配置节点间SSH信任
1 在每个节点上创建 RSA密钥和公钥
(1)以 oracle 用户登录
(2)在 oracle用户的根目录内创建.ssh目录并设置读取权限
[oracle@node-rac1 ~]$ mkdir ~/.ssh
[oracle@node-rac1 ~]$ chmod 700 ~/.ssh
(3)使用ssh-keygen命令生成基于SSH协议的RSA密钥
[oracle@node-rac1 ~]$ cd ~/.ssh
[oracle@node-rac1 .ssh]$ ssh-keygen -t rsa
Generating public/private rsa key pair.
Enter file in which to save the key (/home/oracle/.ssh/id_rsa):
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /home/oracle/.ssh/id_rsa.
Your public key has been saved in /home/oracle/.ssh/id_rsa.pub.
The key fingerprint is:
dd:69:5a:aa:e6:85:88:a4:07:72:ab:15:7b:3b:4a:77 oracle@node-rac1
在提示保存私钥(key)和公钥(public key)的位置时,选择使用默认值,然后依次直接回车即可。
(1)以 oracle 用户登录
(2)在 oracle用户的根目录内创建.ssh目录并设置读取权限
[oracle@node-rac1 ~]$ mkdir ~/.ssh
[oracle@node-rac1 ~]$ chmod 700 ~/.ssh
(3)使用ssh-keygen命令生成基于SSH协议的RSA密钥
[oracle@node-rac1 ~]$ cd ~/.ssh
[oracle@node-rac1 .ssh]$ ssh-keygen -t rsa
Generating public/private rsa key pair.
Enter file in which to save the key (/home/oracle/.ssh/id_rsa):
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /home/oracle/.ssh/id_rsa.
Your public key has been saved in /home/oracle/.ssh/id_rsa.pub.
The key fingerprint is:
dd:69:5a:aa:e6:85:88:a4:07:72:ab:15:7b:3b:4a:77 oracle@node-rac1
在提示保存私钥(key)和公钥(public key)的位置时,选择使用默认值,然后依次直接回车即可。
2 整合公钥文件
(1)以 Oracle 用户登录
(2)在要执行Oracle安装程序的节点node-rac1 上执行如下操作:
[oracle@node-rac1 ~] $ cd ~/.ssh
[oracle@node-rac1 .ssh]$ ssh node-rac1 cat /home/oracle/.ssh/id_rsa.pub >> authorized_keys
[oracle@node-rac1 .ssh]$ ssh node-rac2 cat /home/oracle/.ssh/id_rsa.pub >> authorized_keys
[oracle@node-rac1 .ssh]$ chmod 600 ~/.ssh/authorized_keys
[oracle@node-rac1 .ssh]$scp authorized_keys node-rac2:/home/oracle/.ssh/
这个操作过程是将两个节点生成的公钥文件整合为一个authorized_keys文件,然后进行授权,并将authorized_keys拷贝到另一个节点。
(3)测试SSH互信
首先在node-rac1节点上执行:
[oracle@node-rac1 ~]$ ssh node-rac1 date
[oracle@node-rac1 ~]$ ssh node-rac2 date
然后在node-rac2节点上执行
[oracle@node-rac2 ~]$ ssh node-rac1 date
[oracle@node-rac2 ~]$ ssh node-rac2 date
如果不需要输入密码就出现系统当前日期,就说明SSH互信已经配置成功了。
(1)以 Oracle 用户登录
(2)在要执行Oracle安装程序的节点node-rac1 上执行如下操作:
[oracle@node-rac1 ~] $ cd ~/.ssh
[oracle@node-rac1 .ssh]$ ssh node-rac1 cat /home/oracle/.ssh/id_rsa.pub >> authorized_keys
[oracle@node-rac1 .ssh]$ ssh node-rac2 cat /home/oracle/.ssh/id_rsa.pub >> authorized_keys
[oracle@node-rac1 .ssh]$ chmod 600 ~/.ssh/authorized_keys
[oracle@node-rac1 .ssh]$scp authorized_keys node-rac2:/home/oracle/.ssh/
这个操作过程是将两个节点生成的公钥文件整合为一个authorized_keys文件,然后进行授权,并将authorized_keys拷贝到另一个节点。
(3)测试SSH互信
首先在node-rac1节点上执行:
[oracle@node-rac1 ~]$ ssh node-rac1 date
[oracle@node-rac1 ~]$ ssh node-rac2 date
然后在node-rac2节点上执行
[oracle@node-rac2 ~]$ ssh node-rac1 date
[oracle@node-rac2 ~]$ ssh node-rac2 date
如果不需要输入密码就出现系统当前日期,就说明SSH互信已经配置成功了。
