OCM_Session7_6_配置oracle用户ssh对等性

最新推荐文章于 2024-10-12 01:08:07 发布
原创 最新推荐文章于 2024-10-12 01:08:07 发布 · 2.5k 阅读 · 1 ·
CC 4.0 BY-SA版权
版权声明:本文为博主原创文章,遵循 CC 4.0 BY-SA 版权协议,转载请附上原文出处链接和本声明。

本文详细介绍了如何为Oracle用户配置SSH对等性,包括创建RSA和DSA密钥、添加密钥到authorized_keys文件、使用SCP或SFTP进行文件复制以及修改权限的过程。通过示例操作,确保了节点间安全的SSH连接。

 

六、配置oracle用户ssh对等性


这个OCM要求配置。


2.4.7.1 Configuring SSH on Cluster Member Nodes

To configure SSH, you must first create RSA and DSA keys on each cluster node, and then copy the keys from all cluster node members into an authorized keys file on each node. Note that the SSH files must be readable only by root and by the oracle user. SSH ignores a private key file if it is accessible by others

To configure SSH, complete the following steps:

Create RSA and DSA keys on each node: Complete the following steps on each node:

  1. Log in as the oracle user.

  2. If necessary, create the .ssh directory in the oracle user's home directory and set the correct permissions on it:

    $ mkdir ~/.ssh
     
    $ chmod 700 ~/.ssh
     
    $ chmod 700

  3. Enter the following commands to generate an RSA key for version 2 of the SSH protocol:

    $ /usr/bin/ssh-keygen -t rsa

    At the prompts:

    • Accept the default location for the key file.

    • Enter and confirm a pass phrase that is different from the oracle user's password.

    This command writes the public key to the ~/.ssh/id_rsa.pub file and the private key to the ~/.ssh/id_rsa file. Never distribute the private key to anyone.

  4. Enter the following commands to generate a DSA key for version 2 of the SSH protocol:

    $ /usr/bin/ssh-keygen -t dsa

    At the prompts:

    • Accept the default location for the key file

    • Enter and confirm a pass phrase that is different from the oracle user's password

    This command writes the public key to the ~/.ssh/id_dsa.pub file and the private key to the ~/.ssh/id_dsa file. Never distribute the private key to anyone.

Add keys to an authorized key file: Complete the following steps:

  1. On the local node, determine if you have an authorized key file (~/.ssh/authorized_keys). If the authorized key file already exists, then proceed to step 2. Otherwise, enter the following commands:

    $ touch ~/.ssh/authorized_keys
     
    $ cd ~/.ssh
     
    $ ls

    You should see the id_dsa.pub and id_rsa.pub keys that you have created.

  2. Using SSH, copy the contents of the ~/.ssh/id_rsa.pub and ~/.ssh/id_dsa.pub files to the file ~/.ssh/authorized_keys, and provide the oracle user password as prompted. This process is illustrated in the following syntax example with a two-node cluster, with nodes node1 and node2, where the oracle user path is /home/oracle:

    [oracle@node1 .ssh]$ ssh node1 cat /home/oracle/.ssh/id_rsa.pub >> authorized_keys
     
    oracle@node1's password:
     
    [oracle@node1 .ssh]$ ssh node1 cat /home/oracle/.ssh/id_dsa.pub >> authorized_keys
     
    [oracle@node1 .ssh$ ssh node2 cat /home/oracle/.ssh/id_rsa.pub >> authorized_keys
     
    oracle@node2's password:
     
    [oracle@node1 .ssh$ ssh node2 cat /home/oracle/.ssh/id_dsa.pub >>authorized_keys
     
    oracle@node2's password:
     

    Note:

    Repeat this process for each node in the cluster.

  3. Use SCP (Secure Copy) or SFTP (Secure FTP) to copy the authorized_keys file to the oracle user .ssh directory on a remote node. The following example is with SCP, on a node called node2, where the oracle user path is /home/oracle:

    [oracle@node1 .ssh]scp authorized_keys node2:/home/oracle/.ssh/

  4. Repeat step 2 and 3 for each cluster node member. When you have added keys from each cluster node member to the authorized_keys file on the last node you want to have as a cluster node member, then use SCP to copy the complete authorized_keys file back to each cluster node member

    Note:

    the   oracle  user's   /.ssh/authorized_keys  file on every node must contain the contents from all of the   /.ssh/id_rsa.pub  and   /.ssh/id_dsa.pub  files that you generated on all cluster nodes.

