt
sudo apt-get update
Create a working directory and get source code
# Create working directory mkdir -p src/debian cd src/debian # Get source apt-get source nagios-nrpe-server # Step into source cd nagios-nrpe-2.15 # Build without patches, to check that all requirements a met debuild -b -uc -us # When build failed, try sudo apt-get install build-essential fakeroot devscripts # and sudo apt-get build-dep nagios-nrpe-server
Now apply some changes to the source code.
Edit ./configure
OLD: $sslbin dhparam -C 512 | awk '/^-----/ {exit} {print}' > include/dh.h NEW: $sslbin dhparam -C 2048 | awk '/^-----/ {exit} {print}' > include/dh.h
Edit ./configure.in
OLD: $sslbin dhparam -C 512 | awk '/^-----/ {exit} {print}' > include/dh.h NEW: $sslbin dhparam -C 2048 | awk '/^-----/ {exit} {print}' > include/dh.h
Edit ./src/nrpe.c
OLD: dh=get_dh512(); NEW: dh=get_dh2048();
We can recompile now.
debuild -b -uc -us
If no error occurred, there should be 2 new .deb packages in your working directory.
Install both sudo dpkg -i nagios-nrpe-plugin_2.15-1.deb sudo dpkg -i nagios-nrpe-server_2.15-1.deb