This Example Done on Two Node SSH Setup:
Log on as user ORACLE on nodes. Do not give pass phrase to any of the methods below.ON NODE 1
Step 1
[root@rac1pub ~]# su - oracle
Step 2
[oracle@rac1pub ~]$ ssh-keygen -t dsa
Generating public/private dsa key pair.
Enter file in which to save the key (/home/oracle/.ssh/id_dsa):
Created directory '/home/oracle/.ssh'.
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /home/oracle/.ssh/id_dsa.
Your public key has been saved in /home/oracle/.ssh/id_dsa.pub.
The key fingerprint is:
b1:24:2f:8f:5a:27:4b:ce:aa:09:ce:13:bd:d8:b1:3e oracle@rac1pub.kasb.com
Step 3
[oracle@rac1pub ~]$ ssh-keygen -t rsa
Generating public/private rsa key pair.
Enter file in which to save the key (/home/oracle/.ssh/id_rsa):
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /home/oracle/.ssh/id_rsa.
Your public key has been saved in /home/oracle/.ssh/id_rsa.pub.
The key fingerprint is:
68:0f:79:13:76:a7:a1:2e:ce:6e:1f:a6:2b:1a:15:f3 oracle@rac1pub.kasb.com
Step 4
[oracle@rac1pub ~]$ cd /home/oracle/.ssh
Step 5
[oracle@rac1pub .ssh]$ ls -ltr
total 16
-rw-r--r-- 1 oracle oinstall 613 Oct 16 23:06 id_dsa.pub
-rw------- 1 oracle oinstall 668 Oct 16 23:06 id_dsa
-rw-r--r-- 1 oracle oinstall 233 Oct 16 23:06 id_rsa.pub
-rw------- 1 oracle oinstall 883 Oct 16 23:06 id_rsa
Step 6
Note: The file name should be (authorized_keys) their is no chance for spelling mistake.
otherwise your ssh will be failed.
[oracle@rac1pub .ssh]$ cat id_dsa.pub >> authorized_keys
[oracle@rac1pub .ssh]$ cat id_rsa.pub >> authorized_keys
Step 7
Now we are sending node1 ssh keys to node 2 in temporary file because to get this keys in authorized_keys file of Node 2
[oracle@rac1pub .ssh]$ scp authorized_keys rac2pub:/tmp/rac1keys.tmp
The authenticity of host 'storage (192.168.1.192)' can't be established.
RSA key fingerprint is 97:b4:a8:13:a1:76:57:44:e2:0b:60:c1:b8:13:db:27.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added 'rac2pub,192.168.1.192' (RSA) to the list of known hosts.oracle@rac2pub's password:
authorized_keys 100% 1692 1.7KB/s 00:00
ON NODE 2
Now you can verfiy on Rac node 2 in tmp directory file(rac1keys.tmp) should be their
[oracle@rac2pub ~]$ cd /tmp
[oracle@rac2pub tmp]$ ls -ltr
-rw-r--r-- 1 oracle oinstall 1692 Oct 17 00:06 rac1keys.tmp
STEPS ON NODE 2==================================================
Note: Follow same Steps(1 to 6) done on RAC node 1
Step 7
Now we are sending node2 ssh keys to node 1 in temporary file because to get this keys in authorized_keys file of Node 1
[oracle@rac2pub .ssh]$ scp authorized_keys rac1pub:/tmp/rac2keys.tmp
The authenticity of host 'storage (192.168.1.191)' can't be established.
RSA key fingerprint is 97:b4:a8:13:a1:76:57:44:e2:0b:60:c1:b8:13:db:27.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added 'rac1pub,192.168.1.191' (RSA) to the list of known hosts.oracle@rac1pub's password:
authorized_keys 100% 1692 1.7KB/s 00:00
ON NODE 1
Now you can verfiy on Rac node 1 in tmp directory file (rac2keys.tmp) should be their
[oracle@rac1pub ~]$ cd /tmp
[oracle@rac1pub tmp]$ ls -ltr
-rw-r--r-- 1 oracle oinstall 1692 Oct 17 00:15 rac2keys.tmp
After you have done all above now proceed further
ON NODE 1
[oracle@rac1pub ~]$ cd /home/oracle/.ssh/
[oracle@rac1pub .ssh]$ cat /tmp/rac2keys.tmp >> authorized_keys
ON NODE 2
[oracle@rac2pub ~]$ cd /home/oracle/.ssh/
[oracle@rac2pub .ssh]$ cat /tmp/rac1keys.tmp >> authorized_keys
Gather ssh fingerprints of all RAC nodes.
Now get fingerprints of all possible interfaces / nodes of this RAC setup using ssh.
NOTE: You need to exit after each successful logon to avoid confusion.
On Node 1:
ssh rac1pub.kasb.com
ssh rac1pvt.kasb.com
ssh rac2pub.kasb.com
ssh rac2pvt.kasb.com
ssh rac1pub
ssh rac1pvt
ssh rac2pub
ssh rac2pvt
On Node 2:
ssh rac1pub.kasb.com
ssh rac2pub.kasb.com
ssh rac1pvt.kasb.com
ssh rac2pvt.kasb.com
ssh rac1pub
ssh rac1pvt
ssh rac2pub
ssh rac2pvt
I put two practical example for your more uderstanding that what I am trying to say in Gather ssh fingerprints of all RAC nodes.
============================================================================
[oracle@rac1pub .ssh]$ ssh rac1pub.kasb.com
The authenticity of host 'rac1pub.kasb.com (192.168.1.191)' can't be established.
RSA key fingerprint is 97:b4:a8:13:a1:76:57:44:e2:0b:60:c1:b8:13:db:27.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added 'rac1pub.kasb.com,192.168.1.191' (RSA) to the list of known hosts.
[oracle@rac1pub ~]$ exit
logout
Connection to rac1pub.kasb.com closed.
[oracle@rac1pub .ssh]$ ssh rac1pvt.kasb.com
The authenticity of host 'rac1pvt.kasb.com (10.0.0.1)' can't be established.
RSA key fingerprint is 97:b4:a8:13:a1:76:57:44:e2:0b:60:c1:b8:13:db:27.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added 'rac1pvt.kasb.com,10.0.0.1' (RSA) to the list of known hosts.
Last login: Sun Oct 16 23:34:57 2011 from rac1pub.kasb.com
[oracle@rac1pub ~]$ exit
logout
=================================================================================
Verfication of Passwordless SSH connection
Here your passwordless connection established between both node
ON NODE 1You can see date of both nodes will be appeared without password prompt
[oracle@rac1pub ~]$ ssh rac1pub date
Sun Oct 16 23:41:29 PKT 2011
[oracle@rac1pub ~]$ ssh rac2pub date
Sun Oct 16 23:41:03 PKT 2011
[oracle@rac1pub ~]$ ssh rac2pvt date
Sun Oct 16 23:41:20 PKT 2011
ON Node 2
[oracle@rac2pub ~]$ ssh rac1pub date
Sun Oct 16 23:42:18 PKT 2011
[oracle@rac2pub ~]$ ssh rac1pvt date
Sun Oct 16 23:42:26 PKT 2011
[oracle@rac2pub ~]$ ssh rac2pvt date
Sun Oct 16 23:41:59 PKT 2011
[oracle@rac2pub ~]$ ssh rac2pub date
Sun Oct 16 23:42:06 PKT 2011
[oracle@rac2pub ~]$ ssh 192.168.1.191 date
Sun Oct 16 23:42:52 PKT 2011
Congratualtion your SSH have now Configured for Oracle Rac 10g.
No comments:
Post a Comment