  5. Change the permissions on the oracle user's /.ssh/authorized_keys file on all cluster nodes:

    $ chmod 600 ~/.ssh/authorized_keys

    At this point, if you use ssh to log in to or run a command on another node, you are prompted for the pass phrase that you specified when you created the DSA key.



 
----------------------------------------------------------------------------------------------------------------------------------------------------------------------------

我的修改如下:

-----------------------------------------------------------------------------------------------
rac1节点

[root@rac1 ~]# id oracle
uid=501(oracle) gid=501(oinstall) groups=501(oinstall),502(dba)
[root@rac1 ~]# su - oracle
[oracle@rac1 ~]$   mkdir ~/.ssh
[oracle@rac1 ~]$   chmod 700 ~/.ssh
[oracle@rac1 ~]$  ssh-keygen -t rsa
Generating public/private rsa key pair.
Enter file in which to save the key (/home/oracle/.ssh/id_rsa): 
Enter passphrase (empty for no passphrase): 
Enter same passphrase again: 
Your identification has been saved in /home/oracle/.ssh/id_rsa.
Your public key has been saved in /home/oracle/.ssh/id_rsa.pub.
The key fingerprint is:
40:10:36:40:03:e6:54:b5:4c:ad:31:5b:b5:08:b5:5d oracle@rac1.localdomain
[oracle@rac1 ~]$   ssh-keygen -t dsa
Generating public/private dsa key pair.
Enter file in which to save the key (/home/oracle/.ssh/id_dsa): 
Enter passphrase (empty for no passphrase): 
Enter same passphrase again: 
Your identification has been saved in /home/oracle/.ssh/id_dsa.
Your public key has been saved in /home/oracle/.ssh/id_dsa.pub.
The key fingerprint is:
7a:9c:b9:81:25:a5:3f:fa:b1:c5:da:bb:08:00:77:d4 oracle@rac1.localdomain
[oracle@rac1 ~]$ 
-------------------------------------------------------------------------------
rac2节点

[root@rac2 ~]# id oracle
uid=501(oracle) gid=501(oinstall) groups=501(oinstall),502(dba)
[root@rac2 ~]# su - oracle
[oracle@rac2 ~]$   mkdir ~/.ssh
[oracle@rac2 ~]$    chmod 700 ~/.ssh
[oracle@rac2 ~]$   ssh-keygen -t rsa
Generating public/private rsa key pair.
Enter file in which to save the key (/home/oracle/.ssh/id_rsa): 
Enter passphrase (empty for no passphrase): 
Enter same passphrase again: 
Your identification has been saved in /home/oracle/.ssh/id_rsa.
Your public key has been saved in /home/oracle/.ssh/id_rsa.pub.
The key fingerprint is:
da:74:7b:f5:60:12:22:15:ad:44:83:4f:19:da:c7:cf oracle@rac2.localdomain
[oracle@rac2 ~]$   ssh-keygen -t dsa
Generating public/private dsa key pair.
Enter file in which to save the key (/home/oracle/.ssh/id_dsa): 
Enter passphrase (empty for no passphrase): 
Enter same passphrase again: 
Your identification has been saved in /home/oracle/.ssh/id_dsa.
Your public key has been saved in /home/oracle/.ssh/id_dsa.pub.
The key fingerprint is:
1f:ba:cc:93:44:09:ca:bb:03:a4:1f:61:2d:b2:b4:29 oracle@rac2.localdomain
[oracle@rac2 ~]$ 

--------------------------------------------------------------------------------------
返回rac1节点继续

[oracle@rac1 ~]$ cd .ssh/
[oracle@rac1 .ssh]$ ll
total 16
-rw------- 1 oracle oinstall  668 Mar 21 21:48 id_dsa
-rw-r--r-- 1 oracle oinstall  613 Mar 21 21:48 id_dsa.pub
-rw------- 1 oracle oinstall 1675 Mar 21 21:47 id_rsa
-rw-r--r-- 1 oracle oinstall  405 Mar 21 21:47 id_rsa.pub
[oracle@rac1 .ssh]$  cat id_dsa.pub>>authorized_keys
[oracle@rac1 .ssh]$   cat id_rsa.pub>>authorized_keys
[oracle@rac1 .ssh]$   ssh rac2 cat /home/oracle/.ssh/id_rsa.pub >>/home/oracle/.ssh/authorized_keys
The authenticity of host 'rac2 (192.168.1.153)' can't be established.
RSA key fingerprint is de:2a:4c:d0:b2:20:88:4c:a2:72:24:11:50:4b:d6:74.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added 'rac2,192.168.1.153' (RSA) to the list of known hosts.
oracle@rac2's password: 
[oracle@rac1 .ssh]$   ssh rac2 cat /home/oracle/.ssh/id_dsa.pub >>/home/oracle/.ssh/authorized_keys
oracle@rac2's password: 
[oracle@rac1 .ssh]$   scp ~/.ssh/authorized_keys rac2:~/.ssh/authorized_keys 
oracle@rac2's password: 
authorized_keys                                                  100% 2036     2.0KB/s   00:00    
[oracle@rac1 .ssh]$ 

