How to configure SSH mutual trust

Source: Internet
Author: User
Tags chmod mkdir ssh

When installing RAC RAC, you first configure SSH mutual trust, and here's how to configure SSH mutual trust in detail.

Assuming there are currently two machines, respectively, OCM1 and ocm2, we are prepared to configure SSH mutual trust on both machines:

First of all, we understand the configuration of the principle of SSH mutual trust, SSH Mutual trust, plainly, is in the target machine, pre-set a certified key file, when the need to access the target machine, the target machine through the key file, the visitor automatic authentication, thereby achieving mutual trust.

Understanding the principle of SSH mutual trust, we have to configure the SSH mutual trust steps, effective segmentation:

1. First, on the machine to configure mutual trust, generate their own certified key files;

2. Secondly, all the key files are summarized into a general certification file;

3. This includes all the trust machine authentication key document, distribute to each machine;

4. Verification of mutual trust;

After the theoretical decomposition, the steps become very clear, following this step, to do the actual operation:

1. Generate the authentication file on two machines, here is the detail, is SSH mutual trust authentication file, need to put in the user's home directory under the. SSH directory, so we need to first create this directory, and ensure that the directory permissions are 755

[Rac@ocm1 ~]$ mkdir. SSH

[RAC@OCM1 ~]$ chmod 755. SSH

[RAC@OCM1 ~]$/usr/bin/ssh-keygen-t RSA

[Rac@ocm1 ~]$/usr/bin/ssh-keygen-t DSA

[rac@ocm2 ~]$ mkdir. SSH

[rac@ocm2 ~]$ chmod 755. SSH

[Rac@ocm2 ~]$/usr/bin/ssh-keygen-t RSA

[Rac@ocm2 ~]$/usr/bin/ssh-keygen-t DSA

2. Summary all key files into a general certification file:

[Rac@ocm1 ~]$ cat ~/.ssh/id_rsa.pub >> ~/.ssh/authorized_keys

[Rac@ocm1 ~]$ cat ~/.ssh/id_dsa.pub >> ~/.ssh/authorized_keys

[Rac@ocm1 ~]$ ssh rac@ocm2 cat ~/.ssh/id_rsa.pub >> ~/.ssh/authorized_keys

[Rac@ocm1 ~]$ ssh rac@ocm2 cat ~/.ssh/id_dsa.pub >> ~/.ssh/authorized_keys

3. After 1, 22 steps, the current OCM1 on the existence of a complete certification key file, at this time, she was handcuffed to the ocm2 host of the corresponding directory

[rac@ocm2 ~]$ rcp ~/.ssh/authorized_keys ocm2:~/.ssh/authorized_keys

4. When you are done, connect with each other with ssh command to see if the configuration is successful.

So what about 3 nodes? In fact, as above, the authentication information of 3 nodes is written into a file and distributed to each node.

See more highlights of this column: http://www.bianceng.cnhttp://www.bianceng.cn/database/Oracle/

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.