配置Linux两节点SSH密钥信任

最新推荐文章于 2024-07-23 22:53:57 发布
转载 最新推荐文章于 2024-07-23 22:53:57 发布 · 140 阅读 · 0
文章标签:

#运维 #数据库

本文介绍如何在Oracle RAC环境中配置Oracle用户SSH密钥,实现两节点间的无密码登录,并验证配置的有效性。

首先感谢兄弟“瑞瑞”提供资料

1. 生成两节点Oracle用户SSH密钥

Racnode1

[root@racnode1 ~]#su - oracle--------------------->【无.ssh目录】
[oracle@racnode1 ~]$ll -a
total 32K
drwxr-xr-x 3 oracle oinstall 4.0K Jun 13 15:08 .kde
-rw-r--r-- 1 oracle oinstall 120 Jun 13 15:08 .gtkrc
-rw-r--r-- 1 oracle oinstall 124 Jun 13 15:08 .bashrc
-rw-r--r-- 1 oracle oinstall 191 Jun 13 15:08 .bash_profile
-rw-r--r-- 1 oracle oinstall 24 Jun 13 15:08 .bash_logout
drwxr-xr-x 3 root root 4.0K Jun 13 15:08 ..
drwx------ 3 oracle oinstall 4.0K Jun 13 15:08 .
[oracle@racnode1 ~]$ssh-keygen -t rsa--------------------->【一路回车】
Generating public/private rsa key pair.
Enter file in which to save the key (/home/oracle/.ssh/id_rsa):
Created directory '/home/oracle/.ssh'.
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /home/oracle/.ssh/id_rsa.
Your public key has been saved in /home/oracle/.ssh/id_rsa.pub.
The key fingerprint is:
8a:11:ad:48:03:3b:94:b4:bb:a9:fb:b4:df:e1:18:87 oracle@racnode1
[oracle@racnode1 ~]$ssh-keygen -t dsa--------------------->【一路回车】
Generating public/private dsa key pair.
Enter file in which to save the key (/home/oracle/.ssh/id_dsa):
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /home/oracle/.ssh/id_dsa.
Your public key has been saved in /home/oracle/.ssh/id_dsa.pub.
The key fingerprint is:
7d:9e:de:16:85:71:36:09:d3:9e:03:d2:1e:fd:d6:1a oracle@racnode1
[oracle@racnode1 ~]$cat .ssh/*.pub > .ssh/authorized_keys
[oracle@racnode1 ~]$ll -a--------------------->【生成.ssh目录,密码钥也已生成】
total 20K
-rw-r--r-- 1 oracle oinstall 225 Jun 13 15:30 id_rsa.pub
-rw------- 1 oracle oinstall 883 Jun 13 15:30 id_rsa
-rw-r--r-- 1 oracle oinstall 605 Jun 13 15:30 id_dsa.pub
-rw------- 1 oracle oinstall 668 Jun 13 15:30 id_dsa
-rw-r--r-- 1 oracle oinstall 830 Jun 13 15:35 authorized_keys

Racnode2

[root@racnode2 ~]#su - oracle--------------------->【无.ssh目录】
[oracle@racnode1 ~]$ll -a
total 32K
drwxr-xr-x 3 oracle oinstall 4.0K Jun 13 15:08 .kde
-rw-r--r-- 1 oracle oinstall 120 Jun 13 15:08 .gtkrc
-rw-r--r-- 1 oracle oinstall 124 Jun 13 15:08 .bashrc
-rw-r--r-- 1 oracle oinstall 191 Jun 13 15:08 .bash_profile
-rw-r--r-- 1 oracle oinstall 24 Jun 13 15:08 .bash_logout
drwxr-xr-x 3 root root 4.0K Jun 13 15:08 ..
drwx------ 3 oracle oinstall 4.0K Jun 13 15:08 .
[oracle@racnode2 ~]$ssh-keygen -t rsa--------------------->【一路回车】
Generating public/private rsa key pair.
Enter file in which to save the key (/home/oracle/.ssh/id_rsa):
Created directory '/home/oracle/.ssh'.
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /home/oracle/.ssh/id_rsa.
Your public key has been saved in /home/oracle/.ssh/id_rsa.pub.
The key fingerprint is:
8a:11:ad:48:03:3b:94:b4:bb:a9:fb:b4:df:e1:18:87 oracle@racnode1
[oracle@racnode2 ~]$ssh-keygen -t dsa--------------------->【一路回车】
Generating public/private dsa key pair.
Enter file in which to save the key (/home/oracle/.ssh/id_dsa):
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /home/oracle/.ssh/id_dsa.
Your public key has been saved in /home/oracle/.ssh/id_dsa.pub.
The key fingerprint is:
7d:9e:de:16:85:71:36:09:d3:9e:03:d2:1e:fd:d6:1a oracle@racnode1
[oracle@racnode2 ~]$cat .ssh/*.pub > .ssh/authorized_keys
[oracle@racnode2 ~]$ll .ssh/--------------------->【生成.ssh目录,密码钥也已生成】
total 20K
-rw-r--r-- 1 oracle oinstall 225 Jun 13 15:34 id_rsa.pub
-rw------- 1 oracle oinstall 883 Jun 13 15:34 id_rsa
-rw-r--r-- 1 oracle oinstall 605 Jun 13 15:34 id_dsa.pub
-rw------- 1 oracle oinstall 672 Jun 13 15:34 id_dsa
-rw-r--r-- 1 oracle oinstall 830 Jun 13 15:36 authorized_keys

