Oracle11g RAC construction in linux (5)
4. Establish trust relationships between hosts (node1 and node2)
Establish trust between oracle and grid users between nodes (create a public key and private key through ssh)
Create in node1 and node2 respectively
===== Oracle user ==============================
For oracle users:
[Root @ node1/] #Su-oracle
[Oracle @ node1 ~] $Mkdir. sshCreate a hidden directory for. ssh
[Oracle @ node1 ~] $Ls-al
Total 44
-Rw-r -- 1 oracle oinstall 33 Jul 12 :05. bash_logout
-Rw-r -- 1 oracle oinstall 438 Jul 12. bash_profile
Drwxr-xr-x 4 oracle oinstall 4096 Jul 1217:05. mozilla
Drwx ------ 2 oracle oinstall 4096 Jul. ssh
-Rw ------- 1 oracle oinstall 657 Jul 12. viminfo
1) generate a key pair (rsa + dsa) (node1, node2) node1 generate the key rsa type
Id_rsa is the private key and is automatically saved under. ssh.
Id_rsa.pub is the public key and is automatically saved to. ssh.
[Oracle @ node1 ~] $Ssh-keygen-t rsa
Generating public/private rsa key pair.
Enter file in which to save the key (/home/oracle/. ssh/id_rsa ):Enter
Enter passphrase (empty for nopassphrase ):Enter
Enter same passphrase again:EnteR
Your identification has been saved in/home/oracle/. ssh/id_rsa.
Your public key has been saved in/home/oracle/. ssh/id_rsa.pub.
The key fingerprint is:
64: a6: 4a: 77: db: 33: a4: aa: 6e: ca: 8f: 5f: 2f: 77: 0f: 40oracle @ node1
Node 1 generation key dsa type
Id_dsa is the private key and is automatically saved under. ssh.
Id_dsa.pub is the public key and is automatically saved to. ssh.
[Oracle @ node1 ~] $Ssh-keygen-t dsa
Generating public/private dsa key pair.
Enter file in which to save the key (/home/oracle/. ssh/id_dsa ):Enter
Enter passphrase (empty for no passphrase ):Enter
Enter same passphrase again:Enter
Your identification has been saved in/home/oracle/. ssh/id_dsa.
Your public key has been saved in/home/oracle/. ssh/id_dsa.pub.
The key fingerprint is:
7c: 41: b5: 0f: 81: 06: ad: 30: 07: 4f: 8b: 1a: 9b: 94: 68: 14oracle @ node1
Node2 generation key rsa type
Id_rsa is the private key and is automatically saved under. ssh.
Id_rsa.pub is the public key and is automatically saved to. ssh.
[Oracle @ node2 asm] #Su-oracle
[Oracle @ node2 ~] $Mkdir. ssh
[Oracle @ node2 ~] $Ssh-keygen-t rsa
Generating public/private rsa key pair.
Enter file in which to save the key (/home/oracle/. ssh/id_rsa ):Enter
Enter passphrase (empty for nopassphrase ):Enter
Enter same passphrase again:Enter
Your identification has been saved in/home/oracle/. ssh/id_rsa.
Your public key has been saved in/home/oracle/. ssh/id_rsa.pub.
The key fingerprint is:
64: a6: 4a: 77: db: 33: a4: aa: 6e: ca: 8f: 5f: 2f: 77: 0f: 40oracle @ node1
Node 2 generation key dsa type
Id_dsa is the private key and is automatically saved under. ssh.
Id_dsa.pub is the public key and is automatically saved to. ssh.
[Oracle @ node2 ~] $Ssh-keygen-tdsa
Generatingpublic/private dsa key pair.
Enter file inwhich to save the key (/home/oracle/. ssh/id_dsa ):Enter
Enter passphrase (empty for no passphrase ):Enter
Enter samepassphrase again:Enter
Youridentification has been saved in/home/oracle/. ssh/id_dsa.
Your public keyhas been saved in/home/oracle/. ssh/id_dsa.pub.
The keyfingerprint is:
7c: 41: b5: 0f: 81: 06: ad: 30: 07: 4f: 8b: 1a: 9b: 94: 68: 14oracle @ node1
2) configure the trust relationship (node1 and node2) to configure trust for node1.
[Oracle @ node1 ~] $Ls. ssh
Id_dsa id_rsa id_dsa.pub id_rsa.pub
// Rsa and dsa are private keys. pub is public keys.
// The file authorized_keys in ssh is used to store public key information.
// Put all rsa and dsa public key files into the authorized_keys File
// The "ssh node2" command indicates logging on to node 2.
