Tuesday, November 29, 2022
Google search engine
HomeLinux TutorialsHow to solve the problem "CHECK_NRPE: (ssl_err != 5) Error Nagios

How to solve the problem “CHECK_NRPE: (ssl_err != 5) Error Nagios

The new openssl package on the latest versions of Centos / RHEL/ Ubuntu / Debian cause compatibility issues that cause the check_nrpe plugin to fail when checking Windows Hosts running NSClient++. with this tutorial, I’ll show you How to solve the problem “CHECK_NRPE: (ssl_err != 5) Error Nagios

The problem

When using check_nrpe version 4.0.3 (or later) you are required to have a 2048 bit Diffie-Hellman key on the target host. NSClient++ (as of the current version 0.5.2.35) only provides a 512 bit key.

Solution

To solve this you will have to generate a new key and use it instead of the pre-generated key.

Generate the new key

On your Nagios Monitor server, run the following command to generate the key:

openssl dhparam -C 2048 2> /dev/null|sed -n '/BEGIN/,/END/p'

This may take several minutes. When it is done, it will produce a key looking similar to this one:

-----BEGIN DH PARAMETERS-----
MIIBCAKCAQEAterjJyYKhGXhkCasdasdas/ruEhvBetjNfjSQpVmqQCpRql2O/JVW2
oL1Dqxvb9Fdqrm2lbQmngHLHBN+P1asdasdasdasdxcTeusTrGRCzMxZ2NDPG2ka7k
FN4wXp/ChasdasdasdasdasLJsOLrMdZn8GOBFJSASQlCrg0lxFTHe8pQSobspiYyW
Miv4HyJT+7eIlza/203RJa8C6GBXWmsoR4XhD0Z4/hwp/3nXMMFvvRI6am2YEjwv
dTo2dukuKBVuqM2exsbgIVa52Bt1nAp7t/04DBYkB17ivFheXdfgdfgdfgdfgdfgRy
LzSG2TLEcOKpSWlNhQdfdfgdfgdfgQawIBAg==
-----END DH PARAMETERS-----

Install the new key on your host

You need to copy the text displayed when generating the key and paste it to a new file on your host. This file should be named C:\Program Files\NSClient++\security\nrpe_dh_2048.pem. Adjust the path if your NSClient++ installation is located somewhere else on the disk.

Enable the new key

Open the command line on your host and run the following command from the directory of your NSClient++ installation:

.\nscp.exe settings --path /settings/NRPE/server --key dh --set "C:\Program Files\NSClient++\security\nrpe_dh_2048.pem"

Restart NSClient++

Stop and start the client:

net stop nscp
net start nscp

Test the new key

Run the following on your Nagios Monitor server to verify that it is now working:

/usr/lib/nagios/plugins/check_nrpe -H <IP>

(Replace with the actual address of your host.)

Additional steps
If you get the error “CHECK_NRPE: Invalid packet version received from server.”, then you will need to add the option -2 to your check_command.

/usr/local/nagios/libexec/check_nrpe -H xxx.xxx.xxx.xxx -2

result:

/usr/lib/nagios/plugins/check_nrpe -H xxx.xxx.xxx.xxx -2
I (0.4.4.19 2015-12-08) seem to be doing fine...

YOU CAN SUPPORT DEVNINJA WITH A CUP OF COFFEE

As we continue to grow, we would wish to reach and impact more people who visit and take advantage of the guides we have on our blog. This is a big task for us and we are so far extremely grateful for the kind people who have shown amazing support for our work over the time we have been online. to search or browse the published articles available FREELY to all.

If you like what you are reading, please consider buying us a coffee ( or more ) as a token of appreciation.

Support Us

DevNinja
DevNinja
System & Network Administrator Ninja
RELATED ARTICLES

LEAVE A REPLY

Please enter your comment!
Please enter your name here

3 − 1 =

- Advertisment -
Google search engine

Most Popular

Recent Comments