注:必须要注意的是,2个节点上的用户名、用户ID、组名、组ID必须相同。
(2)配置用户等价性
在每个节点上创建 RSA 和DSA 密钥
以oracle 用户登录
[root@rac01 ~]# su - oracle
在oracle 用户的主目录内创建.ssh 目录并设置正确的权限
[oracle@rac01 ~]$ mkdir ~/.ssh
[oracle@rac01 ~]$ chmod 700 ~/.ssh
进入.ssh目录,使用ssh-keygen命令创建密钥对,出现提示时直接回车,不设密码:
[oracle@rac01 ~]$ cd ~/.ssh
[oracle@rac01 .ssh]$ ssh-keygen -t rsa
Generating public/private rsa key pair.
Enter file in which to save the key (/home/oracle/.ssh/id_rsa):
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /home/oracle/.ssh/id_rsa.
Your public key has been saved in /home/oracle/.ssh/id_rsa.pub.
The key fingerprint is:
4b:16:72:17:e8:2e:1d:e5:9f:b9:c9:dd:f0:78:02:f3 oracle@rac01
使用ssh-keygen 命令生成第2 版本的SSH 协议的DSA 密钥,方法同(3)
[oracle@rac01 .ssh]$ ssh-keygen -t dsa
Generating public/private dsa key pair.
Enter file in which to save the key (/home/oracle/.ssh/id_dsa):
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /home/oracle/.ssh/id_dsa.
Your public key has been saved in /home/oracle/.ssh/id_dsa.pub.
The key fingerprint is:
b8:64:36:53:87:ee:69:45:d2:4e:16:a3:65:60:5a:f2 oracle@rac01
以上步骤在rac02上执行一遍
将rac01公共密钥文件添加到信认文件(authorized_keys)中,如下:
[oracle@rac01 .ssh]$ cat id_dsa.pub >>authorized_keys
[oracle@rac01 .ssh]$ cat id_rsa.pub >>authorized_keys
将rac01主机上的authorized_keys复制到rac02上,如下:
[oracle@rac01 .ssh]$ scp authorized_keys rac02:/home/oracle/.ssh/
再将rac02中的公钥文件内容放在这个文件中:
[oracle@rac02 .ssh]$ cat id_dsa.pub >>authorized_keys
[oracle@rac02 .ssh]$ cat id_rsa.pub >>authorized_keys
此时的authorized_keys文件中包含了rac1,rac2所有节点上的公钥文件的内容:还需要将这个文件再复制到rac1上(需要先删除rac1上的已有的authorized_keys文件,覆盖不了),如下:[oracle@rac01 .ssh]$ rm authorized_keys
[oracle@rac01 .ssh]$ ssh rac02
[oracle@rac02 ~]$ cd ~/.ssh