6.一键配置多个节点服务器互信

已于 2024-02-01 10:20:04 修改
阅读量1.2k 收藏 3
点赞数
分类专栏: Oracle数据库 文章标签: 服务器 运维 oracle 数据库
于 2023-04-25 15:59:45 首次发布
版权声明:本文为博主原创文章,遵循 CC 4.0 BY-SA 版权协议,转载请附上原文出处链接和本声明。
本文链接:https://blog.csdn.net/michaeldata/article/details/130365461
版权

文章目录

  • 前言
  • 服务器信息
  • 一、服务器的配置
  • 二、配置节点互信
    • 1.配置互信
    • 2.验证互信
    • 3.执行日志
    • 4.脚本内容
  • 总结

1.Oracle11gR2数据库安装
https://edu.csdn.net/course/detail/27750

2.Oracle 12c 数据库安装
https://edu.csdn.net/course/detail/35882

3.Oracle 19c 数据库一键安装
https://edu.csdn.net/course/detail/39198

4.Oracle 19c RAC For Linux安装部署 (视频讲解)
https://edu.csdn.net/course/detail/35792

5.oracle 19c 数据库基础和日常管理
https://edu.csdn.net/course/detail/36112

6.Oracle 11g DataGuard RAC集群到单节点部署
https://edu.csdn.net/course/detail/35959

7.Oracle数据库 底层原理解析_解析oracle数据库内部实现(视频讲解)
https://edu.csdn.net/course/detail/35647

8.MySQL数据库基础实战教程
https://edu.csdn.net/course/detail/26743

前言

Oracle集群的部署需要多个服务器之间ssh的连接不需要输入密码,因此需要将各个节点实现免密连接。

本文章就详细介绍如果一键配置多个服务器节点之间的免密配置。

服务器信息

节点主机名IP地址
节点1node1192.168.1.10
节点2node2192.168.1.20
节点3node3192.168.1.30

一、服务器的配置

在所有的服务器节点主机名和IP地址添加到hosts文件

节点1的配置如下,其他的节点hosts内容一致。
[root@node1 ~]# cat /etc/hosts

127.0.0.1       localhost
192.168.1.10    node1
192.168.1.20    node2
192.168.1.30    node3

二、配置节点互信

2.1 配置互信

1.将脚本上传到指定的随意目录
名称为sshUserSetup.sh

2.给与脚本执行权限
chmod +x sshUserSetup.sh

3.创建需要免密连接的用户

在所有节点创建指定的用户,假如是user01

#创建user01用户
useradd user01

#设置用户密码
passwd user01

4.配置节点互信,使用root用户执行,在任意一个节点执行,执行过程中需要输入用户的密码
--user指定需要互信的用户
--hosts指定所有节点的主机名,注意有空格
./sshUserSetup.sh -user user01 -hosts "node1 node2 node3" -advanced -exverify -confirm -noPromptPassphrase

注:
如果是配置root用户互信,直接执行即可。

2.2 验证互信

验证node1节点,其他节点执行的命令和步骤一致,切换到指定用户user01

[root@node1 ~]# su - user01

2.3  执行日志

[root@node1 ~]# ./sshUserSetup.sh -user user01 -hosts "node1 node2 node3" -advanced -exverify -confirm -noPromptPassphrase
The output of this script is also logged into /tmp/sshUserSetup_2023-04-25-15-30-24.log
Hosts are node1 node2 node3
user is user01
Platform:- Linux 
Checking if the remote hosts are reachable
PING node1 (192.168.1.10) 56(84) bytes of data.
64 bytes from node1 (192.168.1.10): icmp_seq=1 ttl=64 time=0.012 ms
64 bytes from node1 (192.168.1.10): icmp_seq=2 ttl=64 time=0.037 ms
64 bytes from node1 (192.168.1.10): icmp_seq=3 ttl=64 time=0.014 ms
64 bytes from node1 (192.168.1.10): icmp_seq=4 ttl=64 time=0.014 ms
64 bytes from node1 (192.168.1.10): icmp_seq=5 ttl=64 time=0.027 ms

--- node1 ping statistics ---
5 packets transmitted, 5 received, 0% packet loss, time 4000ms
rtt min/avg/max/mdev = 0.012/0.020/0.037/0.011 ms
PING node2 (192.168.1.20) 56(84) bytes of data.
64 bytes from node2 (192.168.1.20): icmp_seq=1 ttl=64 time=0.356 ms
64 bytes from node2 (192.168.1.20): icmp_seq=2 ttl=64 time=0.480 ms
64 bytes from node2 (192.168.1.20): icmp_seq=3 ttl=64 time=0.424 ms
64 bytes from node2 (192.168.1.20): icmp_seq=4 ttl=64 time=0.537 ms
64 bytes from node2 (192.168.1.20): icmp_seq=5 ttl=64 time=0.410 ms

--- node2 ping statistics ---
5 packets transmitted, 5 received, 0% packet loss, time 4003ms
rtt min/avg/max/mdev = 0.356/0.441/0.537/0.064 ms
PING node3 (192.168.1.30) 56(84) bytes of data.
64 bytes from node3 (192.168.1.30): icmp_seq=1 ttl=64 time=0.960 ms
64 bytes from node3 (192.168.1.30): icmp_seq=2 ttl=64 time=1.76 ms
64 bytes from node3 (192.168.1.30): icmp_seq=3 ttl=64 time=0.265 ms
64 bytes from node3 (192.168.1.30): icmp_seq=4 ttl=64 time=0.215 ms
64 bytes from node3 (192.168.1.30): icmp_seq=5 ttl=64 time=0.278 ms

--- node3 ping statistics ---
5 packets transmitted, 5 received, 0% packet loss, time 4004ms
rtt min/avg/max/mdev = 0.215/0.696/1.764/0.600 ms
Remote host reachability check succeeded.
The following hosts are reachable: node1 node2 node3.
The following hosts are not reachable: .
All hosts are reachable. Proceeding further...
firsthost node1
numhosts 3
The script will setup SSH connectivity from the host node1 to all
the remote hosts. After the script is executed, the user can use SSH to run
commands on the remote hosts or copy files between this host node1
and the remote hosts without being prompted for passwords or confirmations.

NOTE 1:
As part of the setup procedure, this script will use ssh and scp to copy
files between the local host and the remote hosts. Since the script does not
store passwords, you may be prompted for the passwords during the execution of
the script whenever ssh or scp is invoked.

NOTE 2:
AS PER SSH REQUIREMENTS, THIS SCRIPT WILL SECURE THE USER HOME DIRECTORY
AND THE .ssh DIRECTORY BY REVOKING GROUP AND WORLD WRITE PRIVILEDGES TO THESE
directories.

