RAC ssh 配置——官方文献

最新推荐文章于 2025-12-10 21:23:44 发布
转载 最新推荐文章于 2025-12-10 21:23:44 发布 · 144 阅读 · 0
文章标签:

#运维 #数据库 #shell

本文介绍如何在集群的每个节点上配置SSH,包括创建RSA和DSA密钥、设置授权密钥文件,以及如何启用SSH用户等效性以实现无密码登录。适用于希望了解详细SSH配置步骤的读者。
2.3.7.1 Configuring SSH on Cluster Member Nodes

To configure SSH, you must first create RSA and DSA keys on each cluster node, and then copy the keys from all cluster node members into an authorized keys file on each node. To do this task, complete the following steps:

Create RSA and DSA keys on each node: Complete the following steps on each node:

  1. Log in as the oracle user.

  2. If necessary, create the .ssh directory in the oracle user's home directory and set the correct permissions on it:

    $ mkdir ~/.ssh
$ chmod 700 ~/.ssh
$ chmod 700

  3. Enter the following commands to generate an RSA key for version 2 of the SSH protocol:

    $ /usr/bin/ssh-keygen -t rsa

    At the prompts:

    • Accept the default location for the key file.

    • Enter and confirm a pass phrase that is different from the oracle user's password.

    This command writes the public key to the ~/.ssh/id_rsa.pub file and the private key to the ~/.ssh/id_rsa file. Never distribute the private key to anyone.

  4. Enter the following commands to generate a DSA key for version 2 of the SSH protocol:

    $ /usr/bin/ssh-keygen -t dsa

    At the prompts:

    • Accept the default location for the key file

    • Enter and confirm a pass phrase that is different from the oracle user's password

    This command writes the public key to the ~/.ssh/id_dsa.pub file and the private key to the ~/.ssh/id_dsa file. Never distribute the private key to anyone.

Add keys to an authorized key file: Complete the following steps:

  1. On the local node, determine if you have an authorized key file (~/.ssh/authorized_keys). If the authorized key file already exists, then proceed to step 2. Otherwise, enter the following commands:

    $ touch ~/.ssh/authorized_keys
$ cd ~/.ssh
$ ls

    You should see the id_dsa.pub and id_rsa.pub keys that you have created.

  2. Using SSH, copy the contents of the ~/.ssh/id_rsa.pub and ~/.ssh/id_dsa.pub files to the file ~/.ssh/authorized_keys, and provide the Oracle user password as prompted. This process is illustrated in the following syntax example with a two-node cluster, with nodes node1 and node2, where the Oracle user path is /home/oracle:

    [oracle@node1 .ssh]$ ssh node1 cat /home/oracle/.ssh/id_rsa.pub >> authorized_keys
oracle@node1's password:
[oracle@node1 .ssh]$ ssh node1 cat /home/oracle/.ssh/id_dsa.pub >> authorized_keys
[oracle@node1 .ssh$ ssh node2 cat /home/oracle/.ssh/id_rsa.pub >> authorized_keys
oracle@node2's password:
[oracle@node1 .ssh$ ssh node2 cat /home/oracle/.ssh/id_dsa.pub >>authorized_keys
oracle@node2's password:

    Note:

    Repeat this process for each node in the cluster.

  3. Use SCP (Secure Copy) or SFTP (Secure FTP) to copy the authorized_keys file to the Oracle user .ssh directory on a remote node. The following example is with SCP, on a node called node2, where the Oracle user path is /home/oracle:

    [oracle@node1 .ssh]scp authorized_keys node2:/home/oracle/.ssh/

  4. Repeat step 2 and 3 for each cluster node member. When you have added keys from each cluster node member to the authorized_keys file on the last node you want to have as a cluster node member, then use SCP to copy the complete authorized_keys file back to each cluster node member

    Note:

    The Oracle user's /.ssh/authorized_keys file on every node must contain the contents from all of the /.ssh/id_rsa.pub and /.ssh/id_dsa.pub files that you generated on all cluster nodes.

  5. Change the permissions on the Oracle user's /.ssh/authorized_keys file on all cluster nodes:

    $ chmod 600 ~/.ssh/authorized_keys

    At this point, if you use ssh to log in to or run a command on another node, you are prompted for the pass phrase that you specified when you created the DSA key.

2.3.7.2 Enabling SSH User Equivalency on Cluster Member Nodes

To enable Oracle Universal Installer to use the ssh and scp commands without being prompted for a pass phrase, follow these steps:

  1. On the system where you want to run Oracle Universal Installer, log in as the oracle user.

  2. Enter the following commands:

    $ exec /usr/bin/ssh-agent $SHELL
$ /usr/bin/ssh-add

  3. At the prompts, enter the pass phrase for each key that you generated.

    If you have configured SSH correctly, then you can now use the ssh or scp commands without being prompted for a password or a pass phrase.

