RAC ssh 配置——官方文献

最新推荐文章于 2025-07-29 15:03:10 发布
最新推荐文章于 2025-07-29 15:03:10 发布
阅读量133 收藏
点赞数
文章标签: 运维 数据库 shell
本文介绍如何在集群的每个节点上配置SSH,包括创建RSA和DSA密钥、设置授权密钥文件,以及如何启用SSH用户等效性以实现无密码登录。适用于希望了解详细SSH配置步骤的读者。

摘要生成于 C知道 ,由 DeepSeek-R1 满血版支持, 前往体验 >

2.3.7.1 Configuring SSH on Cluster Member Nodes

To configure SSH, you must first create RSA and DSA keys on each cluster node, and then copy the keys from all cluster node members into an authorized keys file on each node. To do this task, complete the following steps:

Create RSA and DSA keys on each node: Complete the following steps on each node:

  1. Log in as the oracle user.

  2. If necessary, create the .ssh directory in the oracle user's home directory and set the correct permissions on it:

    $ mkdir ~/.ssh
$ chmod 700 ~/.ssh
$ chmod 700

  3. Enter the following commands to generate an RSA key for version 2 of the SSH protocol:

    $ /usr/bin/ssh-keygen -t rsa

    At the prompts:

    • Accept the default location for the key file.

    • Enter and confirm a pass phrase that is different from the oracle user's password.

    This command writes the public key to the ~/.ssh/id_rsa.pub file and the private key to the ~/.ssh/id_rsa file. Never distribute the private key to anyone.

  4. Enter the following commands to generate a DSA key for version 2 of the SSH protocol:

    $ /usr/bin/ssh-keygen -t dsa

    At the prompts:

    • Accept the default location for the key file

    • Enter and confirm a pass phrase that is different from the oracle user's password

    This command writes the public key to the ~/.ssh/id_dsa.pub file and the private key to the ~/.ssh/id_dsa file. Never distribute the private key to anyone.

Add keys to an authorized key file: Complete the following steps:

  1. On the local node, determine if you have an authorized key file (~/.ssh/authorized_keys). If the authorized key file already exists, then proceed to step 2. Otherwise, enter the following commands:

    $ touch ~/.ssh/authorized_keys
$ cd ~/.ssh
$ ls

    You should see the id_dsa.pub and id_rsa.pub keys that you have created.

  2. Using SSH, copy the contents of the ~/.ssh/id_rsa.pub and ~/.ssh/id_dsa.pub files to the file ~/.ssh/authorized_keys, and provide the Oracle user password as prompted. This process is illustrated in the following syntax example with a two-node cluster, with nodes node1 and node2, where the Oracle user path is /home/oracle:

    [oracle@node1 .ssh]$ ssh node1 cat /home/oracle/.ssh/id_rsa.pub >> authorized_keys
oracle@node1's password:
[oracle@node1 .ssh]$ ssh node1 cat /home/oracle/.ssh/id_dsa.pub >> authorized_keys
[oracle@node1 .ssh$ ssh node2 cat /home/oracle/.ssh/id_rsa.pub >> authorized_keys
oracle@node2's password:
[oracle@node1 .ssh$ ssh node2 cat /home/oracle/.ssh/id_dsa.pub >>authorized_keys
oracle@node2's password:

    Note:

    Repeat this process for each node in the cluster.

  3. Use SCP (Secure Copy) or SFTP (Secure FTP) to copy the authorized_keys file to the Oracle user .ssh directory on a remote node. The following example is with SCP, on a node called node2, where the Oracle user path is /home/oracle:

    [oracle@node1 .ssh]scp authorized_keys node2:/home/oracle/.ssh/

  4. Repeat step 2 and 3 for each cluster node member. When you have added keys from each cluster node member to the authorized_keys file on the last node you want to have as a cluster node member, then use SCP to copy the complete authorized_keys file back to each cluster node member

    Note:

    The Oracle user's /.ssh/authorized_keys file on every node must contain the contents from all of the /.ssh/id_rsa.pub and /.ssh/id_dsa.pub files that you generated on all cluster nodes.

  5. Change the permissions on the Oracle user's /.ssh/authorized_keys file on all cluster nodes:

    $ chmod 600 ~/.ssh/authorized_keys

    At this point, if you use ssh to log in to or run a command on another node, you are prompted for the pass phrase that you specified when you created the DSA key.

2.3.7.2 Enabling SSH User Equivalency on Cluster Member Nodes

To enable Oracle Universal Installer to use the ssh and scp commands without being prompted for a pass phrase, follow these steps:

  1. On the system where you want to run Oracle Universal Installer, log in as the oracle user.

  2. Enter the following commands:

    $ exec /usr/bin/ssh-agent $SHELL
$ /usr/bin/ssh-add

  3. At the prompts, enter the pass phrase for each key that you generated.

    If you have configured SSH correctly, then you can now use the ssh or scp commands without being prompted for a password or a pass phrase.

