Hi Eric, Thanks for your reply. I do have nrpe running under xinetd on the host I'm trying to monitor. And running the nrpe checl locally: [root@ops:~] #/usr/local/nagios/libexec/check_nrpe -H localhost NRPE v2.15 [root@ops:~] #grep only_from /etc/xinetd.d/nrpe only_from = 127.0.0.1 216.120.248.126 And I do have port 5666 open on the security group for this host. And I made sure the local firewall was stopped, because I am blocking ports with the security groups instead. [root@ops:~] #service iptables status Firewall is stopped. It's only when checking from the monitoring host that nrpe fails: [root@monitor1:~] #/usr/local/nagios/libexec/check_nrpe -H ops.jokefire.com CHECK_NRPE: Error - Could not complete SSL handshake. Really, really puzzling. This is driving me up a wall!! I hopeI can solve this soon.... Thanks for any and all help with this one!! Tim On Fri, May 1, 2015 at 1:02 AM, Eric Lehmann <e.lehmann88@xxxxxxxxx> wrote: > Hi > Does the deamon run under xinetd? Then you have to configure the only_from > in */etc/**xinetd.d**/**nrpe* to. > > Regards > Eric > Am 01.05.2015 06:46 schrieb "Tim Dunphy" <bluethundr@xxxxxxxxx>: > > > Hello, > > > > I am trying to monitor a host in the Amazon EC2 cloud. > > > > Yet when I try to check NRPE from the monitoring host I am getting an SSL > > handshake error: > > > > [root@monitor1:~] #/usr/local/nagios/libexec/check_nrpe -H > > ops.jokefire.com > > CHECK_NRPE: Error - Could not complete SSL handshake. > > > > And if I telnet into the host on port 5666 to see if the FW port is open, > > the connection closes right away: > > > > [root@monitor1:~] #telnet ops.somewhere.com 5666 > > Trying 54.225.218.125... > > Connected to ops.somewhere.com. > > Escape character is '^]'. > > Connection closed by foreign host. > > > > You can see there it connects, but then it closes immediately after the > > connection. > > > > I have NRPE running on the host I want to monitor: > > > > [root@ops:~] #lsof -i :5666 > > COMMAND PID USER FD TYPE DEVICE SIZE NODE NAME > > xinetd 1434 root 5u IPv4 4063 TCP *:nrpe (LISTEN) > > > > And I have the IP of my nagios server listed in the xinetd conf file: > > > > [root@ops:~] #cat /etc/xinetd.d/nrpe > > # default: on > > # description: NRPE (Nagios Remote Plugin Executor) > > service nrpe > > { > > flags = REUSE > > socket_type = stream > > port = 5666 > > wait = no > > user = nagios > > group = nagios > > server = /usr/local/nagios/bin/nrpe > > server_args = -c /usr/local/nagios/etc/nrpe.cfg --inetd > > log_on_failure += USERID > > disable = no > > only_from = 127.0.0.1 xx.xx.xx.xx # <- representing my > real > > nagios server IP > > } > > > > > > > > And I have my default security group for that host open on port 5666 to > the > > world for this experiment. I plan on locking that down again to the > single > > IP of my monitoring host once I get this resolved. > > > > Does anyone have any suggestions on how I can get that problem solved? > > > > Thanks, > > Tim > > > > -- > > GPG me!! > > > > gpg --keyserver pool.sks-keyservers.net --recv-keys F186197B > > _______________________________________________ > > CentOS mailing list > > CentOS@xxxxxxxxxx > > http://lists.centos.org/mailman/listinfo/centos > > > _______________________________________________ > CentOS mailing list > CentOS@xxxxxxxxxx > http://lists.centos.org/mailman/listinfo/centos > -- GPG me!! gpg --keyserver pool.sks-keyservers.net --recv-keys F186197B _______________________________________________ CentOS mailing list CentOS@xxxxxxxxxx http://lists.centos.org/mailman/listinfo/centos