Do you want to continue and let the script make the above mentioned changes (yes/no)?
Confirmation provided on the command line

The user chose yes
User chose to skip passphrase related questions.
Creating .ssh directory on local host, if not present already
Creating authorized_keys file on local host
Changing permissions on authorized_keys to 644 on local host
Creating known_hosts file on local host
Changing permissions on known_hosts to 644 on local host
Creating config file on local host
If a config file exists already at /root/.ssh/config, it would be backed up to /root/.ssh/config.backup.
Creating .ssh directory and setting permissions on remote host node1
THE SCRIPT WOULD ALSO BE REVOKING WRITE PERMISSIONS FOR group AND others ON THE HOME DIRECTORY FOR user01. THIS IS AN SSH REQUIREMENT.
The script would create ~user01/.ssh/config file on remote host node1. If a config file exists already at ~user01/.ssh/config, it would be backed up to ~user01/.ssh/config.backup.
The user may be prompted for a password here since the script would be running SSH on host node1.
Warning: Permanently added 'node1,192.168.1.10' (ECDSA) to the list of known hosts.
user01@node1's password:   ---> 输入user01的密码
Attempting to create directory /home/user01/perl5
Done with creating .ssh directory and setting permissions on remote host node1.
Creating .ssh directory and setting permissions on remote host node2
THE SCRIPT WOULD ALSO BE REVOKING WRITE PERMISSIONS FOR group AND others ON THE HOME DIRECTORY FOR user01. THIS IS AN SSH REQUIREMENT.
The script would create ~user01/.ssh/config file on remote host node2. If a config file exists already at ~user01/.ssh/config, it would be backed up to ~user01/.ssh/config.backup.
The user may be prompted for a password here since the script would be running SSH on host node2.
Warning: Permanently added 'node2,192.168.1.20' (ECDSA) to the list of known hosts.
user01@node2's password:    ---> 输入user01的密码
Done with creating .ssh directory and setting permissions on remote host node2.
Creating .ssh directory and setting permissions on remote host node3
THE SCRIPT WOULD ALSO BE REVOKING WRITE PERMISSIONS FOR group AND others ON THE HOME DIRECTORY FOR user01. THIS IS AN SSH REQUIREMENT.
The script would create ~user01/.ssh/config file on remote host node3. If a config file exists already at ~user01/.ssh/config, it would be backed up to ~user01/.ssh/config.backup.
The user may be prompted for a password here since the script would be running SSH on host node3.
Warning: Permanently added 'node3,192.168.1.30' (ECDSA) to the list of known hosts.
user01@node3's password:    ---> 输入user01的密码
Done with creating .ssh directory and setting permissions on remote host node3.
Copying local host public key to the remote host node1
The user may be prompted for a password or passphrase here since the script would be using SCP for host node1.
user01@node1's password:   ---> 输入user01的密码
Done copying local host public key to the remote host node1
Copying local host public key to the remote host node2
The user may be prompted for a password or passphrase here since the script would be using SCP for host node2.
user01@node2's password:    ---> 输入user01的密码
Done copying local host public key to the remote host node2
Copying local host public key to the remote host node3
The user may be prompted for a password or passphrase here since the script would be using SCP for host node3.
user01@node3's password:    ---> 输入user01的密码
Done copying local host public key to the remote host node3
Creating keys on remote host node1 if they do not exist already. This is required to setup SSH on host node1.
Generating public/private rsa key pair.
Your identification has been saved in .ssh/id_rsa.
Your public key has been saved in .ssh/id_rsa.pub.
The key fingerprint is:
SHA256:ySeQMCXnpws1e4PqUgtP57ZDTrXsu7t1vHsvcqbTAG8 user01@node1
The key's randomart image is:
+---[RSA 1024]----+
|    +.o          |
|     * .         |
|      * .        |
|     . O...      |
|    . +oS..o     |
|  . oo+oo+ .E    |
|   =.B..  ..oo   |
|  ..o = .. .o.*  |
|   ....o==  +O o.|
+----[SHA256]-----+
Creating keys on remote host node2 if they do not exist already. This is required to setup SSH on host node2.
Generating public/private rsa key pair.
Your identification has been saved in .ssh/id_rsa.
Your public key has been saved in .ssh/id_rsa.pub.
The key fingerprint is:
SHA256:KncICP6Zxp6IumlWuiQhEnIrWO7/ff2OxKLXMQPgqug user01@node2
The key's randomart image is:
+---[RSA 1024]----+
|                 |
|        .        |
|+ o    . .       |
|+* o    . .      |
|*.+ .  .S  .     |
|o+o.o..o   .+    |
|..+B..+ . .oo+   |
|+==.oo o .ooo.   |
|O=Eo... oo  .oo  |
+----[SHA256]-----+
Creating keys on remote host node3 if they do not exist already. This is required to setup SSH on host node3.
Generating public/private rsa key pair.
Your identification has been saved in .ssh/id_rsa.
Your public key has been saved in .ssh/id_rsa.pub.
The key fingerprint is:
SHA256:staVB277iTrduGjoJHv3vfWWTh/Ty4uc1RWHKPidBt8 user01@node3
The key's randomart image is:
+---[RSA 1024]----+
|                 |
|         .   . . |
|        . + . ...|
|         o B o  o|
|      . S * * E .|
|       + o +    +|
|    . +....o  .=+|
|     =o +.o+oo*o*|
|    .o.oo++.==.*+|
+----[SHA256]-----+
Updating authorized_keys file on remote host node1
Updating known_hosts file on remote host node1
Updating authorized_keys file on remote host node2
Updating known_hosts file on remote host node2
Updating authorized_keys file on remote host node3
Updating known_hosts file on remote host node3
SSH setup is complete.

