RedHat 建立ssh对等

本文摘自Vincent Chan 的oracle rac在vmware上安装那篇文章

使用 SSH 建立用户等效性。在集群就绪服务 (CRS) 和 RAC 安装过程中，Oracle Universal Installer (OUI) 必须能够以 oracle 的身份将软件复制到所有 RAC 节点，而不提示输入口令。在Oracle 10g中，可以使用 ssh 代替 rsh 完成此操作。

 

要建立用户等效性，请在两个节点上以 oracle 用户身份生成用户的公钥和私钥。打开 rac1 的电源，在这两个节点上执行以下任务。

 

在 rac1 上执行

 

rac1-> mkdir ~/.ssh

rac1-> chmod 700 ~/.ssh

rac1-> ssh-keygen -t rsa

Generating public/private rsa key pair.

Enter file in which to save the key(/export/home/oracle/.ssh/id_rsa):

Enter passphrase (empty for no passphrase):

Enter same passphrase again:

Your identification has been saved in/export/home/oracle/.ssh/id_rsa.

Your public key has been saved in/export/home/oracle/.ssh/id_rsa.pub.

The key fingerprint is:

87:54:4f:92:ba:ed:7b:51:5d:1d:59:5b:f9:44:da:b6oracle@rac1.mycorpdomain.com

rac1-> ssh-keygen -t dsa

Generating public/private dsa key pair.

Enter file in which to save the key(/export/home/oracle/.ssh/id_dsa):

Enter passphrase (empty for no passphrase):

Enter same passphrase again:

Your identification has been saved in/export/home/oracle/.ssh/id_dsa.

Your public key has been saved in/export/home/oracle/.ssh/id_dsa.pub.

The key fingerprint is:

31:76:96:e6:fc:b7:25:04:fd:70:42:04:1f:fc:9a:26 oracle@rac1.mycorpdomain.com

 

在 rac2 上执行

 

rac2-> mkdir ~/.ssh

rac2-> chmod 700 ~/.ssh

rac2-> ssh-keygen -t rsa

Generating public/private rsa key pair.

Enter file in which to save the key(/export/home/oracle/.ssh/id_rsa):

Enter passphrase (empty for no passphrase):

Enter same passphrase again:

Your identification has been saved in/export/home/oracle/.ssh/id_rsa.

Your public key has been saved in/export/home/oracle/.ssh/id_rsa.pub.

The key fingerprint is:

29:5a:35:ac:0a:03:2c:38:22:3c:95:5d:68:aa:56:66oracle@rac2.mycorpdomain.com

rac2-> ssh-keygen -t dsa

Generating public/private dsa key pair.

Enter file in which to save the key(/export/home/oracle/.ssh/id_dsa):

Enter passphrase (empty for no passphrase):

Enter same passphrase again:

Your identification has been saved in/export/home/oracle/.ssh/id_dsa.

Your public key has been saved in/export/home/oracle/.ssh/id_dsa.pub.

The key fingerprint is:

4c:b2:5a:8d:56:0f:dc:7b:bc:e0:cd:3b:8e:b9:5c:7coracle@rac2.mycorpdomain.com

 

在 rac1 上执行

 

rac1-> cat ~/.ssh/id_rsa.pub >>~/.ssh/authorized_keys

rac1-> cat ~/.ssh/id_dsa.pub >>~/.ssh/authorized_keys

rac1-> ssh rac2 cat ~/.ssh/id_rsa.pub>> ~/.ssh/authorized_keys

The authenticity of host 'rac2 (192.168.0.120)'can't be established.

RSA key fingerprint is63:d3:52:d4:4d:e2:cb:ac:8d:4a:66:9f:f1:ab:28:1f.

Are you sure you want to continueconnecting (yes/no)? yes

Warning: Permanently added 'rac2,192.168.0.120'(RSA) to the list of known hosts.

oracle@rac2's password:

rac1-> ssh rac2 cat ~/.ssh/id_dsa.pub>> ~/.ssh/authorized_keys

oracle@rac2's password:

rac1-> scp ~/.ssh/authorized_keysrac2:~/.ssh/authorized_keys

oracle@rac2's password:

authorized_keys                           100% 1716     1.7KB/s  00:00

--安装之后发现,仍然需要密码,原来是.ssh的上级目录给的权限太大了,chmod 700 ~之后就正常了.注:权限太大也不行.

在每个节点上测试连接。验证当您再次运行以下命令时，系统是否不提示您输入口令。

 

ssh rac1 date

ssh rac2 date

ssh rac1-priv date

ssh rac2-priv date

ssh rac1.mycorpdomain.com date

ssh rac2.mycorpdomain.com date

ssh rac1-priv.mycorpdomain.com date

ssh rac2-priv.mycorpdomain.com date