2. 配置两节点Oracle用户SSH无密码登陆的信任关系

Racnode1

[oracle@racnode1 ~]$scp .ssh/authorized_keys oracle@10.10.10.102:/home/oracle/.ssh/keys_dbs
The authenticity of host '10.10.10.102 (10.10.10.102)' can't be established.
RSA key fingerprint is 3c:84:f4:d9:d8:88:2d:9c:99:47:6a:21:1c:93:95:8d.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added '10.10.10.102' (RSA) to the list of known hosts.
oracle@10.10.10.102's password:RacNode2节点Oracle用户的密码
authorized_keys 100%  830     0.8KB/s   00:00

Racnode2

[oracle@racnode2 ~]$cat .ssh/keys_dbs >> .ssh/authorized_keys
[oracle@racnode2 ~]$scp .ssh/authorized_keys oracle@10.10.10.101:/home/oracle/.ssh/
The authenticity of host '10.10.10.101 (10.10.10.101)' can't be established.
RSA key fingerprint is 3c:84:f4:d9:d8:88:2d:9c:99:47:6a:21:1c:93:95:8d.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added '10.10.10.101' (RSA) to the list of known hosts.
oracle@10.10.10.101's password: RacNode1节点Oracle用户的密码
authorized_keys 100% 830 0.8KB/s 00:00

3. 配置两节点Oracle用户信任关系的测试

Racnode1

[oracle@racnode1 ~]$ssh racnode1
The authenticity of host 'racnode1 (10.10.10.101)' can't be established.
RSA key fingerprint is 3c:84:f4:d9:d8:88:2d:9c:99:47:6a:21:1c:93:95:8d.
Are you sure you want to continue connecting (yes/no)? yes
Last login: Mon Jun 13 15:44:03 2011 from racnode1
[oracle@racnode1 ~]$exit
logout
Connection to racnode1 closed.
[oracle@racnode1 ~]$ssh racnode2
The authenticity of host 'racnode2 (10.10.10.102)' can't be established.
RSA key fingerprint is 3c:84:f4:d9:d8:88:2d:9c:99:47:6a:21:1c:93:95:8d.
Are you sure you want to continue connecting (yes/no)? yes
Last login: Mon Jun 13 15:44:03 2011 from racnode1
[oracle@racnode2 ~]$exit
logout
Connection to racnode1 closed.
[oracle@racnode1 ~/.ssh]$ssh racnode1-priv
The authenticity of host 'racnode1-priv (192.168.0.101)' can't be established.
RSA key fingerprint is 3c:84:f4:d9:d8:88:2d:9c:99:47:6a:21:1c:93:95:8d.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added 'racnode1-priv,192.168.0.101' (RSA) to the list of known hosts.
Last login: Mon Jun 13 15:46:07 2011 from racnode1
[oracle@racnode1 ~]$exit
logout
Connection to racnode1-priv closed.
[oracle@racnode1 ~/.ssh]$ssh racnode2-priv
The authenticity of host 'racnode2-priv (192.168.0.102)' can't be established.
RSA key fingerprint is 3c:84:f4:d9:d8:88:2d:9c:99:47:6a:21:1c:93:95:8d.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added 'racnode2-priv,192.168.0.102' (RSA) to the list of known hosts.
Last login: Mon Jun 13 15:46:59 2011 from racnode1
[oracle@racnode2 ~]$exit
logout
Connection to racnode2-priv closed.