------------------------------------------------------------------------
Verifying SSH setup
===================
The script will now run the date command on the remote nodes using ssh
to verify if ssh is setup correctly. IF THE SETUP IS CORRECTLY SETUP,
THERE SHOULD BE NO OUTPUT OTHER THAN THE DATE AND SSH SHOULD NOT ASK FOR
PASSWORDS. If you see any output other than date or are prompted for the
password, ssh is not setup correctly and you will need to resolve the
issue and set up ssh again.
The possible causes for failure could be:
1. The server settings in /etc/ssh/sshd_config file do not allow ssh
for user user01.
2. The server may have disabled public key based authentication.
3. The client public key on the server may be outdated.
4. ~user01 or ~user01/.ssh on the remote host may not be owned by user01.
5. User may not have passed -shared option for shared remote users or
may be passing the -shared option for non-shared remote users.
6. If there is output in addition to the date, but no password is asked,
it may be a security alert shown as part of company policy. Append the
additional text to the <OMS HOME>/sysman/prov/resources/ignoreMessages.txt file.
------------------------------------------------------------------------
--node1:--
Running /usr/bin/ssh -x -l user01 node1 date to verify SSH connectivity has been setup from local host to node1.
IF YOU SEE ANY OTHER OUTPUT BESIDES THE OUTPUT OF THE DATE COMMAND OR IF YOU ARE PROMPTED FOR A PASSWORD HERE, IT MEANS SSH SETUP HAS NOT BEEN SUCCESSFUL. Please note that being prompted for a passphrase may be OK but being prompted for a password is ERROR.
Tue Apr 25 15:30:54 CST 2023
------------------------------------------------------------------------
--node2:--
Running /usr/bin/ssh -x -l user01 node2 date to verify SSH connectivity has been setup from local host to node2.
IF YOU SEE ANY OTHER OUTPUT BESIDES THE OUTPUT OF THE DATE COMMAND OR IF YOU ARE PROMPTED FOR A PASSWORD HERE, IT MEANS SSH SETUP HAS NOT BEEN SUCCESSFUL. Please note that being prompted for a passphrase may be OK but being prompted for a password is ERROR.
Tue Apr 25 15:30:54 CST 2023
------------------------------------------------------------------------
--node3:--
Running /usr/bin/ssh -x -l user01 node3 date to verify SSH connectivity has been setup from local host to node3.
IF YOU SEE ANY OTHER OUTPUT BESIDES THE OUTPUT OF THE DATE COMMAND OR IF YOU ARE PROMPTED FOR A PASSWORD HERE, IT MEANS SSH SETUP HAS NOT BEEN SUCCESSFUL. Please note that being prompted for a passphrase may be OK but being prompted for a password is ERROR.
Tue Apr 25 15:30:54 CST 2023
------------------------------------------------------------------------
------------------------------------------------------------------------
Verifying SSH connectivity has been setup from node1 to node1
------------------------------------------------------------------------
IF YOU SEE ANY OTHER OUTPUT BESIDES THE OUTPUT OF THE DATE COMMAND OR IF YOU ARE PROMPTED FOR A PASSWORD HERE, IT MEANS SSH SETUP HAS NOT BEEN SUCCESSFUL.
Bad owner or permissions on /home/user01/.ssh/config
------------------------------------------------------------------------
------------------------------------------------------------------------
Verifying SSH connectivity has been setup from node1 to node2
------------------------------------------------------------------------
IF YOU SEE ANY OTHER OUTPUT BESIDES THE OUTPUT OF THE DATE COMMAND OR IF YOU ARE PROMPTED FOR A PASSWORD HERE, IT MEANS SSH SETUP HAS NOT BEEN SUCCESSFUL.
Bad owner or permissions on /home/user01/.ssh/config
------------------------------------------------------------------------
------------------------------------------------------------------------
Verifying SSH connectivity has been setup from node1 to node3
------------------------------------------------------------------------
IF YOU SEE ANY OTHER OUTPUT BESIDES THE OUTPUT OF THE DATE COMMAND OR IF YOU ARE PROMPTED FOR A PASSWORD HERE, IT MEANS SSH SETUP HAS NOT BEEN SUCCESSFUL.
Bad owner or permissions on /home/user01/.ssh/config
------------------------------------------------------------------------
-Verification from node1 complete-
------------------------------------------------------------------------
Verifying SSH connectivity has been setup from node2 to node1
------------------------------------------------------------------------
IF YOU SEE ANY OTHER OUTPUT BESIDES THE OUTPUT OF THE DATE COMMAND OR IF YOU ARE PROMPTED FOR A PASSWORD HERE, IT MEANS SSH SETUP HAS NOT BEEN SUCCESSFUL.
Bad owner or permissions on /home/user01/.ssh/config
------------------------------------------------------------------------
------------------------------------------------------------------------
Verifying SSH connectivity has been setup from node2 to node2
------------------------------------------------------------------------
IF YOU SEE ANY OTHER OUTPUT BESIDES THE OUTPUT OF THE DATE COMMAND OR IF YOU ARE PROMPTED FOR A PASSWORD HERE, IT MEANS SSH SETUP HAS NOT BEEN SUCCESSFUL.
Bad owner or permissions on /home/user01/.ssh/config
------------------------------------------------------------------------
------------------------------------------------------------------------
Verifying SSH connectivity has been setup from node2 to node3
------------------------------------------------------------------------
IF YOU SEE ANY OTHER OUTPUT BESIDES THE OUTPUT OF THE DATE COMMAND OR IF YOU ARE PROMPTED FOR A PASSWORD HERE, IT MEANS SSH SETUP HAS NOT BEEN SUCCESSFUL.
Bad owner or permissions on /home/user01/.ssh/config
------------------------------------------------------------------------
-Verification from node2 complete-
------------------------------------------------------------------------
Verifying SSH connectivity has been setup from node3 to node1
------------------------------------------------------------------------
IF YOU SEE ANY OTHER OUTPUT BESIDES THE OUTPUT OF THE DATE COMMAND OR IF YOU ARE PROMPTED FOR A PASSWORD HERE, IT MEANS SSH SETUP HAS NOT BEEN SUCCESSFUL.
Bad owner or permissions on /home/user01/.ssh/config
------------------------------------------------------------------------
------------------------------------------------------------------------
Verifying SSH connectivity has been setup from node3 to node2
------------------------------------------------------------------------
IF YOU SEE ANY OTHER OUTPUT BESIDES THE OUTPUT OF THE DATE COMMAND OR IF YOU ARE PROMPTED FOR A PASSWORD HERE, IT MEANS SSH SETUP HAS NOT BEEN SUCCESSFUL.
Bad owner or permissions on /home/user01/.ssh/config
------------------------------------------------------------------------
------------------------------------------------------------------------
Verifying SSH connectivity has been setup from node3 to node3
------------------------------------------------------------------------
IF YOU SEE ANY OTHER OUTPUT BESIDES THE OUTPUT OF THE DATE COMMAND OR IF YOU ARE PROMPTED FOR A PASSWORD HERE, IT MEANS SSH SETUP HAS NOT BEEN SUCCESSFUL.
Bad owner or permissions on /home/user01/.ssh/config
------------------------------------------------------------------------
-Verification from node3 complete-
SSH verification complete.
[root@node1 ~]#

2.4 脚本内容

#!/bin/sh
numargs=$#

ADVANCED=false
HOSTNAME=`hostname`
CONFIRM=no
SHARED=false
i=1
USR=$USER

if  test -z "$TEMP"
then
  TEMP=/tmp
fi

IDENTITY=id_rsa
LOGFILE=$TEMP/sshUserSetup_`date +%F-%H-%M-%S`.log
VERIFY=false
EXHAUSTIVE_VERIFY=false
HELP=false
PASSPHRASE=no
RERUN_SSHKEYGEN=no
NO_PROMPT_PASSPHRASE=no

while [ $i -le $numargs ]
do
  j=$1 
  if [ $j = "-hosts" ] 
  then
     HOSTS=$2
     shift 1
     i=`expr $i + 1`
  fi
  if [ $j = "-user" ] 
  then
     USR=$2
     shift 1
     i=`expr $i + 1`
   fi
  if [ $j = "-logfile" ] 
  then
     LOGFILE=$2
     shift 1
     i=`expr $i + 1`
   fi
  if [ $j = "-confirm" ] 
  then
     CONFIRM=yes
   fi
  if [ $j = "-hostfile" ] 
  then
     CLUSTER_CONFIGURATION_FILE=$2
     shift 1
     i=`expr $i + 1`
   fi
  if [ $j = "-usePassphrase" ] 
  then
     PASSPHRASE=yes
   fi
  if [ $j = "-noPromptPassphrase" ] 
  then
     NO_PROMPT_PASSPHRASE=yes
   fi
  if [ $j = "-shared" ] 
  then
     SHARED=true
   fi
  if [ $j = "-exverify" ] 
  then
     EXHAUSTIVE_VERIFY=true
   fi
  if [ $j = "-verify" ] 
  then
     VERIFY=true
   fi
  if [ $j = "-advanced" ] 
  then
     ADVANCED=true
   fi
  if [ $j = "-help" ] 
  then
     HELP=true
   fi
  i=`expr $i + 1`
  shift 1
done


