SSH信任

配置SSH的目的就是使得两个节点的主机之间的相同用户可以无障碍的通信,SSH主要包括两条命令,即scp和ssh。当用户在一个节点上安装和配置RAC软件时,SSH将通过scp命令,以对等用户的身份,将软件复制到其他节点上。
注意:这种信任是oracle用户之间的,所以要切换到oracle用户下进行。
[oracle@rac2 ~]$ mkdir .ssh
[oracle@rac2 ~]$ chmod 700 .ssh
在rac2上产生rsa、dsa密钥
[oracle@rac2 ~]$ ssh-keygen -t rsa
Generating public/private rsa key pair. */以下全部回车
Enter file in which to save the key (/home/oracle/.ssh/id_rsa):
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /home/oracle/.ssh/id_rsa.
Your public key has been saved in /home/oracle/.ssh/id_rsa.pub.
The key fingerprint is:
cd:a7:af:8d:50:89:84:65:e9:83:23:c9:09:3d:3c:e0 oracle@rac2.localdomain
[oracle@rac2 ~]$ ssh-keygen -t dsa
Generating public/private dsa key pair. */以下全部回车
Enter file in which to save the key (/home/oracle/.ssh/id_dsa):
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /home/oracle/.ssh/id_dsa.
Your public key has been saved in /home/oracle/.ssh/id_dsa.pub.
The key fingerprint is:
e1:b4:97:bd:85:b4:07:f9:fc:83:c4:5b:10:cf:51:a3 oracle@rac2.localdomain
[oracle@rac2 ~]$ cd .ssh
[oracle@rac2 .ssh]$ ls
id_dsa  id_dsa.pub  id_rsa  id_rsa.pub

将密钥信息写道authorized_keys文件中并修改修改权限
[oracle@rac2 .ssh]$ cat id_rsa.pub >> authorized_keys
[oracle@rac2 .ssh]$ cat id_dsa.pub >> authorized_keys
[oracle@rac2 .ssh]$ chmod 600 authorized_keys

在rac1上作同样的操作。
[oracle@rac1 ~]$ mkdir .ssh
[oracle@rac1 ~]$ chmod 700 .ssh
[oracle@rac1 ~]$ cd .ssh
[oracle@rac1 .ssh]$ ls
[oracle@rac1 .ssh]$ ssh-keygen -t rsa
Generating public/private rsa key pair.
Enter file in which to save the key (/home/oracle/.ssh/id_rsa):
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /home/oracle/.ssh/id_rsa.
Your public key has been saved in /home/oracle/.ssh/id_rsa.pub.
The key fingerprint is:
d2:9d:01:7b:4c:7f:82:36:cf:ca:35:af:29:ba:84:bc oracle@rac1.oracle.com
[oracle@rac1 .ssh]$ ssh-keygen -t dsa
Generating public/private dsa key pair.
Enter file in which to save the key (/home/oracle/.ssh/id_dsa):
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /home/oracle/.ssh/id_dsa.
Your public key has been saved in /home/oracle/.ssh/id_dsa.pub.
The key fingerprint is:
41:57:98:38:63:a6:12:6d:f1:46:e5:af:6d:b1:25:55 oracle@rac1.oracle.com
[oracle@rac1 .ssh]$ cat id_rsa.pub >> authorized_keys
[oracle@rac1 .ssh]$ cat id_dsa.pub >> authorized_keys

将rac2中的authorized_keys拷贝到rac1中命名为key
[oracle@rac2 .ssh]$ scp authorized_keys rac1:/home/oracle/.ssh/key
The authenticity of host 'rac1 (192.168.84.241)' can't be established.
RSA key fingerprint is 83:1b:90:98:2f:56:5b:b1:36:16:e3:21:b5:8f:d7:f4.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added 'rac1,192.168.84.241' (RSA) to the list of known hosts.
oracle@rac1's password:
authorized_keys                               100% 1018     1.0KB/s   00:00

再在rac1上将2个密钥合并,并拷贝到rac2上覆盖原来的authorized_keys
[oracle@rac1 .ssh]$ ls
authorized_keys  id_dsa  id_dsa.pub  id_rsa  id_rsa.pub  key
[oracle@rac1 .ssh]$ cat key >> authorized_keys
[oracle@rac1 .ssh]$ scp authorized_keys rac2:/home/oracle/.ssh/

验证SSH是否配置成功,在oracle用户下ssh连接另外一个节点,如果不需要输入密码则配置成功。
[oracle@rac1 .ssh]$ exec /usr/bin/ssh-agent $SHELL
[oracle@rac1 .ssh]$ ssh-add
Enter passphrase for /home/oracle/.ssh/id_rsa:
Identity added: /home/oracle/.ssh/id_rsa (/home/oracle/.ssh/id_rsa)
Identity added: /home/oracle/.ssh/id_dsa (/home/oracle/.ssh/id_dsa)

[oracle@rac1 .ssh]$ ssh rac2
Last login: Fri Dec 16 12:13:36 2011 from rac1_priv
[oracle@rac2 ~]$ exit
logout

Connection to rac2 closed.
[oracle@rac1 .ssh]$ ssh rac2-priv
Last login: Fri Dec 16 12:15:30 2011 from rac1

上一篇:Linux安装Monaco字体


下一篇:Centos 6.5 安装Oracle 11g R2 on vbox