Racnode2

[oracle@racnode2 ~]$ssh racnode1
The authenticity of host 'racnode1 (10.10.10.101)' can't be established.
RSA key fingerprint is 3c:84:f4:d9:d8:88:2d:9c:99:47:6a:21:1c:93:95:8d.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added 'racnode1' (RSA) to the list of known hosts.
Last login: Mon Jun 13 15:49:14 2011 from racnode1-priv
[oracle@racnode1 ~]$exit
logout
Connection to racnode1 closed.
[oracle@racnode2 ~]$ssh racnode2
The authenticity of host 'racnode2 (10.10.10.102)' can't be established.
RSA key fingerprint is 3c:84:f4:d9:d8:88:2d:9c:99:47:6a:21:1c:93:95:8d.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added 'racnode2,10.10.10.102' (RSA) to the list of known hosts.
Last login: Mon Jun 13 15:49:28 2011 from racnode1-priv
[oracle@racnode2 ~]$exit
logout
Connection to racnode2 closed.
[oracle@racnode2 ~]$ssh racnode1-priv
The authenticity of host 'racnode1-priv (192.168.0.101)' can't be established.
RSA key fingerprint is 3c:84:f4:d9:d8:88:2d:9c:99:47:6a:21:1c:93:95:8d.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added 'racnode1-priv,192.168.0.101' (RSA) to the list of known hosts.
Last login: Mon Jun 13 15:49:56 2011 from racnode2
[oracle@racnode1 ~]$exit
logout
Connection to racnode1-priv closed.
[oracle@racnode2 ~]$ssh racnode2-priv
The authenticity of host 'racnode2-priv (192.168.0.102)' can't be established.
RSA key fingerprint is 3c:84:f4:d9:d8:88:2d:9c:99:47:6a:21:1c:93:95:8d.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added 'racnode2-priv,192.168.0.102' (RSA) to the list of known hosts.
Last login: Mon Jun 13 15:50:16 2011 from racnode2
[oracle@racnode2 ~]$exit
logout
Connection to racnode2-priv closed.



