在安装RAC的时候,需要配置各个节点的互信关系,使rsh、rlogin、rcp等命令不需要输入密码可以操作其他节点。
除了按照管法rac安装文档中的方法配置ssh之外,还可以通过修改.rhosts等文件实现互信。
在unix(如aix)中,可以简单修改/etc/hosts.equiv实现,但是Linux中比较麻烦,需要一些其他的步骤,下面演示配置方法
需要在各个节点上完成如下操作
[@more@]1、检查rsh-server包是否已经安装
| [root@rac1 ~]# rpm -qa|grep -i ^rsh-server rsh-server-0.17-40.el5 |
如果没有安装使用rpm -ivh 命令安装
2、确保/etc/xinetd.d/rlogin中存在disable = no这一行(红色部分)
| [root@rac1 ~]# cat /etc/xinetd.d/rlogin # default: on # description: rlogind is the server for the rlogin(1) program. The server # provides a remote login facility with authentication based on # privileged port numbers from trusted hosts. service login { disable = no socket_type = stream wait = no user = root log_on_success += USERID log_on_failure += USERID server = /usr/sbin/in.rlogind } |
3、确保/etc/xinetd.d/rsh中存在disable = no这一行(红色部分)
| [root@rac1 ~]# cat /etc/xinetd.d/rsh # default: on # description: The rshd server is the server for the rcmd(3) routine and, # consequently, for the rsh(1) program. The server provides # remote execution facilities with authentication based on # privileged port numbers from trusted hosts. service shell { disable = no socket_type = stream wait = no user = root log_on_success += USERID log_on_failure += USERID server = /usr/sbin/in.rshd } |
4、重启xinetd服务
| [root@rac1 ~]# service xinetd restart Stopping xinetd: [ OK ] Starting xinetd: [ OK ] |
5、编辑/etc/securetty,确保存在rexec、rsh、rlogin三行(红色部分)
| [root@rac1 ~]# cat /etc/securetty console vc/1 vc/2 vc/3 vc/4 vc/5 vc/6 vc/7 vc/8 vc/9 vc/10 vc/11 tty1 tty2 tty3 tty4 tty5 tty6 tty7 tty8 tty9 tty10 tty11 rexec rsh rlogin |
6、编辑/etc/hosts.equiv文件,如下所示
| [root@rac1 ~]# cat /etc/hosts.equiv +rac1 oracle +rac2 oracle +rac1-priv oracle +rac2-priv oracle +rac1 root +rac2 root +rac1-priv root +rac2-priv root |
7、编辑/etc/hosts文件,如下所示
| [root@rac1 ~]# cat /etc/hosts # Do not remove the following line, or various programs # that require network functionality will fail. 127.0.0.1 localhost.localdomain localhost ::1 localhost6.localdomain6 localhost6 #public 192.168.2.101 rac1.localdomain rac1 192.168.2.102 rac2.localdomain rac2 #private 192.168.0.101 rac1-priv.localdomain rac1-priv 192.168.0.102 rac2-priv.localdomain rac2-priv #virtual 192.168.2.111 rac1-vip.localdomain rac1-vip 192.168.2.112 rac2-vip.localdomain rac2-vip |
8、编辑~/.rhosts,如下所示
| [root@rac1 ~]# cat ~/.rhosts +rac1 root +rac2 root +rac1-priv root +rac2-priv root |
9、测试rlogin和rsh是否可以不用输入密码登录其他节点
| [root@rac1 ~]# rlogin rac2 connect to address 192.168.2.102 port 543: Connection refused Trying krb4 rlogin... connect to address 192.168.2.102 port 543: Connection refused trying normal rlogin (/usr/bin/rlogin) Last login: Wed Jan 13 08:39:17 from rac1 [root@rac2 ~]# hostname rac2.localdomain [root@rac2 ~]# exit logout rlogin: connection closed. [root@rac1 ~]# rsh rac2 connect to address 192.168.2.102 port 543: Connection refused Trying krb4 rlogin... connect to address 192.168.2.102 port 543: Connection refused trying normal rlogin (/usr/bin/rlogin) Last login: Wed Jan 13 08:47:22 from rac1 [root@rac2 ~]# hostname rac2.localdomain [root@rac2 ~]# exit logout rlogin: connection closed. |
--end--
来自 “ ITPUB博客 ” ,链接:http://blog.itpub.net/22049049/viewspace-1030522/,如需转载,请注明出处,否则将追究法律责任。
转载于:http://blog.itpub.net/22049049/viewspace-1030522/
970
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