  4. If you are on a remote terminal, and the local node has only one visual (which is typical), then use the following syntax to set the DISPLAY environment variable:

    Bourne, Korn, and Bash shells

    $ export DISPLAY=hostname:0

    C shell:

    $ setenv DISPLAY 0

    For example, if you are using the Bash shell, and if your hostname is node1, then enter the following command:

    $ export DISPLAY=node1:0

  5. To test the SSH configuration, enter the following commands from the same terminal session, testing the configuration of each cluster node, where nodename1, nodename2, and so on, are the names of nodes in the cluster:

    $ ssh nodename1 date
$ ssh nodename2 date
    .
    .
    .
[@more@]

来自 “ ITPUB博客 ” ,链接:http://blog.itpub.net/22934571/viewspace-1048523/,如需转载,请注明出处,否则将追究法律责任。

转载于:http://blog.itpub.net/22934571/viewspace-1048523/

csb47658
关注
Oracle 10g R2 RAC for Redhat Linux AS 4
Ding YA 的笔记
04-11 735
ORACLE 10.2.0.1 RAC FOR RedHat Linux AS4 update4安装操作手册<br /> <br /> <br /> <br /> <br /> 计划<br />本次数据库采用10G RAC集群,由于10G提供了Oracle 集群文件系统 (OCFS)、自动存储管理器 (ASM)、原始设备这三种共享磁盘方式用于RAC的安装,因此我们准备计划先采用ASM安装RAC并进行建库。下面的计划主要是针对ASM方式的部署RAC<br />一、硬件环境描述<br />1、  节点1与节点2
[转]高负载并发网站架构分析
热门推荐
bluehire的专栏
12-23 2万+
由于自己正在做一个高性能大用户量的论坛程序,对高性能高并发服务器架构比较感兴趣,于是在网上收集了不少这方面的资料和大家分享。希望能和大家交流 msn: defender_ios@hotmail.com ——————————————————————————————————————— ? 初创网站与开源软件 6 ? 谈谈大型高负载网站服务器的优化心得! 8 ? Lighttpd+Squid+Apach
rac ssh配置
敖尔其楞的专栏
05-11 830
每次部署rac的时候都要配置ssh互信,手工配置太麻烦了,搞了个简单脚本#!/bin/sh #author:baixiaoyu #create time:20170511 #this script depents on sshpasss ip1=$1 ip2=$2 mkdir ~/.ssh chmod 700 ~/.ssh cd ~/.ssh ssh-keygen -t rsa ssh-keygen
racssh配置
DreamDB的专栏
05-07 4024
  rac中的ssh双机配置1,前提条件 rac1 192.168.5.80  rac2 192.168.5.90修改主机名称是 vi /etc/sysconfig/network 为使其立即生效在修改hostname xx 临时的ip是  ifconfig eth0 ip 2,修改静态主机表 vi /etc/hosts 将本机的主机名,删除 在后面追加 192.168.5.8
RAC中的ssh用户等价
changyanmanman的专栏
09-03 1809
所谓的用户等价,就是以oracle用户从一个节点连接到另一个节点时,不需要输入密码。Clusterware和Database的安装过程都是先在一个节点安装,然后安装程序自动把本地安装好的内容复制到远程相同的目录,这是一个后台拷贝过程,安装人员没有机会输入密码进行验证,因此必须配置用户等价。 oracle允许使用两种用户等价RSH和SSH。推荐使用SSH,因为更安全。
rac部署前配置互信
kevinyu998的博客
05-01 1772
sshUserSetup.sh在GI安装介质解压缩后的oui/prov/resources/scripts目录下。方法之一:使用sshUserSetup.sh快速创建互信。db1 db2指两个主机的主机名,根据实际情况调整。
rac配置SSH互信
DBAngelica的博客
12-07 3195
错误: 在grid用户下直接执行 【./sshUserSetup.sh -user grid -hosts "rac01 rac02 " -advanced -noPromptPassphrase】 这条语句时, 系统提示:找不到sshUserSetup.sh的命令 解决方法: 解压p13390677_112040_Linux-x86-64_3of7.zip  进入解压后的grid目录下...
oracle rac ssh 免密码登陆设置
Funny Min的专栏
10-19 3915
su -oracle pwd mkdir ~/.ssh
oracle rac ssh互信,RAC主机配置ssh互信
weixin_39595302的博客
04-09 1212
