linux下Oracle11g RAC搭建(五)
建立節點之間oracle 、grid 使用者之間的信任(通過ssh 建立公開金鑰和私密金鑰)
分別在node1和node2建立
=====Oracle使用者=========================在oracle使用者下操作:
[root@node1 /]# su - oracle
[oracle@node1 ~]$ mkdir .ssh 建立一個.ssh的隱藏目錄
[oracle@node1 ~]$ ls -al
total 44
-rw-r--r-- 1 oracle oinstall 33 Jul 12 17:05 .bash_logout
-rw-r--r-- 1 oracle oinstall 438 Jul 12 18:03 .bash_profile
drwxr-xr-x 4 oracle oinstall 4096 Jul 1217:05 .mozilla
drwx------ 2 oracle oinstall 4096 Jul 1218:05 .ssh
-rw------- 1 oracle oinstall 657 Jul 12 18:03 .viminfo
1)產生金鑰組(rsa+dsa)(node1、node2) node1產生密鑰rsa類型
id_rsa為私密金鑰,自動儲存到.ssh下
id_rsa.pub為公開金鑰,自動儲存到.ssh下
[oracle@node1 ~]$ ssh-keygen -t rsa
Generating public/private rsa key pair.
Enter file in which to save the key(/home/oracle/.ssh/id_rsa): enter
Enter passphrase (empty for nopassphrase): enter
Enter same passphrase again: enter
Your identification has been saved in/home/oracle/.ssh/id_rsa.
Your public key has been saved in/home/oracle/.ssh/id_rsa.pub.
The key fingerprint is:
64:a6:4a:77:db:33:a4:aa:6e:ca:8f:5f:2f:77:0f:40oracle@node1
node1產生密鑰dsa類型id_dsa為私密金鑰,自動儲存到.ssh下
id_dsa.pub為公開金鑰,自動儲存到.ssh下
[oracle@node1 ~]$ ssh-keygen -t dsa
Generating public/private dsa key pair.
Enter file in which to save the key(/home/oracle/.ssh/id_dsa): enter
Enter passphrase (empty for no passphrase):enter
Enter same passphrase again: enter
Your identification has been saved in/home/oracle/.ssh/id_dsa.
Your public key has been saved in/home/oracle/.ssh/id_dsa.pub.
The key fingerprint is:
7c:41:b5:0f:81:06:ad:30:07:4f:8b:1a:9b:94:68:14oracle@node1
node2產生密鑰rsa類型id_rsa為私密金鑰,自動儲存到.ssh下
id_rsa.pub為公開金鑰,自動儲存到.ssh下
[oracle@node2 asm]# su - oracle
[oracle@node2 ~]$ mkdir .ssh
[oracle@node2 ~]$ ssh-keygen -t rsa
Generating public/private rsa key pair.
Enter file in which to save the key(/home/oracle/.ssh/id_rsa): enter
Enter passphrase (empty for nopassphrase): enter
Enter same passphrase again: enter
Your identification has been saved in/home/oracle/.ssh/id_rsa.
Your public key has been saved in/home/oracle/.ssh/id_rsa.pub.
The key fingerprint is:
64:a6:4a:77:db:33:a4:aa:6e:ca:8f:5f:2f:77:0f:40oracle@node1
node2產生密鑰dsa類型id_dsa為私密金鑰,自動儲存到.ssh下
id_dsa.pub為公開金鑰,自動儲存到.ssh下
[oracle@node2 ~]$ ssh-keygen -tdsa
Generatingpublic/private dsa key pair.
Enter file inwhich to save the key (/home/oracle/.ssh/id_dsa): enter
Enter passphrase(empty for no passphrase): enter
Enter samepassphrase again: enter
Youridentification has been saved in /home/oracle/.ssh/id_dsa.
Your public keyhas been saved in /home/oracle/.ssh/id_dsa.pub.
