使用 SSH 建立用户等效性。在集群就绪服务 (CRS) 和 RAC 安装过程中,Oracle Universal Installer (OUI) 必须能够以 oracle 的身份将软件复制到所有 RAC 节点,而不提示输入口令。在 Oracle 10g 中,可以使用 ssh 代替 rsh 完成此操作。
要建立用户等效性,请在两个节点上以 oracle 用户身份生成用户的公钥和私钥。打开 rac1 的电源,在这两个节点上执行以下任务。
在 rac1 上执行
rac1-> mkdir ~/.ssh rac1-> chmod 700 ~/.ssh rac1-> ssh-keygen -t rsa Generating public/private rsa key pair. Enter file in which to save the key (/export/home/oracle/.ssh/id_rsa): Enter passphrase (empty for no passphrase): Enter same passphrase again: Your identification has been saved in /export/home/oracle/.ssh/id_rsa. Your public key has been saved in /export/home/oracle/.ssh/id_rsa.pub. The key fingerprint is: 87:54:4f:92:ba:ed:7b:51:5d:1d:59:5b:f9:44:da:b6 oracle@rac1.mycorpdomain.com rac1-> ssh-keygen -t dsa Generating public/private dsa key pair. Enter file in which to save the key (/export/home/oracle/.ssh/id_dsa): Enter passphrase (empty for no passphrase): Enter same passphrase again: Your identification has been saved in /export/home/oracle/.ssh/id_dsa. Your public key has been saved in /export/home/oracle/.ssh/id_dsa.pub. The key fingerprint is: 31:76:96:e6:fc:b7:25:04:fd:70:42:04:1f:fc:9a:26 oracle@rac1.mycorpdomain.com
在 rac2 上执行
rac2-> mkdir ~/.ssh rac2-> chmod 700 ~/.ssh rac2-> ssh-keygen -t rsa Generating public/private rsa key pair. Enter file in which to save the key (/export/home/oracle/.ssh/id_rsa): Enter passphrase (empty for no passphrase): Enter same passphrase again: Your identification has been saved in /export/home/oracle/.ssh/id_rsa. Your public key has been saved in /export/home/oracle/.ssh/id_rsa.pub. The key fingerprint is: 29:5a:35:ac:0a:03:2c:38:22:3c:95:5d:68:aa:56:66 oracle@rac2.mycorpdomain.com rac2-> ssh-keygen -t dsa Generating public/private dsa key pair. Enter file in which to save the key (/export/home/oracle/.ssh/id_dsa): Enter passphrase (empty for no passphrase): Enter same passphrase again: Your identification has been saved in /export/home/oracle/.ssh/id_dsa. Your public key has been saved in /export/home/oracle/.ssh/id_dsa.pub. The key fingerprint is: 4c:b2:5a:8d:56:0f:dc:7b:bc:e0:cd:3b:8e:b9:5c:7c oracle@rac2.mycorpdomain.com在 rac1 上执行
rac1-> cat ~/.ssh/id_rsa.pub >> ~/.ssh/authorized_keys rac1-> cat ~/.ssh/id_dsa.pub >> ~/.ssh/authorized_keys rac1-> ssh rac2 cat ~/.ssh/id_rsa.pub >> ~/.ssh/authorized_keys The authenticity of host 'rac2 (192.168.2.132)' can't be established. RSA key fingerprint is 63:d3:52:d4:4d:e2:cb:ac:8d:4a:66:9f:f1:ab:28:1f. Are you sure you want to continue connecting (yes/no)? yes Warning: Permanently added 'rac2,192.168.2.132' (RSA) to the list of known hosts. oracle@rac2's password: rac1-> ssh rac2 cat ~/.ssh/id_dsa.pub >> ~/.ssh/authorized_keys oracle@rac2's password: rac1-> scp ~/.ssh/authorized_keys rac2:~/.ssh/authorized_keys oracle@rac2's password: authorized_keys 100% 1716 1.7KB/s 00:00
配置rac,到配置节点的等效性。
总结
1.用rsa,dsa加密算法生成成对密码(每个节点都要生成(双向通信))
2.将public可以传给authorized_keys
3.将authorized_keys 复制号每个节点。
遇到的问题
1、当执行ssh rac2 cat ~/.ssh/id_rsa.pub >> ~/.ssh/authorized_keys,提示no route to host(两个节点在同一网段)。后来我用rac2@ip地址的方式,可以联通了,提示输入密码,我输了n+1次 都提示 permission denied ,终于发现rac2@ip出了问题,应该是 用户名@ip,不是主机名@ip
2、文档的配置不用ip,我认为是主机名到ip的映射出了问题,在/etc/hosts的文件里发现ip配错了,改正后,用主机名就可以了。
3将授权文件复制到每个节点后,仍然每次提示要密码,。。。。终于发现了,是。ssh的文件件权限过低,(原来777),后来给为700即可,网上说755也行,没试。