  4. If you are on a remote terminal, and the local node has only one visual (which is typical), then use the following syntax to set the DISPLAY environment variable:

    Bourne, Korn, and Bash shells

    $ export DISPLAY=hostname:0

    C shell:

    $ setenv DISPLAY 0

    For example, if you are using the Bash shell, and if your hostname is node1, then enter the following command:

    $ export DISPLAY=node1:0

  5. To test the SSH configuration, enter the following commands from the same terminal session, testing the configuration of each cluster node, where nodename1, nodename2, and so on, are the names of nodes in the cluster:

    $ ssh nodename1 date
$ ssh nodename2 date
    .
    .
    .
[@more@]

来自 “ ITPUB博客 ” ,链接:http://blog.itpub.net/22934571/viewspace-1048523/,如需转载,请注明出处,否则将追究法律责任。

转载于:http://blog.itpub.net/22934571/viewspace-1048523/

csb47658
关注
rac部署前配置互信
kevinyu998的博客
05-01 1945
sshUserSetup.sh在GI安装介质解压缩后的oui/prov/resources/scripts目录下。方法之一:使用sshUserSetup.sh快速创建互信。db1 db2指两个主机的主机名,根据实际情况调整。
RAC】在所有集群节点手动配置SSH无密码访问
个人公众号:Alen的数据库学习笔记
04-05 1601
在进行RAC安装时,无密码的SSH配置是一项强制性的安装需求,用来在安装期间配置集群成员节点,并且在安装后,SSH配置助手、OEM、OPatch和其他特性使用。 自动配置的无密码的SSH在集群的所有节点上使用OUI创建RSA密钥,如果由于系统限制无法自动配置,则需要手动配置SSH,例如使用DSA,本篇则演示手动配置无密码的SSH。 1、检查系统已存在的SSH配置 --查看S
rac ssh配置
敖尔其楞的专栏
05-11 850
每次部署rac的时候都要配置ssh互信,手工配置太麻烦了,搞了个简单脚本#!/bin/sh #author:baixiaoyu #create time:20170511 #this script depents on sshpasss ip1=$1 ip2=$2 mkdir ~/.ssh chmod 700 ~/.ssh cd ~/.ssh ssh-keygen -t rsa ssh-keygen
racssh配置
DreamDB的专栏
05-07 4061
  rac中的ssh双机配置1,前提条件 rac1 192.168.5.80  rac2 192.168.5.90修改主机名称是 vi /etc/sysconfig/network 为使其立即生效在修改hostname xx 临时的ip是  ifconfig eth0 ip 2,修改静态主机表 vi /etc/hosts 将本机的主机名,删除 在后面追加 192.168.5.8
RAC中的ssh用户等价
changyanmanman的专栏
09-03 1932
所谓的用户等价,就是以oracle用户从一个节点连接到另一个节点时,不需要输入密码。Clusterware和Database的安装过程都是先在一个节点安装,然后安装程序自动把本地安装好的内容复制到远程相同的目录,这是一个后台拷贝过程,安装人员没有机会输入密码进行验证,因此必须配置用户等价。 oracle允许使用两种用户等价RSH和SSH。推荐使用SSH,因为更安全。
oracle rac ssh 免密码登陆设置
Funny Min的专栏
10-19 3971
su -oracle pwd mkdir ~/.ssh
Oracle19c RAC+ RACDG配置详细部署文档
07-13
配置RAC主库时,`srvctl config database -a -db ORCLCDB`命令用于查看数据库的相关配置,包括唯一名称、数据库名称、Oracle Home、Spfile位置、密码文件、启动和停止选项、角色、管理策略、服务器池、磁盘组、...
Oracle10gRAC安装配置.ppt
11-21
Oracle 10g RAC 安装配置 Oracle 10g RAC(Real Application Clusters)是一种高可用性、可扩展性的数据库解决方案,它允许多个服务器节点组成一个集群,提高了数据库的性能和可用性。在本文档中,我们将详细介绍 ...
oracle rac防火墙配置学习
01-09
Linux 常用命令 oracle rac 中文手册 官网翻译 oracle rac
aix6.1+oracle11g+rac安装配置手册
09-29
aix6.1+oracle11g+rac安装配置手册 aix6系统安装,裸设备配置 oracle11G-RAC安装配置
rac配置SSH互信