The keyfingerprint is:
7c:41:b5:0f:81:06:ad:30:07:4f:8b:1a:9b:94:68:14oracle@node1
2)配置信任關係(node1、node2)為node1配置信任
[oracle@node1 ~]$ ls .ssh
id_dsa id_rsa id_dsa.pub id_rsa.pub
//rsa和dsa為私密金鑰 .pub的為公開金鑰
//ssh下檔案authorized_keys是專門儲存公開金鑰資訊的
//把rsa、dsa類型的公開金鑰檔案都放入到authorized_keys檔案裡
// “ssh node2”命令代表登陸到節點2下操作
//把兩種類型的公開金鑰資訊都放到節點2的authorized_keys檔案裡
[oracle@node1 ~]$ cat.ssh/id_rsa.pub >>.ssh/authorized_keys
[oracle@node1 ~]$ cat.ssh/id_dsa.pub >>.ssh/authorized_keys
[oracle@node1 ~]$ ssh node2 cat .ssh/id_rsa.pub>>.ssh/authorized_keys
oracle@node2's password:
[oracle@node1 ~]$ ssh node2 cat .ssh/id_dsa.pub>>.ssh/authorized_keys
oracle@node2's password: oracle的密碼
為node2配置信任可以把node1中的authorized_keys(密鑰檔案)複製到node2中
[oracle@node1 ~]$ scp.ssh/authorized_keys node2:~/.ssh
oracle@node2's password: oracle的密碼
[oracle@node1 ~]$ ssh node2date
[oracle@node1 ~]$ ssh node2-privdate //私人ip地址驗證
[oracle@node1 ~]$ ssh node1date
[oracle@node1 ~]$ ssh node1-privdate
詳細操作如下:
[oracle@node1 ~]$ ssh node2date
Thu May 214:46:30 CST 2013
[oracle@node1 ~]$ sshnode2-priv date //不要求輸入密碼代表信任成功
The authenticity of host 'node2-priv (10.10.10.2)'can't be established.
RSA key fingerprint is16:28:88:50:27:30:92:cb:49:be:55:61:f6:c2:a1:3f.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added 'node2-priv,10.10.10.2'(RSA) to the list of known hosts.
Thu May 214:47:03 CST 2013
[oracle@node1 ~]$ sshnode2-priv date
Thu May 214:47:05 CST 2013
[oracle@node1 ~]$ ssh node1date
Thu May 214:48:19 CST 2013
[oracle@node1 ~]$ sshnode1-priv date
The authenticity of host 'node1-priv (10.10.10.1)'can't be established.
RSA key fingerprint is39:04:88:3b:54:34:3c:34:d2:df:74:37:fe:5f:92:2d.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added 'node1-priv,10.10.10.1'(RSA) to the list of known hosts.
Thu May 214:48:35 CST 2013
[oracle@node1 ~]$ sshnode1-priv date
Thu May 214:48:36 CST 2013
node2上驗證信任
[oracle@node2 ~]$ ssh node1date
[oracle@node2~]$ ssh node1-priv date
[oracle@node2 ~]$ ssh node2date
[oracle@node2~]$ ssh node2-priv date
=====Grid 使用者==========================步驟同oracle 一樣,可參考oracle使用者下設定
在grid使用者下操作:
[root@node1 /]# su– grid
[grid@node1 ~]$mkdir .ssh 建立一個.ssh的隱藏目錄
[grid@node1 ~]$ ls-al
1)產生金鑰組(rsa+dsa)(node1、node2) node1產生密鑰rsa類型
id_rsa為私密金鑰,自動儲存到.ssh下
id_rsa.pub為公開金鑰,自動儲存到.ssh下
[grid@node1 ~]$ ssh-keygen-t rsa
Generating public/private rsa key pair.
Enter file in which to save the key(/home/oracle/.ssh/id_rsa): enter
Enter passphrase (empty for no passphrase): enter
Enter same passphrase again: enter
Your identification has been saved in/home/oracle/.ssh/id_rsa.
Your public key has been saved in/home/oracle/.ssh/id_rsa.pub.
The key fingerprint is:
64:a6:4a:77:db:33:a4:aa:6e:ca:8f:5f:2f:77:0f:40oracle@node1
node1產生密鑰dsa類型id_dsa為私密金鑰,自動儲存到.ssh下
id_dsa.pub為公開金鑰,自動儲存到.ssh下
[grid@node1 ~]$ ssh-keygen-t dsa
Generating public/private dsa key pair.
Enter file in which to save the key(/home/oracle/.ssh/id_dsa): enter
Enter passphrase (empty for no passphrase): enter
Enter same passphrase again: enter
Your identification has been saved in/home/oracle/.ssh/id_dsa.
Your public key has been saved in/home/oracle/.ssh/id_dsa.pub.
The key fingerprint is:
7c:41:b5:0f:81:06:ad:30:07:4f:8b:1a:9b:94:68:14oracle@node1
node2產生密鑰rsa類型id_rsa為私密金鑰,自動儲存到.ssh下
id_rsa.pub為公開金鑰,自動儲存到.ssh下
[root@node2 ~]# su – grid
[grid@node2 ~]$ mkdir .ssh
[grid@node2 ~]$ ssh-keygen-t rsa
Generating public/private rsa key pair.