linux节点ssh免密码登录linux节点
at_the_beginning的博客
02-24 1782
需求 节点A要ssh免密码登录节点B。 1.产生密钥 节点A和B都要产生秘钥,并且要注意是否在root用户下,登录对象是用户,而不是机器,所以产生密钥前先从root或者其他用户切换到你说需要的用户。然后执行一下命令,然后三次无输入回车确认即可,最终会打印出一个密钥ssh-keygen -t rsa 结果如图: 2.节点A将产生的公钥追加到授权列表里 cd ~/.ssh cat id_rsa.pub >> authorized_keys 3.节点A公钥追加到节点B的授权
linux】多节点互相配置SSH免密实现远程指令执行
weixin_43716055的博客
11-08 665
节点互相配置SSH实现远程指令免密执行
sshkey信任设置
Uncle.Cui的技术博客
01-14 523
1. 在不同的主机上执行 ssh-keygen 2. 复制公钥到其他服务器上 ssh-copy-id -i ./.ssh/id_rsa.pub username@XXX
linux ssh 添加信任,建立linux ssh信任及常见问题解决办法
weixin_33525438的博客
05-11 835
1、生成本地服务器ssh私钥,如已存在,可忽略。$ssh-keygen-trsaGeneratingpublic/privatersakeypair.Enterfileinwhichtosavethe&nbsp..1、生成本地服务器ssh私钥,如已存在,可忽略。$ssh-keygen-trsaGeneratingpublic/privatersakeypair.Enterfi...
节点配置SSH
zhou_0720的博客
04-17 606
节点配置SSH 采用普通用户hadoop分别在hadoop01~hadoop07主机上运行:   第一步:ssh-keygen -t rsa -P '' 把公钥文件写入本机授权文件中,并赋值权限 第二步:cat ~/.ssh/id_rsa.pub>> ~/.ssh/authorized_keys 第三步:chmod 600 ~/.ssh/authorized_keys 配置M
oracle 11g r2 rac ssh两节点互信对等配置Permission denied (publickey,gssapi-with-mic,password)...
weixin_33913377的博客
12-23 1220
问题:安装oracle 11g r2 RAC grid 时,配置两节点ssh互信对等配置不成功,具体错误信息如下:------------------------------------------------------------------------Verifying SSH connectivity has been setup from rac1 to rac1-...
在CentOS中配置三个节点之间相互SSH免密登陆
凡尘
07-23 851
配置CentOS中三个节点两两之间相互SSH免密登陆的过程主要涉及生成密钥对、分发公钥和验证配置三个步骤。通过遵循上述步骤,可以确保每个节点都能无密码地登录到其他节点,从而简化管理和操作过程。
linux cetos7 配置三个节点配置ssh免密登录 (最简便)
weixin_58220410的博客
04-07 2078
master 192.168.116.200 slave1 192.168.116.201 slave2 192.168.116.202 1.在 master节点生成 密钥ssh-keygen -t rsa 过程中需要按三次回车 2.发送到其他节点(每个节点都要生成密钥,然后发送其他节点包括自身) 每次发送都需要按提示 输入yes回车后再输入目标节点的密码 ssh-copy-id root@master ssh-copy-id root@slave1 ssh-copy-id ro
Linux CentOS 节点之间的SSH密钥登录配置
Star-Technology
05-09 1213
Step 1: 分别在三个节点执行命令:cd ~ Step 2: 分别在三个节点执行命令:ls -al Step 3: 分别在三个节点执行命令:ssh-keygen,然后按三下回车 Step 4: 分别在三个节点执行命令:ssh-copy-id -i ~/.ssh/id_rsa.pub root@node11—–输入yes和密码(123123) S
ssh密钥登录或建立信任主机遇到的问题
weixin_33690367的博客
12-08 375
建立信任主机之后,在远程执行命令或者拷贝文件的时候虽然不要密码了,但是会有这样的提示(不过执行命令或拷贝文件没影响),但是就是感觉别扭。 原因:ssh 登录的时候会做一系列安全检查,其中有一项是 主机名与ip地址是否能解析,如果解析不了就会报这个错误。如果你有dns服务器 ,在服务器上做解析也行。总之,ping主机名必须解析到对应的ip地址, 解决方法一:在/etc/hosts 文件加上对方的主...
纯手工打造多节点ssh无密码相互信任
weixin_34116110的博客
06-14 96
在以前的文章(SSH-无密码相互远程登录)中介绍的是自动拷贝公钥到多节点上面。ssh-copy-id命令非常的方便,但是有的系统中不一定有此命令即使安装了openssh-clients包也不一定有此命令,这时多节点间的相互信任配置起来就束手无策了。但是不要怕这里介绍一个小技巧 (1)在每个节点上面都执行ssh-keygen –tdsa 生成密钥对,其位...
解决The authenticity of host can’t be established ECDSA key fingerprint is SHA256
热门推荐
weixin_45644532的博客
10-29 3万+
Linux 使用Expect 远程连接宿主机时会提示The authenticity of host can’t be established ECDSA key fingerprint is SHA256无法连接的问题 1、在测试机第一次远程连接宿主机时,是不会出现这个问题的,因每次连接时,测试机都会在宿主机的/root/.ssh/known_hosts 文件中产生一个测试机连接IP 所使用的的key,下次连接时就可以直接访问宿主机 2、由于在DHCP的机制下,不同的机器在不用的时间段会使用.
ssh登录 The authenticity of host 192.168.0.xxx can‘t be established. 的问题