// Put both types of public key information in the authorized_keys file of Node 2
[Oracle @ node1 ~] $Cat. ssh/id_rsa.pub>. ssh/authorized_keys
[Oracle @ node1 ~] $Cat. ssh/id_dsa.pub>. ssh/authorized_keys
[Oracle @ node1 ~] $Ssh node2 cat. ssh/id_rsa.pub>. ssh/authorized_keys
Oracle @ node2's password:
[Oracle @ node1 ~] $Ssh node2 cat. ssh/id_dsa.pub>. ssh/authorized_keys
Oracle @ node2's password:Oracle Password
Configure Trust for node2
You can copy authorized_keys (key file) in node1 to node2.
[Oracle @ node1 ~] $Scp. ssh/authorized_keys node2 :~ /. Ssh
Oracle @ node2's password:Oracle Password
3) Verify the trust relationship (node1 and node2) on node1.
[Oracle @ node1 ~] $Ssh node2date
[Oracle @ node1 ~] $Ssh node2-privdate// Verify the private IP Address
[Oracle @ node1 ~] $Ssh node1date
[Oracle @ node1 ~] $Ssh node1-privdate
The procedure is as follows:
[Oracle @ node1 ~] $Ssh node2date
Thu May CST 2013
[Oracle @ node1 ~] $Sshnode2-priv date// If the password is not required, the trust is successful.
The authenticity of host 'node2-priv (10.10.10.2) 'can't be established.
RSA key fingerprint is16: 28: 88: 50: 27: 30: 92: cb: 49: be: 55: 61: f6: c2: a1: 3f.
Are you sure you want to continue connecting (yes/no )?Yes
Warning: Permanently added 'node2-priv, 10.10.10.2 '(RSA) to the list of known hosts.
Thu May, 03 CST 2013
[Oracle @ node1 ~] $Sshnode2-priv date
Thu May CST 2013
[Oracle @ node1 ~] $Ssh node1date
Thu May CST 2013
[Oracle @ node1 ~] $Sshnode1-priv date
The authenticity of host 'node1-priv (10.10.10.1) 'can't be established.
RSA key fingerprint is39: 04: 88: 3b: 54: 34: 3c: 34: d2: df: 74: 37: fe: 5f: 92: 2d.
Are you sure you want to continue connecting (yes/no )?Yes
Warning: Permanently added 'node1-priv, 10.10.10.1 '(RSA) to the list of known hosts.
Thu May am 35 CST 2013
[Oracle @ node1 ~] $Sshnode1-priv date
Thu May CST 2013
Verify trust on node2
[Oracle @ node2 ~] $Ssh node1date
[Oracle @ node2 ~] $Ssh node1-priv date
[Oracle @ node2 ~] $Ssh node2date
[Oracle @ node2 ~] $Ssh node2-priv date
===== Grid user ==============================
The steps are the same as those in oracle. You can refer to the settings in oracle.
Operations under the grid user:
[Root @ node1/] # su-grid
[Grid @ node1 ~] $ Mkdir. ssh creates a hidden. ssh directory.
[Grid @ node1 ~] $ Ls-al
1) generate a key pair (rsa + dsa) (node1, node2) node1 generate the key rsa type
Id_rsa is the private key and is automatically saved under. ssh.
Id_rsa.pub is the public key and is automatically saved to. ssh.
[Grid @ node1 ~] $Ssh-keygen-t rsa
Generating public/private rsa key pair.
Enter file in which to save the key (/home/oracle/. ssh/id_rsa): enter
Enter passphrase (empty for no passphrase): enter
Enter same passphrase again: enter
Your identification has been saved in/home/oracle/. ssh/id_rsa.
Your public key has been saved in/home/oracle/. ssh/id_rsa.pub.
The key fingerprint is:
64: a6: 4a: 77: db: 33: a4: aa: 6e: ca: 8f: 5f: 2f: 77: 0f: 40oracle @ node1
Node 1 generation key dsa type
Id_dsa is the private key and is automatically saved under. ssh.
Id_dsa.pub is the public key and is automatically saved to. ssh.
[Grid @ node1 ~] $Ssh-keygen-t dsa
Generating public/private dsa key pair.
Enter file in which to save the key (/home/oracle/. ssh/id_dsa): enter
Enter passphrase (empty for no passphrase): enter
Enter same passphrase again: enter
Your identification has been saved in/home/oracle/. ssh/id_dsa.
Your public key has been saved in/home/oracle/. ssh/id_dsa.pub.
The key fingerprint is:
7c: 41: b5: 0f: 81: 06: ad: 30: 07: 4f: 8b: 1a: 9b: 94: 68: 14oracle @ node1
Node2 generation key rsa type
Id_rsa is the private key and is automatically saved under. ssh.