Enter file in which to save the key(/home/oracle/.ssh/id_rsa): enter
Enter passphrase (empty for no passphrase): enter
Enter same passphrase again: enter
Your identification has been saved in/home/oracle/.ssh/id_rsa.
Your public key has been saved in/home/oracle/.ssh/id_rsa.pub.
The key fingerprint is:
64:a6:4a:77:db:33:a4:aa:6e:ca:8f:5f:2f:77:0f:40oracle@node1
node2產生密鑰dsa類型id_dsa為私密金鑰,自動儲存到.ssh下
id_dsa.pub為公開金鑰,自動儲存到.ssh下
[grid@node2 ~]$ ssh-keygen -t dsa
Generating public/private dsa key pair.
Enter file in which to save the key(/home/oracle/.ssh/id_dsa): enter
Enter passphrase (empty for no passphrase): enter
Enter same passphrase again: enter
Your identification has been saved in/home/oracle/.ssh/id_dsa.
Your public key has been saved in/home/oracle/.ssh/id_dsa.pub.
The key fingerprint is:
7c:41:b5:0f:81:06:ad:30:07:4f:8b:1a:9b:94:68:14oracle@node1
2)配置信任關係(node1、node2)為node1配置信任
[grid@node1 ~]$ ls .ssh
id_dsa id_rsa id_dsa.pub id_rsa.pub known_hosts
rsa和dsa為私密金鑰 .pub的為公開金鑰
[grid@node1 ~]$ cat.ssh/id_rsa.pub >>.ssh/authorized_keys
[grid@node1 ~]$ cat.ssh/id_dsa.pub >>.ssh/authorized_keys
[grid@node1 ~]$ ssh node2 cat .ssh/id_rsa.pub>>.ssh/authorized_keys
grid@node2's password:
[grid@node1 ~]$ ssh node2 cat .ssh/id_dsa.pub >>.ssh/authorized_keys
grid@node2's password: grid的密碼
為node2配置信任可以把node1中的authorized_keys(密鑰檔案)複製到node2中
[grid@node1 ~]$ scp.ssh/authorized_keys node2:~/.ssh
grid@node2's password: grid的密碼
authorized_keys 100% 1992 2.0KB/s 00:00
3)驗證信任關係(node1、node2)node1上驗證信任
[grid@node1 ~]$ ssh node2date
[grid@node1 ~]$ ssh node2-privdate
[grid@node1 ~]$ ssh node1date
[grid@node1 ~]$ ssh node1-privdate
詳細操作如下:
[grid@node1 ~]$ ssh node2date
Thu May 214:46:30 CST 2013
[grid@node1 ~]$ sshnode2-priv date //不要輸入密碼為信任成功
The authenticity of host 'node2-priv (10.10.10.2)'can't be established.
RSA key fingerprint is 16:28:88:50:27:30:92:cb:49:be:55:61:f6:c2:a1:3f.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added 'node2-priv,10.10.10.2'(RSA) to the list of known hosts.
Thu May 214:47:03 CST 2013
[grid@node1 ~]$ sshnode2-priv date
Thu May 214:47:05 CST 2013
[grid@node1 ~]$ ssh node1date
Thu May 214:48:19 CST 2013
[grid@node1 ~]$ sshnode1-priv date
The authenticity of host 'node1-priv (10.10.10.1)'can't be established.
RSA key fingerprint is39:04:88:3b:54:34:3c:34:d2:df:74:37:fe:5f:92:2d.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added 'node1-priv,10.10.10.1'(RSA) to the list of known hosts.
Thu May 214:48:35 CST 2013
[grid@node1 ~]$ sshnode1-priv date
Thu May 214:48:36 CST 2013
node2上驗證信任
[grid@node2 ~]$ ssh node1date
[grid@node2~]$ ssh node1-priv date
[grid@node2 ~]$ ssh node2date
[grid@node2~]$ ssh node2-priv date
聲明:
原創作品,出自 “深藍的blog” 部落格,允許轉載,轉載時請務必註明出處(http://blog.csdn.net/huangyanlong)。
關於涉及著作權事宜,作者有權追究法律責任。
************************** 未完待續 敬請關注 **************************************
Start building with 50+ products and up to 12 months usage for Elastic Compute Service
1 on 1 presale consultation
24/7 Technical Support 6 Free Tickets per Quarter Faster Response
Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.
A comprehensive suite of global cloud computing services to power your business
Payment Methods We Support
