[原]linux 配置 ssh 等效性

在安装oracle数据库时，会需要为oracle用户配置ssh等效性，以实现不需要用户口令即可实现访问和文件传输。

 步骤如下：

创建目录并生成密码

su - oracle
mkdir ~/.ssh
chmod 755 ~/.ssh

/usr/bin/ssh-keygen -t rsa ，连敲3次回车
/usr/bin/ssh-keygen -t dsa ，连敲3次回车

创建认证文件并将密钥内容填入

touch ~/.ssh/authorized_keys
chmod 644 authorized_keys

cat ~/.ssh/id_rsa.pub >> authorized_keys
cat ~/.ssh/id_dsa.pub >> authorized_keys
ssh racnode2 cat ~/.ssh/id_rsa.pub >> authorized_keys
ssh racnode2 cat ~/.ssh/id_dsa.pub >> authorized_keys

 

在RAC的各个节点分别执行测试，测试是必须的，否则OUI可能会失败

[oracle@orcnode1 ~]$ ssh racnode1 date
[oracle@racnode1 ~]$ ssh racnode2 date
[oracle@racnode1 ~]$ ssh racnode1-priv date
[oracle@racnode1 ~]$ ssh racnode2-priv date

[oracle@racnode2 ~]$ ssh racnode1 date
[oracle@racnode2 ~]$ ssh racnode2 date
[oracle@racnode2 ~]$ ssh racnode1-priv date
[oracle@racnode2 ~]$ ssh racnode2-priv date

如果测试命令均可以在不需输入口令的情况下即可显示系统时间，则表示配置没有问题。 

示例样式配置：

[oracle@orclcentos2 ~]$ mkdir ~/.ssh
[oracle@orclcentos2 ~]$ chmod 755 ~/.ssh

[oracle@orclcentos2 ~]$ ssh-keygen -t rsa
Generating public/private rsa key pair.
Enter file in which to save the key (/home/oracle/.ssh/id_rsa):
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /home/oracle/.ssh/id_rsa.
Your public key has been saved in /home/oracle/.ssh/id_rsa.pub.
The key fingerprint is:
5c:05:6b:3b:1c:8e:f8:e4:96:3e:7e:89:83:29:4d:07 oracle@orclcentos2
The key's randomart image is:
+--[ RSA 2048]----+
| ... |
| o |
| = |
| Eo * o |
| ..S = |
| .+.. . |
| o +=. . |
| . +o+ o |
| . .o+ |
+-----------------+
[oracle@orclcentos2 ~]$ ssh-keygen -t dsa
Generating public/private dsa key pair.
Enter file in which to save the key (/home/oracle/.ssh/id_dsa):
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /home/oracle/.ssh/id_dsa.
Your public key has been saved in /home/oracle/.ssh/id_dsa.pub.
The key fingerprint is:
58:36:4b:c4:89:34:22:cf:1c:b2:b1:a8:d8:d4:1b:b3 oracle@orclcentos2
The key's randomart image is:
+--[ DSA 1024]----+
| + o.oo.. |
| . @ o.oo |
|. + B = |
|oo = = o |
|o . E . S |
| |
| |
| |
| |
+-----------------+

[oracle@orclcentos2 ~]$ ssh rac2 cat ~/.ssh/id_rsa.pub >> authorized_keys
The authenticity of host 'rac2 (10.132.250.115)' can't be established.
RSA key fingerprint is 7f:e7:31:e0:f9:44:0f:19:98:69:a7:45:c7:40:ba:8f.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added 'rac2,10.132.250.115' (RSA) to the list of known hosts.
oracle@rac2's password:
[oracle@orclcentos2 ~]$ ssh rac2 cat ~/.ssh/id_dsa.pub >> authorized_keys
oracle@rac2's password:
[oracle@orclcentos2 ~]$