CHECK_NRPE: (ssl_err != 5) Error - Could not complete SSL handshake with [ip] 1
Found out it had to do with the major version difference 3.x connecting to 2.x. Adding -2 to the command line made no difference. Disabling SSL was an solution. But not preferred.
I recently upgraded (reinstalled) my vps from Debian Jessie to Debian Buster. I chose to install Nagios4 and NRPE client from Debian repositories. (Previous installation was build from source). I was using Nagios4x already, i guess the nrpe-plugins were a bit older.
On the other side i have an Netgear ReadyNAS Pro 6 to be monitored. This system is still running Debian Jessie. To stay compatible with Netgear updates, i am not doing an dist-upgrade on the OS. Debian Jessie has nagios-nrpe-server 2.x in it’s main repository.
While searching online, i came across a solution that rebuilds nagios-nrpe-server 2.x with a dh 2048 signature.
I tried to do the same thing, with success.
With https://wiki.debian.org/BuildingTutorial as base, i proceeded as following:
# Edit /etc/apt/sources.list, add an deb-src line
deb-src http://mirrors.kernel.org/debian jessie main
Now update apt
Create a working directory and get source code
# Create working directory
mkdir -p src/debian
cd src/debian
# Get source
apt-get source nagios-nrpe-server
# Step into source
cd nagios-nrpe-2.15
# Build without patches, to check that all requirements a met
debuild -b -uc -us
# When build failed, try
sudo apt-get install build-essential fakeroot devscripts
# and
sudo apt-get build-dep nagios-nrpe-server
Now apply some changes to the source code.
Edit ./configure
OLD: $sslbin dhparam -C 512 | awk '/^-----/ {exit} {print}' > include/dh.h
NEW: $sslbin dhparam -C 2048 | awk '/^-----/ {exit} {print}' > include/dh.h
Edit ./configure.in
OLD: $sslbin dhparam -C 512 | awk '/^-----/ {exit} {print}' > include/dh.h
NEW: $sslbin dhparam -C 2048 | awk '/^-----/ {exit} {print}' > include/dh.h
Edit ./src/nrpe.c
OLD: dh=get_dh512();
NEW: dh=get_dh2048();
We can recompile now.
If no error occurred, there should be 2 new .deb packages in your working directory.
Install both
sudo dpkg -i nagios-nrpe-plugin_2.15-1.deb
sudo dpkg -i nagios-nrpe-server_2.15-1.deb