Tag archieven: ssl_err != 5

Nagios NRPE Server 2.15 Could not complete SSL handshake. 1

1 reactie 
CHECK_NRPE: (ssl_err != 5) Error - Could not complete SSL handshake with [ip] 1

Found out it had to do with the major version difference 3.x connecting to 2.x. Adding -2 to the command line made no difference. Disabling SSL was an solution. But not preferred.

I recently upgraded (reinstalled) my vps from Debian Jessie to Debian Buster. I chose to install Nagios4 and NRPE client from Debian repositories. (Previous installation was build from source). I was using Nagios4x already, i guess the nrpe-plugins were a bit older.

On the other side i have an Netgear ReadyNAS Pro 6 to be monitored. This system is still running Debian Jessie. To stay compatible with Netgear updates, i am not doing an dist-upgrade on the OS. Debian Jessie has nagios-nrpe-server 2.x in it’s main repository.

While searching online, i came across a solution that rebuilds nagios-nrpe-server 2.x with a dh 2048 signature.

I tried to do the same thing, with success.

With https://wiki.debian.org/BuildingTutorial as base, i proceeded as following:

# Edit /etc/apt/sources.list, add an deb-src line
deb-src http://mirrors.kernel.org/debian jessie main

Now update apt

sudo apt-get update

Create a working directory and get source code

# Create working directory
mkdir -p src/debian
cd src/debian

# Get source
apt-get source nagios-nrpe-server

# Step into source
cd nagios-nrpe-2.15

# Build without patches, to check that all requirements a met
debuild -b -uc -us

# When build failed, try
sudo apt-get install build-essential fakeroot devscripts
# and
sudo apt-get build-dep nagios-nrpe-server

Now apply some changes to the source code.

Edit ./configure

OLD: $sslbin dhparam -C 512 | awk '/^-----/ {exit} {print}' > include/dh.h
NEW: $sslbin dhparam -C 2048 | awk '/^-----/ {exit} {print}' > include/dh.h

Edit ./configure.in

OLD: $sslbin dhparam -C 512 | awk '/^-----/ {exit} {print}' > include/dh.h
NEW: $sslbin dhparam -C 2048 | awk '/^-----/ {exit} {print}' > include/dh.h

Edit ./src/nrpe.c 

OLD: dh=get_dh512();
NEW: dh=get_dh2048();

We can recompile now.

debuild -b -uc -us

If no error occurred, there should be 2 new .deb packages in your working directory.

Install both
sudo dpkg -i nagios-nrpe-plugin_2.15-1.deb
sudo dpkg -i nagios-nrpe-server_2.15-1.deb