配置SSH的目的就是使得两个节点的主机之间的相同用户可以无障碍的通信,SSH主要包括两条命令,即scp和ssh。当用户在一个节点上安装和配置RAC软件时,SSH将通过scp命令,以对等用户的身份,将软件复制到其他节点上。
注意:这种信任是oracle用户之间的,所以要切换到oracle用户下进行。
[oracle@rac2 ~]$ mkdir .ssh
[oracle@rac2 ~]$ chmod 700 .ssh
在rac2上产生rsa、dsa密钥
[oracle@rac2 ~]$ ssh-keygen -t rsa
Generating public/private rsa key pair. */以下全部回车
Enter file in which to save the key (/home/oracle/.ssh/id_rsa):
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /home/oracle/.ssh/id_rsa.
Your public key has been saved in /home/oracle/.ssh/id_rsa.pub.
The key fingerprint is:
cd:a7:af:8d:50:89:84:65:e9:83:23:c9:09:3d:3c:e0 oracle@rac2.localdomain
[oracle@rac2 ~]$ ssh-keygen -t dsa
Generating public/private dsa key pair. */以下全部回车
Enter file in which to save the key (/home/oracle/.ssh/id_dsa):
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /home/oracle/.ssh/id_dsa.
Your public key has been saved in /home/oracle/.ssh/id_dsa.pub.
The key fingerprint is:
e1:b4:97:bd:85:b4:07:f9:fc:83:c4:5b:10:cf:51:a3 oracle@rac2.localdomain
[oracle@rac2 ~]$ cd .ssh
[oracle@rac2 .ssh]$ ls
id_dsa  id_dsa.pub  id_rsa  id_rsa.pub

将密钥信息写道authorized_keys文件中并修改修改权限
[oracle@rac2 .ssh]$ cat id_rsa.pub >> authorized_keys
[oracle@rac2 .ssh]$ cat id_dsa.pub >> authorized_keys
[oracle@rac2 .ssh]$ chmod 600 authorized_keys

在rac1上作同样的操作。
[oracle@rac1 ~]$ mkdir .ssh
[oracle@rac1 ~]$ chmod 700 .ssh
[oracle@rac1 ~]$ cd .ssh
[oracle@rac1 .ssh]$ ls
[oracle@rac1 .ssh]$ ssh-keygen -t rsa
Generating public/private rsa key pair.
Enter file in which to save the key (/home/oracle/.ssh/id_rsa):
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /home/oracle/.ssh/id_rsa.
Your public key has been saved in /home/oracle/.ssh/id_rsa.pub.
The key fingerprint is:
d2:9d:01:7b:4c:7f:82:36:cf:ca:35:af:29:ba:84:bc oracle@rac1.oracle.com
[oracle@rac1 .ssh]$ ssh-keygen -t dsa
Generating public/private dsa key pair.
Enter file in which to save the key (/home/oracle/.ssh/id_dsa):
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /home/oracle/.ssh/id_dsa.
Your public key has been saved in /home/oracle/.ssh/id_dsa.pub.
The key fingerprint is:
41:57:98:38:63:a6:12:6d:f1:46:e5:af:6d:b1:25:55 oracle@rac1.oracle.com
[oracle@rac1 .ssh]$ cat id_rsa.pub >> authorized_keys
[oracle@rac1 .ssh]$ cat id_dsa.pub >> authorized_keys

将rac2中的authorized_keys拷贝到rac1中命名为key
[oracle@rac2 .ssh]$ scp authorized_keys rac1:/home/oracle/.ssh/key
The authenticity of host 'rac1 (192.168.84.241)' can't be established.
RSA key fingerprint is 83:1b:90:98:2f:56:5b:b1:36:16:e3:21:b5:8f:d7:f4.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added 'rac1,192.168.84.241' (RSA) to the list of known hosts.
oracle@rac1's password:
authorized_keys                               100% 1018     1.0KB/s   00:00

再在rac1上将2个密钥合并,并拷贝到rac2上覆盖原来的authorized_keys
[oracle@rac1 .ssh]$ ls
authorized_keys  id_dsa  id_dsa.pub  id_rsa  id_rsa.pub  key
[oracle@rac1 .ssh]$ cat key >> authorized_keys
[oracle@rac1 .ssh]$ scp authorized_keys rac2:/home/oracle/.ssh/

验证SSH是否配置成功,在oracle用户下ssh连接另外一个节点,如果不需要输入密码则配置成功。
[oracle@rac1 .ssh]$ exec /usr/bin/ssh-agent $SHELL
[oracle@rac1 .ssh]$ ssh-add
Enter passphrase for /home/oracle/.ssh/id_rsa:
Identity added: /home/oracle/.ssh/id_rsa (/home/oracle/.ssh/id_rsa)
Identity added: /home/oracle/.ssh/id_dsa (/home/oracle/.ssh/id_dsa)

[oracle@rac1 .ssh]$ ssh rac2
Last login: Fri Dec 16 12:13:36 2011 from rac1_priv
[oracle@rac2 ~]$ exit
logout

Connection to rac2 closed.
[oracle@rac1 .ssh]$ ssh rac2-priv
Last login: Fri Dec 16 12:15:30 2011 from rac1

SSH信任的更多相关文章

  1. 批量部署ssh信任关系

    要求1:大批量部署SSH信任关系,在A文件分发服务器上大批量部署WEB层面信任关系文件分发服务器为:10.0.3.9 登录用户为:zhangsan WEB层IP段:10.0.3.10~10.0.3.6 ...

