# Turn on the SSH service and make sure it starts automatically on reboot.
# service sshd start
# Manual User Equivalence (Key-Based Authentication) Configuration
Assuming we have a two node cluster (rac1.localdomain, rac2.localdomain), log in as the "oracle" user and perform the following tasks on each node.
su - oracle
mkdir ~/.ssh
chmod 700 ~/.ssh
/usr/bin/ssh-keygen -t rsa # Accept the default settings.
The RSA public key is written to the ~/.ssh/id_rsa.pub file and the private key to the ~/.ssh/id_rsa file.
Log in as the "oracle" user on rac1.localdomain, generate an "authorized_keys" file and copy it to rac2.localdomainusing the following commands.
su - oracle
cd ~/.ssh
cat id_rsa.pub >> authorized_keys
scp authorized_keys rac2.localdomain:/home/oracle/.ssh/
Next, log in as the "oracle" user on rac2.localdomain and perform the following commands.
su - oracle
cd ~/.ssh
cat id_rsa.pub >> authorized_keys
scp authorized_keys rac1.localdomain:/home/oracle/.ssh/
The "authorized_keys" file on both servers now contains the public keys generated on all nodes.
To enable SSH user equivalency on the cluster member nodes issue the following commands on each node.
ssh rac1 date
ssh rac2 date
ssh rac1.localdomain date
ssh rac2.localdomain date
exec /usr/bin/ssh-agent $SHELL
/usr/bin/ssh-add
You should check the permission of the files ( else ssh will not work)
on the remote machine using ls -l ~/.ssh and setup the permission:
chmod 600 ~/.ssh/authorized_keys
chmod 600 ~/.ssh/id_rsa
chmod 700 ~/.ssh/id_rsa.pub
chmod 700 /home/oracle/.ssh
----------------------------------------------------------------------------
# sshUserSetup.sh (Oracle Method)
The Oracle 11gR2 grid and database media includes a "sshsetup" directory containing a "sshUserSetup.sh" file. Running this file with no parameter shows the usage information.
$ cd /path/to/grid/media/sshsetup
$ ./sshUserSetup.sh
More details : https://oracle-base.com/articles/linux/user-equivalence-configuration-on-linux
No comments:
Post a Comment