DBAngelica的博客
12-07 3222
错误: 在grid用户下直接执行 【./sshUserSetup.sh -user grid -hosts "rac01 rac02 " -advanced -noPromptPassphrase】 这条语句时, 系统提示:找不到sshUserSetup.sh的命令 解决方法: 解压p13390677_112040_Linux-x86-64_3of7.zip  进入解压后的grid目录下...
SSH信任关系设置-oracle rac 信任关系
张小秋博客
12-10 2524
SSH信任关系设置# lslpp -l | grep sshSSH配置:mkdir ~/.ssh chmod 700 ~/.ssh /usr/bin/ssh-keygen -t rsa /usr/bin/ssh-keygen -t dsa touch ~/.ssh/authorized_keys cd ~/.ssh lsemra: cat ./
配置SSH用户等效性(Oracle RAC 11g)
东城绝神
08-11 3010
分别在172.20.27和172.20.28.30两个节点执行如下命令 [root@i-dp1cxy1l ~]# cp /etc/ssh/ssh_config /etc/ssh/ssh_config.bak [root@i-dp1cxy1l ~]# vi /etc/ssh/ssh_config StrictHostKeyChecking no  UserKnownHostsFile
RAC配置SSH
zml19910422的专栏
03-11 846
为Oracle用户配置SSH: 以oracle身份在每个节点执行以下代码 su - oracle mkdir ~/.ssh cd .ssh ssh-keygen -t rsa ssh-keygen -t dsa cat *rsa.pub >> authorized_keys cat *dsa.pub >> authorized_keys   然后在rac1下: ssh rac
2.5.7 配置SSH用户等效性
一玩儿家的田地
01-05 774
Oracle 11gR2在安装Grid Infrastructure的时候,能够通过安装程序配置节点间的SSH用户等效性,之所以要在安装之前配置SSH用户等效性,是为了能够在安装前使用CVU工具来检查安装软件的要求是否满足。CVU检查需要由非root用户来执行,如果执行Clusterware和ASM的检查就用grid用户执行检查的命令,如果执行Database的检查就用oracle用户来执行检查的
OCM_Session7_6_配置oracle用户ssh对等性
一抹曦阳-Oracle
03-23 2533
六、配置oracle用户ssh对等性 这个OCM要求配置。 参考官方文档:http://docs.oracle.com/cd/B19306_01/install.102/b14203/prelinux.htm 2.4.7.1 Configuring SSH on Cluster Member Nodes To configure SSH, you
oracle rac ssh互信,RAC主机配置ssh互信
weixin_39595302的博客
04-09 1240
node1[oracle@node1 ~]$ ssh-keygen -t rsa[oracle@node1 ~]$ ssh-keygen -t dsa[oracle@node1 ~]$ cd .ssh[oracle@node1 ssh]$ cat *.pub >> authorized_keysnode2[oracle@rac2 ~]$ ssh-keygen -t rsa[oracle...
oracle rac ssh对等,如何为Oracle RAC配置SSH
weixin_39883440的博客
04-03 352
众所周知,在安装Oracle Clusterware(Former Oracle CRS)之前,有一些必备的条件,比如双网卡,同版本的操作系统,一些必需的补丁等等,还有一些比如同样ID的组和用户,这些都可以通过clusterware附带的一个检查工具cluvfy进行检查。详细的列表和检查方法可以参考oracle的官方安装文档,除此之外,安装之前另外一个重要的前提就是ssh或者rsh的配置,这就是o...
2025江西省职业院校技能“信创适配及安全管理“赛项解析答案
最新发布
网络安全、网络建设与运维竞赛资料培训请联系主页
12-10 596
本文介绍了服务器基础配置流程,包括:1) 设置主机名和静态IP地址;2) 防火墙配置,启用firewalld服务并开放SSH、DNS、Redis、HTTP/HTTPS、数据库等端口;3) 设置root密码和配置SSH免密登录,支持RSA和SM2算法;4) 搭建主备DNS服务,实现正向和反向解析。这些配置为后续服务部署奠定了基础,确保网络通信安全可靠。
Oracle 11g RAC安装配置详解——2020PMP考试相关
"本文档详细介绍了在Linux Red Hat 6.5环境下,使用Oracle用户...创建Oracle RAC实例是一项复杂的工作,涉及到系统、网络、存储等多个层面的规划和配置。在实施过程中,必须遵循最佳实践,确保系统的稳定性和高可用性。
评论
添加红包

请填写红包祝福语或标题

红包个数最小为10个

红包金额最低5元

当前余额3.43前往充值 >
需支付:10.00
成就一亿技术人!
领取后你会自动成为博主和红包主的粉丝 规则
hope_wisdom
发出的红包
实付
使用余额支付
点击重新获取
扫码支付
钱包余额 0

抵扣说明:

1.余额是钱包充值的虚拟货币,按照1:1的比例进行支付金额的抵扣。
2.余额无法直接购买下载,可以购买VIP、付费专栏及课程。

余额充值