------------------------------------------------------------------------------------------------------------------------
最后验证ssh对等性:

rac1节点:

[oracle@rac1 .ssh]$ ssh rac1 date
Fri Mar 21 22:06:25 CST 2014
[oracle@rac1 .ssh]$ ssh rac2 date
Fri Mar 21 22:06:31 CST 2014
[oracle@rac1 .ssh]$ ssh rac2-priv date
Fri Mar 21 22:06:42 CST 2014
[oracle@rac1 .ssh]$ ssh rac1-priv date
Fri Mar 21 22:06:46 CST 2014
[oracle@rac1 .ssh]$ ssh rac1.localdomain date
Fri Mar 21 22:06:55 CST 2014
[oracle@rac1 .ssh]$ ssh rac2.localdomain date
Fri Mar 21 22:07:00 CST 2014
[oracle@rac1 .ssh]$ ssh rac1-priv.localdomain date
Fri Mar 21 22:07:06 CST 2014
[oracle@rac1 .ssh]$ ssh rac2-priv.localdomain date
Fri Mar 21 22:07:12 CST 2014
[oracle@rac1 .ssh]$ 
-----------------------------------------------------------------------
rac2节点:

[oracle@rac2 ~]$ ssh rac1 date
Fri Mar 21 22:09:09 CST 2014
[oracle@rac2 ~]$ ssh rac2 date
Fri Mar 21 22:09:15 CST 2014
[oracle@rac2 ~]$ ssh rac1-priv date
Fri Mar 21 22:09:24 CST 2014
[oracle@rac2 ~]$ ssh rac2-priv date
Fri Mar 21 22:09:28 CST 2014
[oracle@rac2 ~]$ ssh rac1.localdomain date
Fri Mar 21 22:09:38 CST 2014
[oracle@rac2 ~]$ ssh rac2.localdomain date
Fri Mar 21 22:09:42 CST 2014
[oracle@rac2 ~]$ ssh rac1-priv.localdomain date
Fri Mar 21 22:09:50 CST 2014
[oracle@rac2 ~]$ ssh rac2-priv.localdomain date
Fri Mar 21 22:09:55 CST 2014
[oracle@rac2 ~]$ 

 

