-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 James E. Pratt wrote: > Hi i have a similar problem where no matter how i try and compile on > either sol8 or sol9 (sparc) using the software from sunfreeware (gcc, > openssl etc etc), i just cannot get NRPE ssl handshakes to work via > inetd... I've tried everything, and triple-checked everything countless > times, but always get the "Failed to complete ssl handshake" message.. > > Can anyone give me any insight, or has seen this issue before?
I've seen this in a couple of different cases: 1) trust relationship between the nagios user on the monitoring host and the monitored host is not set up. To do this you need to generate a pair of ssh keys. I always (and I forget why) generate both a dsa key and an rsa key. To do this is pretty simple: a) log in as the user nagios on your monitoring host. b) run ssh-keygen -t rsa ; and answer the questions/prompts accordingly. c) run ssh-keygen -t dsa ; and do the same as (b) d) cd ~/.ssh e) cat *.pub > exported-keys.txt f) scp exported-keys.txt [EMAIL PROTECTED]: (note the trailing colon (:) above) g) log on as nagios on the monitored host. f) cat exported-keys.txt >> .ssh/authorized_keys g) cat exported-keys.txt >> .ssh/authorized_keys2 Now, having said all that one of the shortcuts I have on some of my systems is authorized_keys and authorized_keys2 are the same file with one of them being a sym-link to the other. 2) no SSH on the monitored host at all Well.. put it there and and then follow the steps above. 3) nrpe is not being started from inetd (xinetd) AND is not running as a daemon. Then you need to either configure inetd (xinted) accordingly or enable nrpe to be started up from init during system reboot. (or start it manually... whatever floats your boat.) Clear as mud? - -- :::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Peter L. Berghold [EMAIL PROTECTED] "Those who fail to learn from history are condemned to repeat it." AIM: redcowdawg Yahoo IM: blue_cowdawg ICQ: 11455958 -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.6 (GNU/Linux) Comment: Using GnuPG with Red Hat - http://enigmail.mozdev.org iD8DBQFD/eWPUM9/01RIhaARAvMzAJ9m01XznSLrU8ZLoEXsZxcKGrAm0gCfch6J hlNIo7ZI9dw6usurIkonkJA= =dEf8 -----END PGP SIGNATURE-----
begin:vcard fn:Peter L. Berghold n:Berghold;Peter org:IBM;GSD email;internet:[EMAIL PROTECTED] title:Unix Specialist x-mozilla-html:FALSE url:http://www.berghold.net version:2.1 end:vcard