节点间SSH互信配置

确认ssh可以运行
0.1. 修改sshd_config文件：vi /etc/ssh/sshd_config：
将#PasswordAuthentication no的注释去掉，并且将NO修改为YES
将#PermitRootLogin yes的注释去掉，这样root可以通过ssh登录
0.2. 重新启动SSH服务，命令为：/etc/init.d/sshd restart
0.3. 验证SSH服务状态，命令为：/etc/init.d/sshd status

以root@node1为例，node1要访问oracle@node2，方法如下：
1.以root身份登录node1,执行以下命令：
ssh-keygen -t rsa
该命令缺省在~/.ssh/下生成公私密钥：id_rsa（密钥）和id_rsa.pub(公钥)

2.把新生成的id_rsa.pub拷贝到node2的oracle用户的home目录下：
scp ~/.ssh/id_rsa.pub oracle@node2:/home/oracle[[BR]]

3.以oracle身份登录node2
cat id_rsa.pub >> ~/.ssh/authorized_keys
chmod 600 ~/.ssh/authorized_keys （确保此文件的权限正确）
cat id_rsa.pub >> ~/.ssh/known_hosts

4.验证：
以root身份登录node1:
ssh oracle@node2
无需输入yes和密码，完成配置。

至此，root@node1到oracle@node2的ssh互信配置完成。

如果按照上面的步骤仍然不成功，则可能$HOME, $HOME/.ssh or $HOME/.ssh/authorized_keys的权限超过了sshd缺省允许的范围。
笔者遇到的问题即是authorized_keys的权限过大，执行命令：chmod 600 $HOME/.ssh/authorized_keys，问题解决。
具体参考以下步骤：

Typically this is caused by the file permissions on $HOME, $HOME/.ssh or $HOME/.ssh/authorized_keys being more permissive than sshd allows by default.

In this case, it can be solved by executing the following on the server.

$ chmod go-w $HOME $HOME/.ssh
$ chmod 600 $HOME/.ssh/authorized_keys
$ chown whoami $HOME/.ssh/authorized_keys

If this is not possible for some reason, an alternative is to set StrictModes no in sshd_config, however this is not recommended.