if [ $HELP = "true" ]
then
  echo "Usage $0 -user <user name> [ -hosts \"<space separated hostlist>\" | -hostfile <absolute path of cluster configuration file> ] [ -advanced ]  [ -verify] [ -exverify ] [ -logfile <desired absolute path of logfile> ] [-confirm] [-shared] [-help] [-usePassphrase] [-noPromptPassphrase]"
echo "This script is used to setup SSH connectivity from the host on which it is run to the specified remote hosts. After this script is run, the user can use  SSH to run commands on the remote hosts or copy files between the local host and the remote hosts without being prompted for passwords or confirmations.  The list of remote hosts and the user name on the remote host is specified as a command line parameter to the script. "
echo "-user : User on remote hosts. " 
echo "-hosts : Space separated remote hosts list. " 
echo "-hostfile : The user can specify the host names either through the -hosts option or by specifying the absolute path of a cluster configuration file. A sample host file contents are below: " 
echo
echo  "   stacg30 stacg30int 10.1.0.0 stacg30v  -"
echo  "   stacg34 stacg34int 10.1.0.1 stacg34v  -"
echo 
echo " The first column in each row of the host file will be used as the host name."
echo 
echo "-usePassphrase : The user wants to set up passphrase to encrypt the private key on the local host. " 
echo "-noPromptPassphrase : The user does not want to be prompted for passphrase related questions. This is for users who want the default behavior to be followed." 
echo "-shared : In case the user on the remote host has its home directory NFS mounted or shared across the remote hosts, this script should be used with -shared option. " 
echo "  It is possible for the user to determine whether a user's home directory is shared or non-shared. Let us say we want to determine that user user1's home directory is shared across hosts A, B and C."
echo " Follow the following steps:"
echo "    1. On host A, touch ~user1/checkSharedHome.tmp"
echo "    2. On hosts B and C, ls -al ~user1/checkSharedHome.tmp" 
echo "    3. If the file is present on hosts B and C in ~user1 directory and"
echo "       is identical on all hosts A, B, C, it means that the user's home "
echo "       directory is shared."
echo "    4. On host A, rm -f ~user1/checkSharedHome.tmp"
echo " In case the user accidentally passes -shared option for non-shared homes or viceversa,SSH connectivity would only be set up for a subset of the hosts. The user would have to re-run the setyp script with the correct option to rectify this problem."
echo "-advanced :  Specifying the -advanced option on the command line would result in SSH  connectivity being setup among the remote hosts which means that SSH can be used to run commands on one remote host from the other remote host or copy files between the remote hosts without being prompted for passwords or confirmations."
echo "-confirm: The script would remove write permissions on the remote hosts for the user home directory and ~/.ssh directory for "group" and "others". This is an SSH requirement. The user would be explicitly informed about this by the script and prompted to continue. In case the user presses no, the script would exit. In case the user does not want to be prompted, he can use -confirm option."
echo  "As a part of the setup, the script would use SSH to create files within ~/.ssh directory of the remote node and to setup the requisite permissions. The script also uses SCP to copy the local host public key to the remote hosts so that the remote hosts trust the local host for SSH. At the time, the script performs these steps, SSH connectivity has not been completely setup  hence the script would prompt the user for the remote host password.  "
echo "For each remote host, for remote users with non-shared homes this would be done once for SSH and  once for SCP. If the number of remote hosts are x, the user would be prompted  2x times for passwords. For remote users with shared homes, the user would be prompted only twice, once each for SCP and SSH.  For security reasons, the script does not save passwords and reuse it. Also, for security reasons, the script does not accept passwords redirected from a file. The user has to key in the confirmations and passwords at the prompts. "
echo "-verify : -verify option means that the user just wants to verify whether SSH has been set up. In this case, the script would not setup SSH but would only check whether SSH connectivity has been setup from the local host to the remote hosts. The script would run the date command on each remote host using SSH. In case the user is prompted for a password or sees a warning message for a particular host, it means SSH connectivity has not been setup correctly for that host.  In case the -verify option is not specified, the script would setup SSH and then do the verification as well. "
echo "-exverify : In case the user speciies the -exverify option, an exhaustive verification for all hosts would be done. In that case, the following would be checked: "
echo "   1. SSH connectivity from local host to all remote hosts. "
echo "   2. SSH connectivity from each remote host to itself and other remote hosts.  "
echo The -exverify option can be used in conjunction with the -verify option as well to do an exhaustive verification once the setup has been done.  
echo "Taking some examples: Let us say local host is Z, remote hosts are A,B and C. Local user is njerath. Remote users are racqa(non-shared), aime(shared)."
echo "$0 -user racqa -hosts "A B C" -advanced -exverify -confirm"
echo "Script would set up connectivity from Z -> A, Z -> B, Z -> C, A -> A, A -> B, A -> C, B -> A, B -> B, B -> C, C -> A, C -> B, C -> C."
echo "Since user has given -exverify option, all these scenario would be verified too."
echo
echo "Now the user runs : $0 -user racqa -hosts "A B C" -verify"
echo "Since -verify option is given, no SSH setup would be done, only verification of existing setup. Also, since -exverify or -advanced options are not given, script would only verify connectivity from Z -> A, Z -> B, Z -> C"

echo "Now the user runs : $0 -user racqa -hosts "A B C" -verify -advanced"
echo "Since -verify option is given, no SSH setup would be done, only verification of existing setup. Also, since  -advanced options is given, script would verify connectivity from Z -> A, Z -> B, Z -> C, A-> A, A->B, A->C, A->D"

echo "Now the user runs:"
echo "$0 -user aime -hosts "A B C" -confirm -shared"
echo "Script would set up connectivity between  Z->A, Z->B, Z->C only since advanced option is not given."
echo "All these scenarios would be verified too."

exit
fi

if test -z "$HOSTS"
then
   if test -n "$CLUSTER_CONFIGURATION_FILE" && test -f "$CLUSTER_CONFIGURATION_FILE"
   then
      HOSTS=`awk '$1 !~ /^#/ { str = str " " $1 } END { print str }' $CLUSTER_CONFIGURATION_FILE` 
   elif ! test -f "$CLUSTER_CONFIGURATION_FILE"
   then
     echo "Please specify a valid and existing cluster configuration file."
   fi
fi

if  test -z "$HOSTS" || test -z $USR
then
echo "Either user name or host information is missing"
echo "Usage $0 -user <user name> [ -hosts \"<space separated hostlist>\" | -hostfile <absolute path of cluster configuration file> ] [ -advanced ]  [ -verify] [ -exverify ] [ -logfile <desired absolute path of logfile> ] [-confirm] [-shared] [-help] [-usePassphrase] [-noPromptPassphrase]" 
exit 1
fi

if [ -d $LOGFILE ]; then
    echo $LOGFILE is a directory, setting logfile to $LOGFILE/ssh.log
    LOGFILE=$LOGFILE/ssh.log
fi

echo The output of this script is also logged into $LOGFILE | tee -a $LOGFILE

if [ `echo $?` != 0 ]; then
    echo Error writing to the logfile $LOGFILE, Exiting
    exit 1
fi

echo Hosts are $HOSTS | tee -a $LOGFILE
echo user is  $USR | tee -a $LOGFILE
SSH="/usr/bin/ssh"
SCP="/usr/bin/scp"
SSH_KEYGEN="/usr/bin/ssh-keygen"
calculateOS()
{
    platform=`uname -s`
    case "$platform"
    in
       "SunOS")  os=solaris;;
       "Linux")  os=linux;;
       "HP-UX")  os=hpunix;;
         "AIX")  os=aix;;
             *)  echo "Sorry, $platform is not currently supported." | tee -a $LOGFILE
                 exit 1;;
    esac

    echo "Platform:- $platform " | tee -a $LOGFILE
}
calculateOS
BITS=1024
ENCR="rsa"

deadhosts=""
alivehosts=""
if [ $platform = "Linux" ]
then
    PING="/bin/ping"
else
    PING="/usr/sbin/ping"
fi
#bug 9044791
if [ -n "$SSH_PATH" ]; then
    SSH=$SSH_PATH
fi
if [ -n "$SCP_PATH" ]; then
    SCP=$SCP_PATH
fi
if [ -n "$SSH_KEYGEN_PATH" ]; then
    SSH_KEYGEN=$SSH_KEYGEN_PATH
fi
if [ -n "$PING_PATH" ]; then
    PING=$PING_PATH
fi
PATH_ERROR=0
if test ! -x $SSH ; then
    echo "ssh not found at $SSH. Please set the variable SSH_PATH to the correct location of ssh and retry."
    PATH_ERROR=1
fi 
if test ! -x $SCP ; then
    echo "scp not found at $SCP. Please set the variable SCP_PATH to the correct location of scp and retry."
    PATH_ERROR=1
fi 
if test ! -x $SSH_KEYGEN ; then
    echo "ssh-keygen not found at $SSH_KEYGEN. Please set the variable SSH_KEYGEN_PATH to the correct location of ssh-keygen and retry."
    PATH_ERROR=1
fi 
if test ! -x $PING ; then
    echo "ping not found at $PING. Please set the variable PING_PATH to the correct location of ping and retry."
    PATH_ERROR=1
fi 
if [ $PATH_ERROR = 1 ]; then
    echo "ERROR: one or more of the required binaries not found, exiting"
    exit 1
fi
#9044791 end
echo Checking if the remote hosts are reachable | tee -a $LOGFILE
for host in $HOSTS
do
   if [ $platform = "SunOS" ]; then
       $PING -s $host 5 5
   elif [ $platform = "HP-UX" ]; then
       $PING $host -n 5 -m 5
   else
       $PING -c 5 -w 5 $host
   fi
  exitcode=`echo $?`
  if [ $exitcode = 0 ]
  then
     alivehosts="$alivehosts $host"
  else
     deadhosts="$deadhosts $host"
  fi
done

