Oracle 11g R2 RAC SSH two node mutual trust peer configuration Permission denied (Publickey,gssapi-with-mic,password)

Source: Internet
Author: User

Issue: When installing the Oracle 11g R2 RAC Grid, configure the two-node SSH trusted peer configuration to be unsuccessful, with the following error message:

------------------------------------------------------------------------

Verifying SSH connectivity have been setup from Rac1 to Rac1

------------------------------------------------------------------------

If you see any other output besides the output of the DATE COMMAND OR IF prompted for A PASSWORD here, IT MEANS SS H SETUP has not BEEN successful.

[email protected] ' s password:

Permission denied, please try again.

Permission denied, please try again.

Permission denied (Publickey,gssapi-with-mic,password).

------------------------------------------------------------------------


The following script is used when configuring SSH peering:

./sshusersetup.sh-user grid-hosts "Rac1 rac2"-advanced-exverify-confirm-nopromptpassphrase


The environment for the Oracle Linux 5.5,RAC two node host name is: Rac1 RAC2.

The original configuration/etc/ssh/sshd_config file is:

# This sshd is compiled with Path=/usr/local/bin:/bin:/usr/bin


# The strategy used for options on the default sshd_config shipped with

# OpenSSH is to specify options with their default value where

# possible, but leave them commented. uncommented Options Change A

# default value.


#Port 22

#Protocol 2,1

Protocol 2

#AddressFamily any

#ListenAddress 0.0.0.0

#ListenAddress::


# Hostkey for protocol version 1

#HostKey/etc/ssh/ssh_host_key

# Hostkeys for protocol version 2

#HostKey/etc/ssh/ssh_host_rsa_key

#HostKey/etc/ssh/ssh_host_dsa_key


# Lifetime and size of ephemeral version 1 server key

#KeyRegenerationInterval 1h

#ServerKeyBits 768


# Logging

# obsoletes Quietmode and Fascistlogging

#SyslogFacility AUTH

Syslogfacility Authpriv

#LogLevel INFO


# Authentication:


#LoginGraceTime 2m

#PermitRootLogin Yes

#StrictModes Yes

#MaxAuthTries 6


#RSAAuthentication Yes

#PubkeyAuthentication Yes

#AuthorizedKeysFile. Ssh/authorized_keys


Also need host keys in/etc/ssh/ssh_known_hosts

#RhostsRSAAuthentication No

# Similar for protocol version 2

#HostbasedAuthentication No

# change-to-yes if you don ' t trust ~/.ssh/known_hosts for

# Rhostsrsaauthentication and Hostbasedauthentication

#IgnoreUserKnownHosts No

# Don ' t read the user ' s ~/.rhosts and ~/.shosts files

#IgnoreRhosts Yes

# To disable tunneled clear text passwords, change to No here!

#PasswordAuthentication Yes

#PermitEmptyPasswords No

Passwordauthentication Yes


# Change to No to disable S/key passwords

#ChallengeResponseAuthentication Yes

Challengeresponseauthentication No


# Kerberos Options

#KerberosAuthentication No

#KerberosOrLocalPasswd Yes

#KerberosTicketCleanup Yes

#KerberosGetAFSToken No


# GSSAPI Options

#GSSAPIAuthentication No

Gssapiauthentication Yes

#GSSAPICleanupCredentials Yes

Gssapicleanupcredentials Yes


# Set this to ' yes ' to enable PAM authentication, account processing,

# and session processing. If This is enabled, PAM authentication would

# be allowed through the challengeresponseauthentication mechanism.

# Depending on your PAM configuration, this may bypass the setting of

# passwordauthentication, Permitemptypasswords, and

# "Permitrootlogin Without-password". If you just want the PAM account and

# session checks to run without PAM authentication and then enable this but set

# Challengeresponseauthentication=no

#UsePAM No

Usepam Yes

Solution:

Based on the error "Permission denied (Publickey,gssapi-with-mic,password)."

Then open the/etc/ssh/sshd_config configuration file, modify the above red configuration

#RSAAuthentication Yes

Pubkeyauthentication Yes

Authorizedkeysfile. Ssh/authorized_keys

Enable PublicKey authentication, and you must ensure that passwordauthentication Yes must be in the state.

Restart the SSH service

Service sshd Restart

And then run the script,

./sshusersetup.sh-user grid-hosts "Rac1 rac2"-advanced-exverify-confirm-nopromptpassphrase

SSH Peer Trust configuration succeeded

This article from "Proud Snow Star scar" blog, declined reprint!

Oracle 11g R2 RAC SSH two node mutual trust peer configuration Permission denied (Publickey,gssapi-with-mic,password)

Related Article

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.