SSH用户等效性配置

 

GRUB启动文件配置说明

 

Oracle 11gR2 SCAN 详解（转载整理）

SSH用户等效性配置  

2012-12-07 18:13:09|  分类：Oracle |  标签：|字号大中小 订阅

在安装Oracle RAC 11g期间，OUI需要把文件复制到集群中的其他主机上并在其上执行程序。 为了允许OUI完成此任务，必须配置SSH以启用用户等效性。 用SSH建立用户等效性就提供了一种在集群中其他主机上复制文件和执行程序时不需要口令提示的安全方式。

示例：在rac1、rac2、rac3三个节点上建立oracle用户的SSH用户等效性。

1、 生成SSH的公共密钥和专用密钥（每个节点上执行）

SSH协议有两个版本，版本一 使用RSA；版本二使用DSA，因此我们将创建这两种类型的密钥，以确保SSH能够使用任一版本。

在每个节点上以oracle用户身份登录执行：

$ rm -rf ~/.ssh
$ mkdir ~/.ssh

$ ssh-keygen -t rsa

Generating public/private rsa key pair.

Enter file in which to save the key (/home/oracle/.ssh/id_rsa):  保存密钥的位置

Enter passphrase (empty for no passphrase): 密钥密码

Enter same passphrase again: 重复密码

$ ssh-keygen -t dsa

Generating public/private dsa key pair.

Enter file in which to save the key (/home/oracle/.ssh/id_dsa): 保存密钥的位置

Enter passphrase (empty for no passphrase): 密钥密码

Enter same passphrase again: 重复密码

2、创建authorized_keys（每个节点上执行）

在每个节点上以oracle用户身份登录执行（touch命令 ：如果文件已存在则使用该文件否则创建文件）：

$ touch ~/.ssh/authorized_keys

$ ls -al ~/.ssh

drwxr-xr-x 2 oracle oinstall 4096 12-10 23:07 .
drwx------ 4 oracle oinstall 4096 12-11 13:34 ..
-rw-r--r-- 1 oracle oinstall 3054 12-10 23:08 authorized_keys
-rw------- 1 oracle oinstall  736 12-10 22:00 id_dsa
-rw-r--r-- 1 oracle oinstall  613 12-10 22:00 id_dsa.pub
-rw------- 1 oracle oinstall 1743 12-10 22:00 id_rsa
-rw-r--r-- 1 oracle oinstall  405 12-10 22:00 id_rsa.pub
-rw-r--r-- 1 oracle oinstall 1200 12-10 23:07 known_hosts

3、密钥内容复制 （每个节点上执行）

复制节点rac1密钥内容

$ ssh oracle@rac1 cat ~/.ssh/id_rsa.pub >> ~/.ssh/authorized_keys

The authenticity of host 'rac1 (xxx.xxx.xxx.xxx)' can't be established.

RSA key fingerprint is d1:xxxxxxxxxxxxxxxxxxxxxxxxxxxx

Are you sure you want to continue connecting (yes/no)? yes

Warning: Permanently added ' rac1 (xxx.xxx.xxx.xxx) (RSA) to the list of known hosts.

oracle@ rac1 's password: oracle用户密码

$ ssh oracle@rac1 cat ~/.ssh/id_dsa.pub >> ~/.ssh/authorized_keys

The authenticity of host 'rac1 (xxx.xxx.xxx.xxx)' can't be established.

DSA key fingerprint is d1:xxxxxxxxxxxxxxxxxxxxxxxxxxxx

Are you sure you want to continue connecting (yes/no)? yes

Warning: Permanently added ' rac1 (xxx.xxx.xxx.xxx) (DSA) to the list of known hosts.

oracle@ rac1 's password: oracle用户密码

复制节点rac2密钥内容

$ ssh oracle@rac2 cat ~/.ssh/id_rsa.pub >> ~/.ssh/authorized_keys

The authenticity of host 'rac2 (xxx.xxx.xxx.xxx)' can't be established.

RSA key fingerprint is d1:xxxxxxxxxxxxxxxxxxxxxxxxxxxx

Are you sure you want to continue connecting (yes/no)? yes

Warning: Permanently added ' rac1 (xxx.xxx.xxx.xxx) (RSA) to the list of known hosts.

oracle@ rac2' s password: oracle用户密码

$ ssh oracle@rac2 cat ~/.ssh/id_dsa.pub >> ~/.ssh/authorized_keys

The authenticity of host 'rac2 (xxx.xxx.xxx.xxx)' can't be established.

DSA key fingerprint is d1:xxxxxxxxxxxxxxxxxxxxxxxxxxxx

Are you sure you want to continue connecting (yes/no)? yes

Warning: Permanently added ' rac1 (xxx.xxx.xxx.xxx) (DSA) to the list of known hosts.

oracle@ rac2 's password: oracle用户密码

复制节点rac3密钥内容

$ ssh oracle@rac3 cat ~/.ssh/id_rsa.pub >> ~/.ssh/authorized_keys

The authenticity of host 'rac3 (xxx.xxx.xxx.xxx)' can't be established.

RSA key fingerprint is d1:xxxxxxxxxxxxxxxxxxxxxxxxxxxx

Are you sure you want to continue connecting (yes/no)? yes

Warning: Permanently added ' rac1 (xxx.xxx.xxx.xxx) (RSA) to the list of known hosts.

oracle@ rac3' s password: oracle用户密码

$ ssh oracle@rac3 cat ~/.ssh/id_dsa.pub >> ~/.ssh/authorized_keys

The authenticity of host 'rac3 (xxx.xxx.xxx.xxx)' can't be established.

DSA key fingerprint is d1:xxxxxxxxxxxxxxxxxxxxxxxxxxxx

Are you sure you want to continue connecting (yes/no)? yes

Warning: Permanently added ' rac1 (xxx.xxx.xxx.xxx) (DSA) to the list of known hosts.

oracle@ rac3 's password: oracle用户密码

4、建立用户等效性

在每个节点主机上以oracle用户身份登录：

$ exec ssh-agent $SHELL

$ ssh-add

5、验证

$ ssh rac1 date; ssh rac2 date; ssh rac3 date;