if test -z "$deadhosts"
then
   echo Remote host reachability check succeeded.  | tee -a $LOGFILE
   echo The following hosts are reachable: $alivehosts.  | tee -a $LOGFILE
   echo The following hosts are not reachable: $deadhosts.  | tee -a $LOGFILE
   echo All hosts are reachable. Proceeding further...  | tee -a $LOGFILE
else
   echo Remote host reachability check failed.  | tee -a $LOGFILE
   echo The following hosts are reachable: $alivehosts.  | tee -a $LOGFILE
   echo The following hosts are not reachable: $deadhosts.  | tee -a $LOGFILE
   echo Please ensure that all the hosts are up and re-run the script.  | tee -a $LOGFILE
   echo Exiting now...  | tee -a $LOGFILE
   exit 1
fi

firsthost=`echo $HOSTS | awk '{print $1}; END { }'`
echo firsthost $firsthost
numhosts=`echo $HOSTS | awk '{ }; END {print NF}'`
echo numhosts $numhosts

if [ $VERIFY = "true" ]
then
   echo Since user has specified -verify option, SSH setup would not be done. Only, existing SSH setup would be verified. | tee -a $LOGFILE
   continue
else
echo The script will setup SSH connectivity from the host ''`hostname`'' to all  | tee -a $LOGFILE 
echo the remote hosts. After the script is executed, the user can use SSH to run  | tee -a $LOGFILE 
echo commands on the remote hosts or copy files between this host ''`hostname`'' | tee -a $LOGFILE 
echo and the remote hosts without being prompted for passwords or confirmations. | tee -a $LOGFILE 
echo  | tee -a $LOGFILE 
echo NOTE 1: | tee -a $LOGFILE 
echo As part of the setup procedure, this script will use 'ssh' and 'scp' to copy | tee -a $LOGFILE 
echo files between the local host and the remote hosts. Since the script does not  | tee -a $LOGFILE 
echo store passwords, you may be prompted for the passwords during the execution of  | tee -a $LOGFILE 
echo the script whenever 'ssh' or 'scp' is invoked. | tee -a $LOGFILE 
echo  | tee -a $LOGFILE 
echo NOTE 2: | tee -a $LOGFILE 
echo "AS PER SSH REQUIREMENTS, THIS SCRIPT WILL SECURE THE USER HOME DIRECTORY" | tee -a $LOGFILE 
echo AND THE .ssh DIRECTORY BY REVOKING GROUP AND WORLD WRITE PRIVILEDGES TO THESE  | tee -a $LOGFILE 
echo "directories." | tee -a $LOGFILE 
echo  | tee -a $LOGFILE 
echo "Do you want to continue and let the script make the above mentioned changes (yes/no)?" | tee -a $LOGFILE 

if [ "$CONFIRM" = "no" ] 
then 
  read CONFIRM 
else
  echo "Confirmation provided on the command line" | tee -a $LOGFILE
fi 
   
echo  | tee -a $LOGFILE 
echo The user chose ''$CONFIRM'' | tee -a $LOGFILE 
 
if [ "$CONFIRM" = "no" ] 
then 
  echo "SSH setup is not done." | tee -a $LOGFILE 
  exit 1 
else 
  if [ $NO_PROMPT_PASSPHRASE = "yes" ]
  then
    echo "User chose to skip passphrase related questions."  | tee -a $LOGFILE
  else
    typeset -i PASSPHRASE_PROMPT
    if [ $SHARED = "true" ]
    then
	  PASSPHRASE_PROMPT=2*${numhosts}+1
    else
	  PASSPHRASE_PROMPT=2*${numhosts} 
    fi
    echo "Please specify if you want to specify a passphrase for the private key this script will create for the local host. Passphrase is used to encrypt the private key and makes SSH much more secure. Type 'yes' or 'no' and then press enter. In case you press 'yes', you would need to enter the passphrase whenever the script executes ssh or scp. " | tee -a $LOGFILE
    echo "The estimated number of times the user would be prompted for a passphrase is $PASSPHRASE_PROMPT. In addition, if the private-public files are also newly created, the user would have to specify the passphrase on one additional occasion. " | tee -a $LOGFILE
    echo "Enter 'yes' or 'no'." | tee -a $LOGFILE
    if [ $PASSPHRASE = "no" ]
    then
      read PASSPHRASE
    else
      echo "Confirmation provided on the command line" | tee -a $LOGFILE
    fi 

    echo  | tee -a $LOGFILE 
    echo The user chose ''$PASSPHRASE'' | tee -a $LOGFILE 

    if [ "$PASSPHRASE" = "yes" ] 
    then 
       RERUN_SSHKEYGEN="yes"
#Checking for existence of ${IDENTITY} file
       if test -f  $HOME/.ssh/${IDENTITY}.pub && test -f  $HOME/.ssh/${IDENTITY} 
       then
	     echo "The files containing the client public and private keys already exist on the local host. The current private key may or may not have a passphrase associated with it. In case you remember the passphrase and do not want to re-run ssh-keygen, press 'no' and enter. If you press 'no', the script will not attempt to create any new public/private key pairs. If you press 'yes', the script will remove the old private/public key files existing and create new ones prompting the user to enter the passphrase. If you enter 'yes', any previous SSH user setups would be reset. If you press 'change', the script will associate a new passphrase with the old keys." | tee -a $LOGFILE
	     echo "Press 'yes', 'no' or 'change'" | tee -a $LOGFILE
             read RERUN_SSHKEYGEN 
             echo The user chose ''$RERUN_SSHKEYGEN'' | tee -a $LOGFILE 
       fi 
     else
       if test -f  $HOME/.ssh/${IDENTITY}.pub && test -f  $HOME/.ssh/${IDENTITY} 
       then
         echo "The files containing the client public and private keys already exist on the local host. The current private key may have a passphrase associated with it. In case you find using passphrase inconvenient(although it is more secure), you can change to it empty through this script. Press 'change' if you want the script to change the passphrase for you. Press 'no' if you want to use your old passphrase, if you had one."
         read RERUN_SSHKEYGEN 
         echo The user chose ''$RERUN_SSHKEYGEN'' | tee -a $LOGFILE 
       fi
     fi
  fi
  echo Creating .ssh directory on local host, if not present already | tee -a $LOGFILE
  mkdir -p $HOME/.ssh | tee -a $LOGFILE
echo Creating authorized_keys file on local host  | tee -a $LOGFILE
touch $HOME/.ssh/authorized_keys  | tee -a $LOGFILE
echo Changing permissions on authorized_keys to 644 on local host  | tee -a $LOGFILE
chmod 644 $HOME/.ssh/authorized_keys  | tee -a $LOGFILE
mv -f $HOME/.ssh/authorized_keys  $HOME/.ssh/authorized_keys.tmp | tee -a $LOGFILE
echo Creating known_hosts file on local host  | tee -a $LOGFILE
touch $HOME/.ssh/known_hosts  | tee -a $LOGFILE
echo Changing permissions on known_hosts to 644 on local host  | tee -a $LOGFILE
chmod 644 $HOME/.ssh/known_hosts  | tee -a $LOGFILE
mv -f $HOME/.ssh/known_hosts $HOME/.ssh/known_hosts.tmp | tee -a $LOGFILE