node1[oracle@node1 ~]$ ssh-keygen -t rsa[oracle@node1 ~]$ ssh-keygen -t dsa[oracle@node1 ~]$ cd .ssh[oracle@node1 ssh]$ cat *.pub >> authorized_keysnode2[oracle@rac2 ~]$ ssh-keygen -t rsa[oracle...
2.5.7 配置SSH用户等效性
一玩儿家的田地
01-05 760
Oracle 11gR2在安装Grid Infrastructure的时候,能够通过安装程序配置节点间的SSH用户等效性,之所以要在安装之前配置SSH用户等效性,是为了能够在安装前使用CVU工具来检查安装软件的要求是否满足。CVU检查需要由非root用户来执行,如果执行Clusterware和ASM的检查就用grid用户执行检查的命令,如果执行Database的检查就用oracle用户来执行检查的
RAC配置SSH
zml19910422的专栏
03-11 828
为Oracle用户配置SSH: 以oracle身份在每个节点执行以下代码 su - oracle mkdir ~/.ssh cd .ssh ssh-keygen -t rsa ssh-keygen -t dsa cat *rsa.pub >> authorized_keys cat *dsa.pub >> authorized_keys   然后在rac1下: ssh rac
OCM_Session7_6_配置oracle用户ssh对等性
一抹曦阳-Oracle
03-23 2508
六、配置oracle用户ssh对等性 这个OCM要求配置。 参考官方文档:http://docs.oracle.com/cd/B19306_01/install.102/b14203/prelinux.htm 2.4.7.1 Configuring SSH on Cluster Member Nodes To configure SSH, you
配置SSH用户等效性(Oracle RAC 11g)
东城绝神
08-11 2977
分别在172.20.27和172.20.28.30两个节点执行如下命令 [root@i-dp1cxy1l ~]# cp /etc/ssh/ssh_config /etc/ssh/ssh_config.bak [root@i-dp1cxy1l ~]# vi /etc/ssh/ssh_config StrictHostKeyChecking no  UserKnownHostsFile
SSH信任关系设置-oracle rac 信任关系
张小秋博客
12-10 2490
SSH信任关系设置# lslpp -l | grep sshSSH配置:mkdir ~/.ssh chmod 700 ~/.ssh /usr/bin/ssh-keygen -t rsa /usr/bin/ssh-keygen -t dsa touch ~/.ssh/authorized_keys cd ~/.ssh lsemra: cat ./
oracle rac ssh对等,如何为Oracle RAC配置SSH
weixin_39883440的博客
04-03 334
众所周知,在安装Oracle Clusterware(Former Oracle CRS)之前,有一些必备的条件,比如双网卡,同版本的操作系统,一些必需的补丁等等,还有一些比如同样ID的组和用户,这些都可以通过clusterware附带的一个检查工具cluvfy进行检查。详细的列表和检查方法可以参考oracle的官方安装文档,除此之外,安装之前另外一个重要的前提就是ssh或者rsh的配置,这就是o...
【C语言网络编程基础】DNS 协议与请求详解
qq_64148519的博客
07-27 298
DNS 是互联网的电话簿。用户输入网址(域名)时→它是一个分布式、层级结构的命名系统,负责解析所有公共域名。DNS 是互联网的基础设施之一,支撑着网站访问、邮件传输等各类服务。理解 DNS 协议和请求过程,不仅有助于调试网络问题,也是学习网络编程、安全防护等高级技能的第一步。
解决mac下git pull、push需要输入密码
Zing_ing的博客
07-29 199
添加以下代码(解决 ssh-agent 不自动加载的问题)编辑 shell 配置文件。编辑 SSH 配置文件。清除所有已缓存的密钥。重新添加密钥到钥匙串。
zabbix-agent静默安装
zhm120456的博客
07-27 291
例如版本为zabbix_agent-7.0.7-windows-amd64-openssl.msi,服务器为192.168.1.100。msiexec /i zabbix-msi安装包 /qn SERVER=zabbix服务器IP。4 从MSI安装Windows agent。
在win11系统上安装虚拟机并安装win10系统并搭建oracle数据库(新手版)
最新发布
qq_16961587的博客
07-29 352
左侧虚拟机列表中选择要扩容的虚拟机,点击右侧的编辑虚拟机设置,在弹框中选择“硬盘”,点击右上角扩展,将数值改为自己需要的大小即可。便可以看到新增的“新加卷(E)”,不想显示新加卷字样的话,可以右键属性,改一下名称,我这里改成了学习。步骤2点击下一步,步骤3点击下一步,步骤4介意更改一下数据库的位置,不安装在C盘,我在E盘新建了一个ORCL的文件夹用于存放。解压完成后,安装之前,要先预置新版操作系统的认证信息,否则直接安装会提示如下:INS-13001环境不满足最低要求,即修改一个文件。设置完后,点击确定。
Oracle 11g RAC安装配置详解——2020PMP考试相关
"本文档详细介绍了在Linux Red Hat 6.5环境下,使用Oracle用户...创建Oracle RAC实例是一项复杂的工作,涉及到系统、网络、存储等多个层面的规划和配置。在实施过程中,必须遵循最佳实践,确保系统的稳定性和高可用性。
评论
添加红包

请填写红包祝福语或标题

红包个数最小为10个

红包金额最低5元

当前余额3.43前往充值 >
需支付:10.00
成就一亿技术人!
领取后你会自动成为博主和红包主的粉丝 规则
hope_wisdom
发出的红包
实付
使用余额支付
点击重新获取
扫码支付
钱包余额 0

抵扣说明:

1.余额是钱包充值的虚拟货币,按照1:1的比例进行支付金额的抵扣。
2.余额无法直接购买下载,可以购买VIP、付费专栏及课程。

余额充值