一般Linux都自带了openssl和openssl-devel，并且系统iptables也不会阻拦5666端口通讯。我按照网上提供的步骤安装nrpe,然后作为服务运行，然后运行检查命令 check_nrpe -H ip，结果发现

CHECK_NRPE: Error -Could not complete SSL handshake

从百度和google搜了下，基本上都是抄袭的一段英文然后自己发挥的，正常情况下

• Different versions. Make sure you are using the same version of the check_nrpe plugin and the NRPE daemon. Newer versions of NRPE are usually not backward compatible with older versions. ------正常从nagios下载的nagios 3.06stable 和nagios-plugins-1.4.13和nrpe-2.12等式完全匹配的，根本没有理由去质疑---
• SSL is disabled. Make sure both the NRPE daemon and the check_nrpe plugin were compiled with SSL support and that neither are being run without SSL support (using command line switches). ----运行./configure --prefix=/usr/local/nrpe 然后其他参数不加，程序会缺省带SSL编译，更没有理由怀疑。----
• Incorrect file permissions. Make sure the NRPE config file (nrpe.cfg) is readable by the user (i.e. nagios) that executes the NRPE binary from inetd/xinetd. ----用root账户安装后，运行一下chowm -R nagios.nagios nrpe即可将nrpe目录及其所有文件的用户和用户组变为nagios----
• Pseudo-random device files are not readable. Greg Haygood noted the following... "After wringing my hair out and digging around with truss, I figured out the problem on my Solaris 8 boxen. The files /devices/pseudo/random* (linked through /dev/*random, and provided by Sun patch 112438) were not readable by the nagios user I use to launch NRPE. Making the character devices world-readable solved it." ----Solaris直接无视，俺是在Redhat发行版上做的----
• Unallowed address. If you're running the NRPE daemon under xinetd, make sure that you have a line in the xinetd config file that say "only_from = xxx.xxx.xxx.xxx", where xxx.xxx.xxx.xxx is the IP address that you're connected to the NRPE daemon from. ----并没有使用Xinetd管理，俺直接就是配置了监听IP，让其stand-alone的，nrpe.cfg文档里写的很明白，用Xinetd管理时设定的管理IP时无效的，所以这也不是问题所在。---

我先前看了这个帖子，结果就疑神疑鬼的到处调试，然后发现无解，又去看文档，发现文档上也没有提这个事情。最后无意间想起很多很弱的脚本在模式匹配时在空字符（空格，制表符，回车）的地方容易犯晕，然后我就试了一下。

我原来配置nrpe.cfg配置管理IP的时候

# ALLOWED HOST ADDRESSES
# This is an optional comma-delimited list of IP address or hostnames
# that are allowed to talk to the NRPE daemon.
#
# Note: The daemon only does rudimentary checking of the client's IP
# address. I would highly recommend adding entries in your /etc/hosts.allow
# file to allow only the specified host to connect to the port
# you are running this daemon on.
#
# NOTE: This option is ignored if NRPE is running under either inetd or xinetd

allowed_hosts=127.0.0.1,   172.16.1.11,   172.16.1.8

如图示，上面在逗号后面添加了空格，然后我把空格去掉改成

allowed_hosts=127.0.0.1,172.16.1.11然后重启nrpe服务，再运行./check_nrpe -H IP的时候就OK了。

[root@www libexec]# ./check_nrpe -H 172.16.1.11
NRPE v2.12