echo Creating config file on local host | tee -a $LOGFILE
echo If a config file exists already at $HOME/.ssh/config, it would be backed up to $HOME/.ssh/config.backup.
echo "Host *" > $HOME/.ssh/config.tmp | tee -a $LOGFILE
echo "ForwardX11 no" >> $HOME/.ssh/config.tmp | tee -a $LOGFILE

if test -f $HOME/.ssh/config 
then
  cp -f $HOME/.ssh/config $HOME/.ssh/config.backup
fi

mv -f $HOME/.ssh/config.tmp $HOME/.ssh/config  | tee -a $LOGFILE
chmod 644 $HOME/.ssh/config

if [ $RERUN_SSHKEYGEN = "yes" ]
then
  echo Removing old private/public keys on local host | tee -a $LOGFILE
  rm -f $HOME/.ssh/${IDENTITY} | tee -a $LOGFILE
  rm -f $HOME/.ssh/${IDENTITY}.pub | tee -a $LOGFILE
  echo Running SSH keygen on local host | tee -a $LOGFILE
  $SSH_KEYGEN -t $ENCR -b $BITS -f $HOME/.ssh/${IDENTITY}   | tee -a $LOGFILE

elif [ $RERUN_SSHKEYGEN = "change" ]
then
    echo Running SSH Keygen on local host to change the passphrase associated with the existing private key | tee -a $LOGFILE
    $SSH_KEYGEN -p -t $ENCR -b $BITS -f $HOME/.ssh/${IDENTITY} | tee -a $LOGFILE
elif test -f  $HOME/.ssh/${IDENTITY}.pub && test -f  $HOME/.ssh/${IDENTITY} 
then
    continue
else
    echo Removing old private/public keys on local host | tee -a $LOGFILE
    rm -f $HOME/.ssh/${IDENTITY} | tee -a $LOGFILE
    rm -f $HOME/.ssh/${IDENTITY}.pub | tee -a $LOGFILE
    echo Running SSH keygen on local host with empty passphrase | tee -a $LOGFILE
    $SSH_KEYGEN -t $ENCR -b $BITS -f $HOME/.ssh/${IDENTITY} -N ''  | tee -a $LOGFILE
fi

if [ $SHARED = "true" ]
then
  if [ $USER = $USR ]
  then
#No remote operations required
    echo Remote user is same as local user | tee -a $LOGFILE
    REMOTEHOSTS=""
    chmod og-w $HOME $HOME/.ssh | tee -a $LOGFILE
  else    
    REMOTEHOSTS="${firsthost}"
  fi
else
  REMOTEHOSTS="$HOSTS"
fi

for host in $REMOTEHOSTS
do
     echo Creating .ssh directory and setting permissions on remote host $host | tee -a $LOGFILE
     echo "THE SCRIPT WOULD ALSO BE REVOKING WRITE PERMISSIONS FOR "group" AND "others" ON THE HOME DIRECTORY FOR $USR. THIS IS AN SSH REQUIREMENT." | tee -a $LOGFILE
     echo The script would create ~$USR/.ssh/config file on remote host $host. If a config file exists already at ~$USR/.ssh/config, it would be backed up to ~$USR/.ssh/config.backup. | tee -a $LOGFILE
     echo The user may be prompted for a password here since the script would be running SSH on host $host. | tee -a $LOGFILE
     $SSH -o StrictHostKeyChecking=no -x -l $USR $host "/bin/sh -c \"  mkdir -p .ssh ; chmod og-w . .ssh;   touch .ssh/authorized_keys .ssh/known_hosts;  chmod 644 .ssh/authorized_keys  .ssh/known_hosts; cp  .ssh/authorized_keys .ssh/authorized_keys.tmp ;  cp .ssh/known_hosts .ssh/known_hosts.tmp; echo \\"Host *\\" > .ssh/config.tmp; echo \\"ForwardX11 no\\" >> .ssh/config.tmp; if test -f  .ssh/config ; then cp -f .ssh/config .ssh/config.backup; fi ; mv -f .ssh/config.tmp .ssh/config\""  | tee -a $LOGFILE
     echo Done with creating .ssh directory and setting permissions on remote host $host. | tee -a $LOGFILE
done

for host in $REMOTEHOSTS
do
  echo Copying local host public key to the remote host $host | tee -a $LOGFILE
  echo The user may be prompted for a password or passphrase here since the script would be using SCP for host $host. | tee -a $LOGFILE

  $SCP $HOME/.ssh/${IDENTITY}.pub  $USR@$host:.ssh/authorized_keys | tee -a $LOGFILE
  echo Done copying local host public key to the remote host $host | tee -a $LOGFILE
done

cat $HOME/.ssh/${IDENTITY}.pub >> $HOME/.ssh/authorized_keys | tee -a $LOGFILE

for host in $HOSTS
do
  if [ $ADVANCED = "true" ] 
  then
    echo Creating keys on remote host $host if they do not exist already. This is required to setup SSH on host $host. | tee -a $LOGFILE
    if [ $SHARED = "true" ]
    then
      IDENTITY_FILE_NAME=${IDENTITY}_$host
      COALESCE_IDENTITY_FILES_COMMAND="cat .ssh/${IDENTITY_FILE_NAME}.pub >> .ssh/authorized_keys"
    else
      IDENTITY_FILE_NAME=${IDENTITY}
    fi

   $SSH  -o StrictHostKeyChecking=no -x -l $USR $host " /bin/sh -c \"if test -f  .ssh/${IDENTITY_FILE_NAME}.pub && test -f  .ssh/${IDENTITY_FILE_NAME}; then echo; else rm -f .ssh/${IDENTITY_FILE_NAME} ;  rm -f .ssh/${IDENTITY_FILE_NAME}.pub ;  $SSH_KEYGEN -t $ENCR -b $BITS -f .ssh/${IDENTITY_FILE_NAME} -N '' ; fi; ${COALESCE_IDENTITY_FILES_COMMAND} \"" | tee -a $LOGFILE
  else 
#At least get the host keys from all hosts for shared case - advanced option not set
    if test  $SHARED = "true" && test $ADVANCED = "false"
    then
      if [ $PASSPHRASE = "yes" ]
      then
	 echo "The script will fetch the host keys from all hosts. The user may be prompted for a passphrase here in case the private key has been encrypted with a passphrase." | tee -a $LOGFILE
      fi
      $SSH  -o StrictHostKeyChecking=no -x -l $USR $host "/bin/sh -c true"
    fi
  fi
done

for host in $REMOTEHOSTS
do
  if test $ADVANCED = "true" && test $SHARED = "false"  
  then
      $SCP $USR@$host:.ssh/${IDENTITY}.pub $HOME/.ssh/${IDENTITY}.pub.$host | tee -a $LOGFILE
      cat $HOME/.ssh/${IDENTITY}.pub.$host >> $HOME/.ssh/authorized_keys | tee -a $LOGFILE
      rm -f $HOME/.ssh/${IDENTITY}.pub.$host | tee -a $LOGFILE
    fi
done

for host in $REMOTEHOSTS
do
   if [ $ADVANCED = "true" ]
   then
      if [ $SHARED != "true" ]
      then
         echo Updating authorized_keys file on remote host $host | tee -a $LOGFILE
         $SCP $HOME/.ssh/authorized_keys  $USR@$host:.ssh/authorized_keys | tee -a $LOGFILE
      fi 
     echo Updating known_hosts file on remote host $host | tee -a $LOGFILE
     $SCP $HOME/.ssh/known_hosts $USR@$host:.ssh/known_hosts | tee -a $LOGFILE
   fi
   if [ $PASSPHRASE = "yes" ]
   then
	 echo "The script will run SSH on the remote machine $host. The user may be prompted for a passphrase here in case the private key has been encrypted with a passphrase." | tee -a $LOGFILE
   fi
     $SSH -x -l $USR $host "/bin/sh -c \"cat .ssh/authorized_keys.tmp >> .ssh/authorized_keys; cat .ssh/known_hosts.tmp >> .ssh/known_hosts; rm -f  .ssh/known_hosts.tmp  .ssh/authorized_keys.tmp\"" | tee -a $LOGFILE
done

