How to configure SSH mutual trust

When installing RAC RAC, you first configure SSH mutual trust, and here's how to configure SSH mutual trust in detail.

Assuming there are currently two machines, respectively, OCM1 and ocm2, we are prepared to configure SSH mutual trust on both machines:

First of all, we understand the configuration of the principle of SSH mutual trust, SSH Mutual trust, plainly, is in the target machine, pre-set a certified key file, when the need to access the target machine, the target machine through the key file, the visitor automatic authentication, thereby achieving mutual trust.

Understanding the principle of SSH mutual trust, we have to configure the SSH mutual trust steps, effective segmentation:

1. First, on the machine to configure mutual trust, generate their own certified key files;

2. Secondly, all the key files are summarized into a general certification file;

3. This includes all the trust machine authentication key document, distribute to each machine;

4. Verification of mutual trust;

After the theoretical decomposition, the steps become very clear, following this step, to do the actual operation:

1. Generate the authentication file on two machines, here is the detail, is SSH mutual trust authentication file, need to put in the user's home directory under the. SSH directory, so we need to first create this directory, and ensure that the directory permissions are 755

[Rac@ocm1 ~]$ mkdir. SSH

[RAC@OCM1 ~]$ chmod 755. SSH

[RAC@OCM1 ~]$/usr/bin/ssh-keygen-t RSA

[Rac@ocm1 ~]$/usr/bin/ssh-keygen-t DSA

[rac@ocm2 ~]$ mkdir. SSH

[rac@ocm2 ~]$ chmod 755. SSH

[Rac@ocm2 ~]$/usr/bin/ssh-keygen-t RSA

[Rac@ocm2 ~]$/usr/bin/ssh-keygen-t DSA

2. Summary all key files into a general certification file:

[Rac@ocm1 ~]$ cat ~/.ssh/id_rsa.pub >> ~/.ssh/authorized_keys

[Rac@ocm1 ~]$ cat ~/.ssh/id_dsa.pub >> ~/.ssh/authorized_keys

[Rac@ocm1 ~]$ ssh rac@ocm2 cat ~/.ssh/id_rsa.pub >> ~/.ssh/authorized_keys

[Rac@ocm1 ~]$ ssh rac@ocm2 cat ~/.ssh/id_dsa.pub >> ~/.ssh/authorized_keys

3. After 1, 22 steps, the current OCM1 on the existence of a complete certification key file, at this time, she was handcuffed to the ocm2 host of the corresponding directory

[rac@ocm2 ~]$ rcp ~/.ssh/authorized_keys ocm2:~/.ssh/authorized_keys

4. When you are done, connect with each other with ssh command to see if the configuration is successful.

So what about 3 nodes? In fact, as above, the authentication information of 3 nodes is written into a file and distributed to each node.

See more highlights of this column: http://www.bianceng.cnhttp://www.bianceng.cn/database/Oracle/