Oracle云服务器启用SSH登录
WJ同学的专栏
05-28 5847
Oracle云服务器(虚机实例)创建创建完成后,打开FinalShell(可以使用其他Shell登录工具)配置好相应的信息。 在此注意以下两点: 用户名是:Centos系统默认账户是opc;Ubuntu系统默认账户是ubuntu 配置使用私钥,而不是使用密码(公钥在创建服务器实例时有提示下载) 登录完成后: #切换至root模式,并更改root的密码 $ sudo -i passwd #启用SSH vim /etc/ssh/sshd_config #更改如下 PermitRootLogin yes P
Maven搭建SSH连接Oracle数据库
qq_39606047的博客
02-05 1046
Maven工程搭建SSH连接Oracle数据库 首先在pom.xml里引入jar <project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://maven.apache.org...
SSH Oracle 工具书
12-19
SSH OracleSSH OracleSSH OracleSSH OracleSSH Oracle 工具书
ssh对等配置
weixin_30521161的博客
03-15 164
目的: 让通过ssh在目标机器上执行命令和scp, 不必每次输入密码. 做法: 假设有机器A, 机器B 在A上执行,ssh-keygen, 一路使用默认值, 成功生成: 私钥id_rsa, 公钥id_rsa.pub 把A上生成的公钥id_rsa.pub的内容, 写入机器B的.ssh/authorized_keys文件中, 文件不存在则创建. cat id_rsa.pub &gt...
配置SSH对等
匆匆走过不留痕迹
11-27 2051
在所有节点配置SSH对等 在安装Oracle Real Application clusters之前,必须先配置所有节点的SSH对等。因为在安装过程种Oracle Universal Installer 使用ssh和scp命令执行远程命令执行及copy的工作。 下面是具体的步骤: 以下步骤在所有节点上执行: 1.以oracle用户登陆 # su – oracle 2.在两个节
配置oracle用户ssh对等,配置SSH对等
weixin_32002013的博客
04-05 324
在所有节点配置SSH对等在安装Oracle Real Applicationclusters之前,必须先配置所有节点的SSH对等。因为在安装过程种Oracle Universal Installer使用ssh和scp命令执行远程命令执行及copy的工作。下面是具体的步骤:以下步骤在所有节点上执行:1.以oracle用户登陆# su – oracle2.在两个节点的oracle主目录分别创建....
配置oracle用户ssh对等,配置SSH对等传送ORACLE错位的归档日志文件
weixin_42361635的博客
04-05 178
在所有节点配置SSH对等在安装Oracle Real Application clusters之前,必须先配置所有节点的SSH对等。因为在安装过程种Oracle Universal Installer使用ssh和scp命令执行远程命令执行及copy的工作,还可以用来传送错位的归档日志文件。[@more@]下面是具体的步骤:以下步骤在所有节点上执行以oracle用户登陆# su – oracl...
oracle rac ssh对等,如何为Oracle RAC配置SSH
weixin_39883440的博客
04-03 347
众所周知,在安装Oracle Clusterware(Former Oracle CRS)之前,有一些必备的条件,比如双网卡,同版本的操作系统,一些必需的补丁等等,还有一些比如同样ID的组和用户,这些都可以通过clusterware附带的一个检查工具cluvfy进行检查。详细的列表和检查方法可以参考oracle的官方安装文档,除此之外,安装之前另外一个重要的前提就是ssh或者rsh的配置,这就是o...
linux与Unix平台下ssh对等关系建立
cquauto2004的专栏
05-14 1018
1.1  检查用户信息 id命令或者id grid命令,查询各节点grid用户的ID、属组的ID等信息,保证节点之间grid用户的信息完全一致。 1.2  创建目录 在grid用户的主目录下,创建“.ssh”文件夹并修改文件夹权限。 mkdir /home/grid/.ssh chmod 700 /home/grid/.ssh 请在所有节点执行以上操作。 1.3  建立dsa key
SSH +oracle
11-08
毕业设计项目,非常完整.适合于做毕业设计对初学者更有很大的帮助
oracle ssh问题,关于Oracle 11.2.0.3+RedHat Linux 6.2 SSH配置蛋疼问题
weixin_36424234的博客
04-07 784
近期给客户安装Oracle11g RAC,在配置SSH时碰到了蛋疼问题:环境:oracle11.2.0.3RedHatEnterpriseLinux6.2在使用grid用户安装cluster软件时,先配置SSH等价,方便软件安装时多个节点拷贝数据同时进行安装。在oracle10g中ssh配置需要手工完成,oracle11g中做了很大的改进,通过OUI的一个setup和test按钮就可以实现ss...
ssh+oracle实现登陆注册和增插删改
01-15
希望对你有帮助,这是我实习的时候做的项目,挺易于理解的,希望能对你有帮助
linux配置操作系统的对等
09-18
linux对等 oracle rac安装至对等配置 linux对等 oracle rac安装至对等配置 linux对等 oracle rac安装至对等配置 linux对等 oracle rac安装至对等配置
对于sshoracle总结
allan_chan的专栏
06-19 912
对于struts1与struts2的区别: 1) 在Action实现类方面的对比:Struts 1要求Action类继承一个抽象基类;Struts 1的一个具体问题是使用抽象类编程而不是接口。Struts 2 Action类可以实现一个Action接口,也可以实现其他接口,使可选和定制的服务成为可能。Struts 2提供一个ActionSupport基类去实现常用的接口。即使Action接口不是