cat  $HOME/.ssh/known_hosts.tmp >> $HOME/.ssh/known_hosts | tee -a $LOGFILE
cat  $HOME/.ssh/authorized_keys.tmp >> $HOME/.ssh/authorized_keys | tee -a $LOGFILE
#Added chmod to fix BUG NO 5238814
chmod 644 $HOME/.ssh/authorized_keys
#Fix for BUG NO 5157782
chmod 644 $HOME/.ssh/config
rm -f  $HOME/.ssh/known_hosts.tmp $HOME/.ssh/authorized_keys.tmp | tee -a $LOGFILE
echo SSH setup is complete. | tee -a $LOGFILE
fi
fi

echo                                                                          | tee -a $LOGFILE
echo ------------------------------------------------------------------------ | tee -a $LOGFILE
echo Verifying SSH setup | tee -a $LOGFILE
echo =================== | tee -a $LOGFILE
echo The script will now run the 'date' command on the remote nodes using ssh | tee -a $LOGFILE
echo to verify if ssh is setup correctly. IF THE SETUP IS CORRECTLY SETUP,  | tee -a $LOGFILE
echo THERE SHOULD BE NO OUTPUT OTHER THAN THE DATE AND SSH SHOULD NOT ASK FOR | tee -a $LOGFILE
echo PASSWORDS. If you see any output other than date or are prompted for the | tee -a $LOGFILE
echo password, ssh is not setup correctly and you will need to resolve the  | tee -a $LOGFILE
echo issue and set up ssh again. | tee -a $LOGFILE
echo The possible causes for failure could be:  | tee -a $LOGFILE
echo   1. The server settings in /etc/ssh/sshd_config file do not allow ssh | tee -a $LOGFILE
echo      for user $USR. | tee -a $LOGFILE
echo   2. The server may have disabled public key based authentication.
echo   3. The client public key on the server may be outdated.
echo   4. ~$USR or  ~$USR/.ssh on the remote host may not be owned by $USR.  | tee -a $LOGFILE
echo   5. User may not have passed -shared option for shared remote users or | tee -a $LOGFILE
echo     may be passing the -shared option for non-shared remote users.  | tee -a $LOGFILE
echo   6. If there is output in addition to the date, but no password is asked, | tee -a $LOGFILE
echo   it may be a security alert shown as part of company policy. Append the | tee -a $LOGFILE
echo   "additional text to the <OMS HOME>/sysman/prov/resources/ignoreMessages.txt file." | tee -a $LOGFILE
echo ------------------------------------------------------------------------ | tee -a $LOGFILE
#read -t 30 dummy
  for host in $HOSTS
  do
    echo --$host:-- | tee -a $LOGFILE

     echo Running $SSH -x -l $USR $host date to verify SSH connectivity has been setup from local host to $host.  | tee -a $LOGFILE
     echo "IF YOU SEE ANY OTHER OUTPUT BESIDES THE OUTPUT OF THE DATE COMMAND OR IF YOU ARE PROMPTED FOR A PASSWORD HERE, IT MEANS SSH SETUP HAS NOT BEEN SUCCESSFUL. Please note that being prompted for a passphrase may be OK but being prompted for a password is ERROR." | tee -a $LOGFILE
     if [ $PASSPHRASE = "yes" ]
     then
       echo "The script will run SSH on the remote machine $host. The user may be prompted for a passphrase here in case the private key has been encrypted with a passphrase." | tee -a $LOGFILE
     fi
     $SSH -l $USR $host "/bin/sh -c date"  | tee -a $LOGFILE
echo ------------------------------------------------------------------------ | tee -a $LOGFILE
  done


if [ $EXHAUSTIVE_VERIFY = "true" ]
then
   for clienthost in $HOSTS
   do

      if [ $SHARED = "true" ]
      then
         REMOTESSH="$SSH -i .ssh/${IDENTITY}_${clienthost}"
      else
         REMOTESSH=$SSH
      fi

      for serverhost in  $HOSTS
      do
         echo ------------------------------------------------------------------------ | tee -a $LOGFILE
         echo Verifying SSH connectivity has been setup from $clienthost to $serverhost  | tee -a $LOGFILE
         echo ------------------------------------------------------------------------ | tee -a $LOGFILE
         echo "IF YOU SEE ANY OTHER OUTPUT BESIDES THE OUTPUT OF THE DATE COMMAND OR IF YOU ARE PROMPTED FOR A PASSWORD HERE, IT MEANS SSH SETUP HAS NOT BEEN SUCCESSFUL."  | tee -a $LOGFILE
         $SSH -l $USR $clienthost "$REMOTESSH $serverhost \"/bin/sh -c date\""  | tee -a $LOGFILE
         echo ------------------------------------------------------------------------ | tee -a $LOGFILE
      done  
       echo -Verification from $clienthost complete- | tee -a $LOGFILE
   done
else
   if [ $ADVANCED = "true" ]
   then
      if [ $SHARED = "true" ]
      then
         REMOTESSH="$SSH -i .ssh/${IDENTITY}_${firsthost}"
      else
         REMOTESSH=$SSH
      fi
     for host in $HOSTS
     do
         echo ------------------------------------------------------------------------ | tee -a $LOGFILE
        echo Verifying SSH connectivity has been setup from $firsthost to $host  | tee -a $LOGFILE
        echo "IF YOU SEE ANY OTHER OUTPUT BESIDES THE OUTPUT OF THE DATE COMMAND OR IF YOU ARE PROMPTED FOR A PASSWORD HERE, IT MEANS SSH SETUP HAS NOT BEEN SUCCESSFUL." | tee -a $LOGFILE
       $SSH -l $USR $firsthost "/bin/sh -c \"$REMOTESSH $host \\"/bin/sh -c date\\"\"" | tee -a $LOGFILE
         echo ------------------------------------------------------------------------ | tee -a $LOGFILE
    done
    echo -Verification from $clienthost complete- | tee -a $LOGFILE
  fi
fi
echo "SSH verification complete." | tee -a $LOGFILE

