第一步,建立两台主机对等关系
两台主机是不同的版本的linux操作系统,一个是red hat5.7,另外一个是centos 5.6。此时需要把red hat5.7上的备份文件复制到centos5.6上面。
建立120与124的对等关系
两机都要做:
第一步:
[oracle@gg02 ~]$ ssh 10.86.87.120
The authenticity of host 'gg02 (10.86.87.133)' can't be established.
RSA key fingerprint is 2b:d3:2a:5b:f0:66:e0:9a:12:52:8d:e9:c1:46:9b:e4.
Are you sure you want to continue connecting (yes/no)?
Host key verification failed.
[oracle@gg01 ~]$ ssh 10.86.87.124
The authenticity of host 'gg02 (10.86.87.133)' can't be established.
RSA key fingerprint is 2b:d3:2a:5b:f0:66:e0:9a:12:52:8d:e9:c1:46:9b:e4.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added 'gg02,10.86.87.133' (RSA) to the list of known hosts.
oracle@gg02's password:
Permission denied, please try again.
oracle@gg02's password:
Permission denied, please try again.
oracle@gg02's password:
Permission denied (publickey,gssapi-with-mic,password).
[oracle@gg01 ~]$ ssh 10.86.87.124 date
oracle@gg02's password:
Permission denied, please try again.
oracle@gg02's password:
Permission denied, please try again.
oracle@gg02's password:
Permission denied (publickey,gssapi-with-mic,password).
注:上面ssh gg02一定要执行。
第二步,
[root@gg02 ~]# mkdir -p /usr/local/bin
[root@gg02 ~]# cp /usr/bin/scp /usr/local/bin
[root@gg02 ~]# cp /usr/bin/ssh /usr/local/bin
第三步,
[root@gg01 ~]# su - oracle
-bash-3.2$ mkdir .ssh
-bash-3.2$ chmod 700 .ssh
注:第二步及第三步需要在两个主机上都需要做
第四步,
在每个节点上重复的上述命令。选择其中一个节点作为当前节点,在这个节点上为当前用户产生RSA密钥或者DSA密钥,这个密钥都将存储在.ssh目录下的相关文件中。其中RSA公钥和私钥分别存放在文件id_rsa.pub和id_rsa中,而DSA公钥和私钥分别存放在文件id_dsa.pub和id_dsa中。例如,下面在节点gg02上产生RSA密钥:
-bash-3.2$ ssh-keygen -t rsa
Generating public/private rsa key pair.
Enter file in which to save the key (/opt/oracle/.ssh/id_rsa):
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /opt/oracle/.ssh/id_rsa.
Your public key has been saved in /opt/oracle/.ssh/id_rsa.pub.
The key fingerprint is:
2a:ca:45:b2:6d:44:34:3a:27:41:68:a0:a4:ce:90:f3 oracle@gg02
为了保护私钥,在创建RSA密钥时,可以为RSA私钥指定口令(passphrase),以后在读私钥时需要输入这个口令。以下命令用于在节点gg02为oracle用户产生DSA密钥:
-bash-3.2$ ssh-keygen -t dsa
Generating public/private dsa key pair.
Enter file in which to save the key (/opt/oracle/.ssh/id_dsa):
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /opt/oracle/.ssh/id_dsa.
Your public key has been saved in /opt/oracle/.ssh/id_dsa.pub.
The key fingerprint is:
2c:8f:e2:5d:67:44:c4:8f:b7:17:a4:f4:84:90:eb:73 oracle@gg02
在创建DSA密钥时,同样可以为DSA私钥指定口令。下面的命令用于将DSA公钥和RSA公钥复制到authorized_keys文件中,并为这个文件设置权限:
第五步,
-bash-3.2$ pwd
/opt/oracle/.ssh
-bash-3.2$ cat id_dsa.pub >> authorized_keys
-bash-3.2$ cat id_rsa.pub >> authorized_keys
-bash-3.2$chmod 600 authorized_keys
[oracle@gg02 .ssh]$ scp authorized_keys 10.86.87.120:/opt/oracle/.ssh
oracle@gg01's password:
注:最后一步还是比较重要的。
第六步,
[oracle@gg01 .ssh]$ exec /usr/bin/ssh-agent
[oracle@gg01 .ssh]$ /usr/bin/ssh-add
Identity added: /home/oracle/.ssh/id_rsa (/home/oracle/.ssh/id_rsa)
Identity added: /home/oracle/.ssh/id_dsa (/home/oracle/.ssh/id_dsa)
注:这一步在120上执行即可
[oracle@gg02 ~]$ ssh 10.86.87.120 date
Mon May 7 11:54:00 EDT 2012
注:对等关系建立成功。
解决的问题:
当使用ssh-add 添加新的内容,提示如下错误时:
Could not open a connection to your authentication agent.
可以通过先运行如下命令:
ssh-agent bash
再重新添加
/usr/bin/ssh-add
通过scp把文件上传到另外一个主机上,或者通过ftp上传到另外一个主机上。