Oracle云主机申请和使用教程:从注册到SSH连接的全过程
qyhua的专栏
10-12 7691
今天我要和大家分享如何成功申请Oracle云主机,并进行基本的配置和使用。我知道很多同行的朋友在申请Oracle云主机时都遇到了困难(疑惑abc错误),可能试了很多次都没有成功。现总结一下这些年来的一些注册流程经验,或许你们也能成功申请到自己的Oracle云主机。
关于安装rac环境ssh对等验证问题
a743044559的专栏
09-16 1178
之前在网上看到有人提起说修改已对等认证过的oracle,grid密码,然后重新认证依然通过,得出结论 :双方存储以密钥的方式建立的信任关系,而不是以用户的密码,所以密码是可以随意修改。我对这个结论表示怀疑: 在安装rac的时候由于双方需要互相拷贝文件,为了方便,所以需要做ssh对等认证。 一般都是先修改oracel,grid用户密码,然后做rsa,dsa加密,生成id_rsa.pub和id_d
rac集群 oracle和grid用户 ssh等效配置
tlx20093A的专栏
09-09 2221
如下执行 节点1: mkdir ~/.ssh chmod 755 ~/.ssh   ssh-keygen -t dsa 节点2: mkdir ~/.ssh chmod 755 ~/.ssh   ssh-keygen -t dsa ------------------------------------------------------------- 节
配置SSH用户等效Oracle RAC 11g)
东城绝神
08-11 3005
分别在172.20.27和172.20.28.30两个节点执行如下命令 [root@i-dp1cxy1l ~]# cp /etc/ssh/ssh_config /etc/ssh/ssh_config.bak [root@i-dp1cxy1l ~]# vi /etc/ssh/ssh_config StrictHostKeyChecking no  UserKnownHostsFile
Oracle 11gR2 GI安装时的等效问题
msdnchina的专栏@JiNan,ShanDong
05-11 3448
GI runInstaller Fails with INS-6006 in VNC During SSH test even though SSH Setup is successful (Doc ID 2070270.1)
ORACLE_OCM_CONFIG_DIR
最新发布
08-20
### ORACLE_OCM_CONFIG_DIR 的含义与配置方法 #### 含义 ORACLE_OCM_CONFIG_DIR 是 Oracle Configuration Manager (OCM) 用于存储配置文件和数据的目录路径环境变量。该变量用于指定 OCM 收集和存储配置信息的目标位置,这些信息通常用于 Oracle 的支持服务,如 My Oracle Support (MOS) 中的配置分析和问题诊断。如果该目录未正确设置或缺失,可能会导致 OCM 相关操作失败,例如配置作业无法写入数据或部署脚本无法完成执行[^1]。 在某些情况下,OCM 配置任务可能试图访问一个未被自动创建的目录路径,如 ORACLE_OCM_CONFIG_DIR2,这可能导致“ORA-29280: invalid directory path”错误。此类问题通常发生在 Oracle 数据库的内置脚本未创建该目录的情况下,而 OCM 的作业尝试访问它时会触发路径无效的错误[^3]。 #### 设置方法 ORACLE_OCM_CONFIG_DIR 通常由 Oracle Configuration Manager 在配置过程中自动设置。如果需要手动配置或验证该目录,可以按照以下步骤进行: 1. **创建目录**:确保操作系统中存在指定的目录结构,例如 `/u01/app/oracle/ocm/config`。 ```bash mkdir -p /u01/app/oracle/ocm/config ``` 2. **设置权限**:确保 Oracle 软件所有者(如 `oracle` 用户)对该目录具有读写权限。 ```bash chown -R oracle:oinstall /u01/app/oracle/ocm/config chmod -R 750 /u01/app/oracle/ocm/config ``` 3. **配置环境变量**:在 Oracle 的环境配置文件(如 `.bash_profile` 或 `.bashrc`)中设置 ORACLE_OCM_CONFIG_DIR。 ```bash export ORACLE_OCM_CONFIG_DIR=/u01/app/oracle/ocm/config ``` 4. **重新加载环境变量**:执行以下命令以应用更改。 ```bash source ~/.bash_profile ``` 5. **验证配置**:运行 OCM 配置工具以确认目录路径是否正确。 ```bash $ORACLE_HOME/ccr/bin/configCCR ``` 如果 OCM 报告目录结构不完整或未配置,例如提示“OCM is not configured for this host or ORACLE_CONFIG_HOME”,则需要重新运行配置工具以确保所有必要的目录和配置文件被正确生成[^2]。 #### 注意事项 - **一致**:在多节点环境中,确保所有节点的 ORACLE_OCM_CONFIG_DIR 设置一致,以便于集中管理和支持。 - **备份与监控**:定期备份 OCM 配置目录,并监控其磁盘使用情况,以防止因空间不足导致的配置失败。 - **日志检查**:如果遇到配置错误,可以检查 OCM 的日志文件,通常位于 `$ORACLE_HOME/ccr/log` 目录下,以获取详细的错误信息和诊断线索。 ---
评论
添加红包

请填写红包祝福语或标题

红包个数最小为10个

红包金额最低5元

当前余额3.43前往充值 >
需支付:10.00
成就一亿技术人!
领取后你会自动成为博主和红包主的粉丝 规则
hope_wisdom
发出的红包
实付
使用余额支付
点击重新获取
扫码支付
钱包余额 0

抵扣说明:

1.余额是钱包充值的虚拟货币,按照1:1的比例进行支付金额的抵扣。
2.余额无法直接购买下载,可以购买VIP、付费专栏及课程。

余额充值