总结

        本文章详细介绍了多个服务器节点之间一键配置节点互信。

Oracle数据库 底层原理解析 (解析oracle数据库内部实现)
https://edu.csdn.net/course/detail/35647

Oracle 19c RAC For Linux安装部署
https://edu.csdn.net/course/detail/35792

Oracle11gR2数据库Linux系统上安装
https://edu.csdn.net/course/detail/27750

Oracle19c数据库Linux系统上安装
https://edu.csdn.net/course/detail/35881
 

天才小犀牛
关注
  • 0
    点赞
  • 3
    收藏
    觉得还不错? 一键收藏
  • 打赏
    打赏
  • 0
    评论
专栏目录
搭建5个节点的hadoop集群环境(CDH5)
陌上花开
05-18 5万+
搭建一个分布式的hadoop集群环境,下面是详细步骤,使用cdh5 。提示:如果还不了解Hadoop的,可以下查看这篇文章Hadoop生态系统,通过这篇文章,我们可以首先大致了解Hadoop及Hadoop的生态系统中的工具的使用场景。 一、硬件准备 基本配置: 操作系统 64位 CPU (英特尔)Intel(R) I3处理器 内存 8.00 GB ( 1600 MHz) 硬盘剩余空间 50G 流畅配置: 操作系统 64位
linuxoracle安装节点互信脚本.zip
07-06
"节点互信"是指在多台服务器组成的集群中,每台服务器都能确认其他服务器的身份,并允许它们进行必要的操作,如数据交换和资源管理。在Oracle集群中,这种互信关系对于保证数据的一致性和高可用性至关重要。在Linux...
linux服务器互信配置
qq_42546635的博客
01-29 3338
在一台服务器配置好authorized_keys文件后,可以直接粘贴到其他服务器同样的位置上。③~/.ssh/authorized_keys目录位置为当前用户的根目录。2.将公钥粘贴进 ~/.ssh/authorized_keys文件中(没有新建即可)②公钥最后的 用户名@主机名 可以改成 ip地址@主机名。在每台服务器上均执行该命令,生成每台服务器每个用户对应的秘钥。②id_rsa.pub:该文件中是公钥。在你想要配置服务器互信的用户下执行以下配置操作。如果登录成功,则表示配置服务器互信成功。
linux服务器互信设置
L丶小先生的博客
03-08 841
linux服务器互信设置
节点之间建立互信
weixin_42925911的博客
05-07 315
⑥将id_rsa.pub发送至其他服务器端(脚本若存在root与gbase用户的免密连接,则可以吧root用户下的id_rsa.pub内容复制到gbase用户下的authorized_keys中)注:该操作只需要执行一次,一路默认回车,系统会在/root/.ssh下生成id_rsa、id_rsa.pub。注:若没有ssh-copy-id命令,可执行yum -y install openssh-clients。AuthorizedKeysFile .ssh/authorized_keys #公钥文件路径。
Linux多节点互信配置
weixin_30328063的博客
11-24 218
SSH互信设置步骤: 1. 每个节点上分别生成自己的公钥和私钥 2. 将各节点的公钥文件汇总到一个总的认证文件authorized_keys中 3. 将这个包含了所有节点公钥的认证文件authorized_keys分发到各个节点中去 4. 验证节点互信 1. 每个节点上分别生成自己的公钥和私钥,并把公钥放到本机的authorized_keys中 rac1: ...
服务器互信设置
weixin_30347335的博客
08-11 379
服务器互信设置 0、服务器为 A、B、C,服务器操作系统为 RHEL 6.7;在 tmn 用户下配置互信。在 root 用户下配置同理,以 root 权限生成 rsa 密钥并发送至相应路径下。 1、用SecureCRT同时登录到 A、B、C。 2、在A服务上执行生成 ssh 密钥的命令 $ ssh-keygen -t rsa PS:一般不输入参数,直接回车(三次)。 3、进入 .ssh 目录,发...
搭建虚拟机开发环境及节点互信.mp4
09-03
搭建虚拟机开发环境及节点互信 共享目录  说明:同步宿主主机文件到虚拟机:  官网文档位置:https://www.vagrantup.com/docs/synced-folders/basic_usage.html  Windows配置用SMB配置共享目录  官网文档位置...
VMware配置节点环境的操作方法
09-29
以上内容详细介绍了使用VMware配置节点环境的操作方法,从选择操作系统到网络配置的每一步,为读者提供了一个系统的操作指南。掌握了这些知识点,用户就能够根据自己的需求,灵活配置并管理VMware环境中的多个...
opc ua服务器添加节点软件.zip
10-20
总之,uaExpert是一个强大的OPC UA客户端工具,它简化了对KEPServerEX6等OPC UA服务器的管理和配置,使得用户能方便地添加和管理服务器节点,以满足工业自动化系统的复杂需求。通过深入理解和熟练使用这款软件,可以...
web服务器配置多个端口(apache和tomcat)
12-23
在 web 服务器配置中,配置多个端口是指在同一台服务器上运行多个 web 服务器,每个服务器监听不同的端口号,以实现不同的服务或项目。在本文中,我们将介绍如何配置 Apache 和 Tomcat 服务器来监听多个端口。 一、...
互信配置
TS_forever007的博客
02-11 563
互信配置以及本机免密的配置
linux服务添加互信,Linux多节点互信配置
weixin_31859277的博客
05-04 543
SSH互信设置步骤:1. 每个节点上分别生成自己的公钥和私钥2. 将各节点的公钥文件汇总到一个总的认证文件authorized_keys中3. 将这个包含了所有节点公钥的认证文件authorized_keys分发到各个节点中去4. 验证节点互信1. 每个节点上分别生成自己的公钥和私钥,并把公钥放到本机的authorized_keys中rac1:su - oraclessh-keygen -t r...
linux ssh互信配置
mamengna的博客
12-16 730
环境: node1:192.168.3.20 node2:192.168.3.21 用到的命令 ssh-keygen:创建公钥和密钥,会生成id_rsa和id_rsa.pub两个文件 ssh-copy-id:把本地的公钥复制到远程主机的authorized_keys文件(不会覆盖文件,是追加到文件末尾),并且会设置远程主机用户目录的.ssh和.ssh/authorized_keys权限 权限为: chmod 700 ~/.ssh chmod 600 ~/.ssh/authorized_...
linux服务添加互信,LINUX服务器互信配置.doc
weixin_34049168的博客
05-04 416
LINUX服务器互信配置Revision Record 修订记录Date日期Revision Version修订版本Sec No.修改章节Change Description修改描述Author作者2015-6-291.0整理提交周锋锋一、SSH互信的原理Master作为客户端,要实现无密码公钥认证,连接到服务器Salve上时,需要在Master上生成一个密钥对,包括一个公钥和一个私钥,而后将公钥...
linux集群间配置互信
我的座右铭
02-29 2268
配置互信在主节点上执行 ssh-keygen -t rsa 一路回车,生成无密码的密钥对。 将公钥添加到认证文件中: cat ~/.ssh/id_rsa.pub >> ~/.ssh/authorized_keys ,并设置authorized_keys的访问权限: chmod 600 ~/.ssh/authorized_keys 。 scp文件到所有datenode节点:scp ~/.ssh/
两台Linux服务器之间配置互信
12-16 675
最近配了个备份,备份在服务器A上,需要将备份的数据通过scp传输到服务器B上进行保留,所以涉及到配置A到B的信任关系。 1. 在A服务器上 [oracle@A yebiao]$ ssh-keygen -t rsa Gene...
Linux 服务器之间互信
zx711166的博客
01-10 2465
Linux 服务器之间互信 修改hosts文件 执行vi /etc/hosts命令打开主机表文件,会看到类似如下的信息。 127.0.0.1 localhost localhost.localdomain localhost4 localhost4.localdomain4 ::1 localhost localhost.localdomain localhost6 loc...
Linux日常运维小结
最新发布
lza20001103的博客
08-14 594
Linux日常运维小结
WebLogic 11g 节点服务器配置与管理
"这篇文档详细介绍了如何在WebLogic Server 11g环境下配置单机版的节点服务器,包括节点管理器和Machine的设置,以及如何通过控制台远程启动和停止服务器。适合对高可用性有需求的WebLogic Server生产环境。" 在...
评论
添加红包

请填写红包祝福语或标题

红包个数最小为10个

红包金额最低5元

当前余额3.43前往充值 >
需支付:10.00
成就一亿技术人!
领取后你会自动成为博主和红包主的粉丝 规则
hope_wisdom
发出的红包

打赏作者

天才小犀牛

你的鼓励将是我创作的最大动力

¥1 ¥2 ¥4 ¥6 ¥10 ¥20
扫码支付:¥1
获取中
扫码支付

您的余额不足,请更换扫码支付或充值

打赏作者

实付
使用余额支付
点击重新获取
扫码支付
钱包余额 0

抵扣说明:

1.余额是钱包充值的虚拟货币,按照1:1的比例进行支付金额的抵扣。
2.余额无法直接购买下载,可以购买VIP、付费专栏及课程。

余额充值