  2. linux建立ssh信任关系

    一.建立SSH信任将A主机做为客户端(发起SSH请求 ip:192.168.200.170)将B主机作为服务器端(接收ssh请求   ip:192.168.200.149)以上以主动发起SSH登录请求 ...

  3. ssh远程登录操作 和ssh信任

    ssh 可以参考上一篇telnet的文章 1.安装openssh-server     sudo dpkg -i openssh-client_1%3a5.5p1-4ubuntu6_i386.deb ...

  4. Linux创建SSH信任关系

    Linux服务器创建信任关系可以解决远程执行命令.远程传输文件多次手工输入的麻烦.可以实现环境一键打包备份. 测试环境 SuSE 手工创建 假设服务器A与B间要建立信任关系.用户想从服务器A免密码登录 ...

  5. linux如何配置双机SSH信任然后双向免密码登陆

    linux如何配置双机SSH信任然后双向免密码登陆 www.111cn.net 更新:2015-01-14 编辑:edit02_lz 来源:转载 有时为了方便管理多台Linux主机,想实现双机之间信任 ...

  6. 【ssh信任关系】解决信任关系不生效问题

    配置的时候遇见点问题,发现即便将id_rsa.pub拷贝到了另一台机器上,信任也没有建立起来. 原因是另外一台机器上目录权限不对,可以通过su root后观察/var/log/message里的日志信 ...

  7. Linux 配置双机SSH信任

    一.实现原理 使用一种被称为"公私钥"认证的方式来进行ssh登录."公私钥"认证方式简单的解释是: 首先在客户端上创建一对公私钥(公钥文件:~/.ssh/id_ ...

  8. ssh信任 sftp用法 scp用法【转】

    为了进行批量关机工作,前提要配置好ssh的双机信任. A机192.168.1.241 B机192.168.1.212 在A机上获取一个pub密钥,即为公共密钥. 执行这个命令后:ssh-keygen  ...

  9. ssh 信任关系无密码登陆,清除公钥,批量脚本

    实验机器: 主机a:192.168.2.128 主机b:192.168.2.130 实验目标: 手动建立a到b的信任关系,实现在主机a通过 ssh 192.168.2.130不用输入密码远程登陆b主机 ...

随机推荐

  1. Hadoop学习---安装部署

    hadoop框架 Hadoop使用主/从(Master/Slave)架构,主要角色有NameNode,DataNode,secondary NameNode,JobTracker,TaskTracke ...

  2. /****************** Attributes ********************/

    /*预定义字符属性的文本.如果钥匙不在字典,然后使用默认值,如下所述. */ 以下属性是IOS6的 NSVerticalGlyphFormAttributeName NS_AVAILABLE_IOS( ...

  3. parsing html in asp.net

    http://stackoverflow.com/questions/5307374/parsing-html-page-in-asp-net http://htmlagilitypack.codep ...

  4. bnuoj 1053 EASY Problem (计算几何)

    http://www.bnuoj.com/bnuoj/problem_show.php?pid=1053 [题意]:基本上就是求直线与圆的交点坐标 [题解]:这种题我都比较喜欢用二分,三分做,果然可以 ...

  5. mybatis 中mapper 的namespace有什么用

    原文:http://zhidao.baidu.com/link?url=ovFuTn7-02s7Qd40BOnwHImuPxNg8tXJF3nrx1SSngNY5e0CaSP1E4C9E5J6Xv5f ...

  6. ExtJS4.2学习(八)表格限制输入数据的类型(转)

    鸣谢:http://www.shuyangyang.com.cn/jishuliangongfang/qianduanjishu/2013-11-14/177.html --------------- ...

  7. 响应式菜单(bootstrap)

    <nav class="navbar navbar-default" role="navigation"> <div class=" ...

  8. 【弱省胡策】Round #5 Construct 解题报告

    这个题是传说中的 Hack 狂魔 qmqmqm 出的构造题.当然要神. 这个题的本质实际上就是构造一个图,然后使得任意两点间都有长度为 $k$ 的路径相连,然后对于任意的 $i < k$,都存在 ...

  9. Matlab求极限

    matlab求极限(可用来验证度量函数或者隶属度函数)可用来验证是否收敛,取值范围等等. 一.问题来源 搜集聚类资料时,又看到了隶属度函数,没错,就是下面这个,期间作者提到m趋于2是,结果趋于1,我想 ...

  10. select框宽度与高度设置(实用版)

    在IE中只能使用 font-size: 限制 select 的高度.   同时使用 width:200px 限制宽度   size="20" 表示最多显示20个选项,超过20的需要 ...