Id_rsa.pub is the public key and is automatically saved to. ssh.
[Root @ node2 ~] #Su-grid
[Grid @ node2 ~] $Mkdir. ssh
[Grid @ node2 ~] $Ssh-keygen-t rsa
Generating public/private rsa key pair.
Enter file in which to save the key (/home/oracle/. ssh/id_rsa): enter
Enter passphrase (empty for no passphrase): enter
Enter same passphrase again: enter
Your identification has been saved in/home/oracle/. ssh/id_rsa.
Your public key has been saved in/home/oracle/. ssh/id_rsa.pub.
The key fingerprint is:
64: a6: 4a: 77: db: 33: a4: aa: 6e: ca: 8f: 5f: 2f: 77: 0f: 40oracle @ node1
Node 2 generation key dsa type
Id_dsa is the private key and is automatically saved under. ssh.
Id_dsa.pub is the public key and is automatically saved to. ssh.
[Grid @ node2 ~] $Ssh-keygen-t dsa
Generating public/private dsa key pair.
Enter file in which to save the key (/home/oracle/. ssh/id_dsa): enter
Enter passphrase (empty for no passphrase): enter
Enter same passphrase again: enter
Your identification has been saved in/home/oracle/. ssh/id_dsa.
Your public key has been saved in/home/oracle/. ssh/id_dsa.pub.
The key fingerprint is:
7c: 41: b5: 0f: 81: 06: ad: 30: 07: 4f: 8b: 1a: 9b: 94: 68: 14oracle @ node1
2) configure the trust relationship (node1 and node2) to configure trust for node1.
[Grid @ node1 ~] $Ls. ssh
Id_dsa id_rsa id_dsa.pub id_rsa.pub known_hosts
Rsa and dsa are private keys. pub are public keys.
[Grid @ node1 ~] $Cat. ssh/id_rsa.pub>. ssh/authorized_keys
[Grid @ node1 ~] $Cat. ssh/id_dsa.pub>. ssh/authorized_keys
[Grid @ node1 ~] $Ssh node2 cat. ssh/id_rsa.pub>. ssh/authorized_keys
Grid @ node2's password:
[Grid @ node1 ~] $Ssh node2 cat. ssh/id_dsa.pub>. ssh/authorized_keys
Grid @ node2's password: password of the grid
Configure Trust for node2
You can copy authorized_keys (key file) in node1 to node2.
[Grid @ node1 ~] $Scp. ssh/authorized_keys node2 :~ /. Ssh
Grid @ node2's password: password of the grid
Authorized_keys 100% 1992 2.0KB/s
3) Verify the trust relationship (node1 and node2) on node1.
[Grid @ node1 ~] $Ssh node2date
[Grid @ node1 ~] $Ssh node2-privdate
[Grid @ node1 ~] $Ssh node1date
[Grid @ node1 ~] $Ssh node1-privdate
The procedure is as follows:
[Grid @ node1 ~] $Ssh node2date
Thu May CST 2013
[Grid @ node1 ~] $Sshnode2-priv date // do not enter password as trusted success
The authenticity of host 'node2-priv (10.10.10.2) 'can't be established.
RSA key fingerprint is 16: 28: 88: 50: 27: 30: 92: cb: 49: be: 55: 61: f6: c2: a1: 3f.
Are you sure you want to continue connecting (yes/no )?Yes
Warning: Permanently added 'node2-priv, 10.10.10.2 '(RSA) to the list of known hosts.
Thu May, 03 CST 2013
[Grid @ node1 ~] $Sshnode2-priv date
Thu May CST 2013
[Grid @ node1 ~] $Ssh node1date
Thu May CST 2013
[Grid @ node1 ~] $Sshnode1-priv date
The authenticity of host 'node1-priv (10.10.10.1) 'can't be established.
RSA key fingerprint is39: 04: 88: 3b: 54: 34: 3c: 34: d2: df: 74: 37: fe: 5f: 92: 2d.
Are you sure you want to continue connecting (yes/no )?Yes
Warning: Permanently added 'node1-priv, 10.10.10.1 '(RSA) to the list of known hosts.
Thu May am 35 CST 2013
[Grid @ node1 ~] $Sshnode1-priv date
Thu May CST 2013
Verify trust on node2
[Grid @ node2 ~] $Ssh node1date
[Grid @ node2 ~] $Ssh node1-priv date
[Grid @ node2 ~] $Ssh node2date
[Grid @ node2 ~] $Ssh node2-priv date
Statement:
Original works, from "Deep Blue blog" blog, allow reprint, reprint please be sure to indicate the source (http://blog.csdn.net/huangyanlong ).
The author has the right to pursue legal liability for copyright issues.
********** ****************************