白不懂黑的静的专栏
05-06 1440
问题: 在使用xshell进行两个服务器之间文件拷贝的时候,出现The authenticity of host 192.168.0.xxx can't be established. 的问题 解决办法: 修改/etc/ssh/ssh_config文件的配置,以后则不会再出现此问题 最后面添加: StrictHostKeyChecking no UserKnownHostsFile /dev/null ...
ssh登录 The authenticity of host 192.168.0.xxx can't be established. 的问题
weixin_30566111的博客
01-27 262
ssh登录一个机器(换过ip地址),提示输入yes后,屏幕不断出现y,只有按ctrl + c结束 错误是:The authenticity of host 192.168.0.xxx can't be established. 以前和同事碰到过这个问题,解决了,没有记录,这次又碰到了不知道怎么处理,还好有QQ聊天记录,查找到一下,找到解决方案: 执行ssh -...
ssh连接The authenticity of host can‘t be established
飞鱼计划
06-09 2万+
ssh连接The authenticity of host can't be established 修改/etc/ssh/ssh_config文件的配置,以后则不会再出现此问题 最后面添加: StrictHostKeyChecking no UserKnownHostsFile /dev/null
scp登录The authenticity of host 192.168.0.xxx can‘t be established. 的问题
番茄的博客
04-02 977
因学习交叉编译时需要在windows下的虚拟机Linux系统与另外一台Linux直接传输文件,但用scp传输时老是弹出如下错误,折腾了半天总算解决了。
The authenticity of host xxx can‘t be established 错误
东城庞太师
12-05 6006
解决:忽略,直接输入yes即可!
好记心不如烂笔头,ssh登录 The authenticity of host 192.168.0.xxx can't be established. 的问题...
party
09-06 240
ssh登录一个机器(换过ip地址),提示输入yes后,屏幕不断出现y,只有按ctrl + c结束 错误是:The authenticity of host 192.168.0.xxx can't be established. 以前和同事碰到过这个问题,解决了,没有记录,这次又碰到了不知道怎么处理,还好有QQ聊天记录,查找到一下,找到解决方案: 执行ssh -o StrictH...
jenkins部署Linux分支节点SSH方式
最新发布
12-27
### Jenkins配置Linux分支节点使用SSH连接的方法 #### 准备工作 为了使Jenkins能够通过SSH管理远程Linux机器作为其分支节点,需先确认目标Linux主机已安装并运行了SSH服务。通常情况下,默认的OpenSSH服务器已经满足需求。 #### 安装必要的软件包 确保在Linux客户端上安装Git工具以便于后续操作[^1]: ```bash yum install git ``` 对于Docker环境中的Jenkins实例,则按照如下指令启动带有适当权限映射的容器[^2]: ```bash docker run -u root -p 8080:8080 -p 50000:50000 \ -v jenkins-data:/var/jenkins_home \ -v /var/run/docker.sock:/var/run/docker.sock \ -v /home/idea:/home/idea jenkinsci/blueocean ``` #### 配置SSH密钥认证 创建无密码登录机制来简化自动化流程。这一步骤涉及生成一对公私钥,并将公钥复制到远端Linux系统的`~/.ssh/authorized_keys`文件内。 ##### 在本地(即Jenkins Master)执行以下命令: ```bash ssh-keygen -t rsa -C "your_email@example.com" cat ~/.ssh/id_rsa.pub | ssh user@remote_host 'mkdir -p ~/.ssh && cat >> ~/.ssh/authorized_keys' ``` #### 添加新节点至Jenkins 进入Jenkins Web界面完成新增Node的操作,在此过程中指定采用SSH方式进行通信,并提供相应的Host名/IP地址以及凭证信息。 - **名称**: 自定义描述性的名字给这个新的agent。 - **永久代理(Permanent Agent)**: 勾选此项表示该Agent一直在线等待任务分配。 - **Remote Root Directory**: 设置远程根目录用于存放构建产物等资源。 - **Labels**: 可以为不同的项目打标签方便调度策略制定。 - **Launch method and environment configuration options**: - Launch agent by connecting it to the master (via SSH): 选择这种方式建立链接; - Hostname or IP address of remote machine: 输入要连入的目标机IP或域名; - Credentials: 利用之前准备好的SSH key对进行身份验证; #### 测试连接有效性 保存设置之后点击“Test Configuration”,如果一切正常应该可以看到成功的提示消息。此时意味着Master可以顺利地经由SSH访问Slave节点上的shell终端了。
评论
添加红包

请填写红包祝福语或标题

红包个数最小为10个

红包金额最低5元

当前余额3.43前往充值 >
需支付:10.00
成就一亿技术人!
领取后你会自动成为博主和红包主的粉丝 规则
hope_wisdom
发出的红包
实付
使用余额支付
点击重新获取
扫码支付
钱包余额 0

抵扣说明:

1.余额是钱包充值的虚拟货币,按照1:1的比例进行支付金额的抵扣。
2.余额无法直接购买下载,可以购买VIP、付费专栏及课程。

余额充值