Saturday, September 23, 2017

Manually Configuration of passwordless SSH connectivity on ALL nodes of RAC

>> Create SSH Directory, and Create SSH Keys On Each Node

Complete the following steps on each node:
1. Log in as the software owner (in this example, the grid user).
$ id
uid=502(grid) gid=501(oinstall) groups=501(oinstall),502(grid,asmadmin,asmdba)
$ id grid
uid=502(grid) gid=501(oinstall) groups=501(oinstall),502(grid,asmadmin,asmdba)

3. If necessary, create the .ssh directory in the grid user's home directory, and set permissions on it to ensure that only the oracle user has read and write permissions:
$ mkdir ~/.ssh
$ chmod 700 ~/.ssh
Note: SSH configuration will fail if the permissions are not set to 700.

4. Enter the following command:
$ /usr/bin/ssh-keygen -t dsa
At the prompts, accept the default location for the key file (press Enter).

Note: SSH with passphrase is not supported for Oracle Clusterware 11g release 2 and later releases. So  press enter.
This command writes the DSA public key to the ~/.ssh/id_dsa.pub file and the private key to the ~/.ssh/id_dsa file.

5. Repeat steps 1 through 3 on each node that you intend to make a member of the cluster, using the DSA key.


>>Add All Keys to a Common authorized_keys File
Complete the following steps:
1. user  is grid. Add the DSA key to the authorized_keys file using the following commands:

[grid@host01 ~]$ cd ~/.ssh
[grid@host01 .ssh]$
[grid@host01 .ssh]$ cat id_dsa.pub >> authorized_keys
[grid@host01 .ssh]$ ls -ltr
total 16
-rw-r--r-- 1 grid oinstall 601 Sep 23 13:07 id_dsa.pub
-rw------- 1 grid oinstall 672 Sep 23 13:07 id_dsa
-rw-r--r-- 1 grid oinstall 400 Sep 23 13:07 known_hosts
-rw-r--r-- 1 grid oinstall 601 Sep 23 13:12 authorized_keys
[grid@host01 .ssh]$
[grid@host01 .ssh]$
[grid@host01 .ssh]$ scp authorized_keys host02:/home/grid/.ssh/
grid@host02's password:
authorized_keys                                                                                                                                                                                            100%  601     0.6KB/s   00:00 
[grid@host01 .ssh]$ scp authorized_keys host03:/home/grid/.ssh/
The authenticity of host 'host03 (192.0.2.103)' can't be established.
RSA key fingerprint is e8:aa:00:2c:2e:5c:e4:d8:fe:fd:9b:3f:8c:8b:d4:0b.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added 'host03,192.0.2.103' (RSA) to the list of known hosts.
grid@host03's password:
authorized_keys                                                                                                                                                                                            100%  601     0.6KB/s   00:00 
[grid@host01 .ssh]$

** repeat this work [Add All Keys to a Common authorized_keys File] for  host02 and host03

>> Enabling SSH User Equivalency on Cluster Nodes
[grid@nodename]$ ssh host01 date
[grid@nodename]$ ssh host022 date


Implementation
================
[grid@host01 ~]$
[grid@host01 ~]$ id
uid=54322(grid) gid=54321(oinstall) groups=54321(oinstall),54327(asmdba),54328(asmoper),54329(asmadmin)
[grid@host01 ~]$
[grid@host01 ~]$
[grid@host01 ~]$ rm -rf ~/.ssh
[grid@host01 ~]$
[grid@host01 ~]$ mkdir ~/.ssh
[grid@host01 ~]$ chmod 700 ~/.ssh
[grid@host01 ~]$
[grid@host01 ~]$ /usr/bin/ssh-keygen -t dsa
Generating public/private dsa key pair.
Enter file in which to save the key (/home/grid/.ssh/id_dsa):
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /home/grid/.ssh/id_dsa.
Your public key has been saved in /home/grid/.ssh/id_dsa.pub.
The key fingerprint is:
ae:ab:0e:7d:ad:11:cf:3d:74:59:95:3d:6e:95:6a:67 grid@host01
The key's randomart image is:
+--[ DSA 1024]----+
|                =|
|               =o|
|              + o|
|             = E |
|      . S . + +  |
|   .   * o .     |
|  . . o = o      |
|   . . +   .     |
|   .o.+.         |
+-----------------+
[grid@host01 ~]$
[grid@host01 ~]$ ssh grid@host02
The authenticity of host 'host02 (192.0.2.102)' can't be established.
RSA key fingerprint is e8:aa:00:2c:2e:5c:e4:d8:fe:fd:9b:3f:8c:8b:d4:0b.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added 'host02,192.0.2.102' (RSA) to the list of known hosts.
grid@host02's password:
[grid@host02 ~]$
[grid@host02 ~]$
[grid@host02 ~]$ rm -rf ~./ssh
[grid@host02 ~]$ rm -rf ~/.ssh
[grid@host02 ~]$ mkdir ~/.ssh
[grid@host02 ~]$ chmod 700 ~/.ssh
[grid@host02 ~]$
[grid@host02 ~]$ /usr/bin/ssh-keygen -t dsa
Generating public/private dsa key pair.
Enter file in which to save the key (/home/grid/.ssh/id_dsa):
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /home/grid/.ssh/id_dsa.
Your public key has been saved in /home/grid/.ssh/id_dsa.pub.
The key fingerprint is:
f8:3d:73:d8:96:65:4c:29:30:c5:66:35:a5:1d:4a:6e grid@host02
The key's randomart image is:
+--[ DSA 1024]----+
|          oo.ooo.|
|           o* .=.|
|           o.E+ .|
|       .    .+   |
|      . S     +  |
|       . . o +   |
|        . = =    |
|           =     |
|                 |
+-----------------+
[grid@host02 ~]$
[grid@host02 ~]$
[grid@host02 ~]$
[grid@host02 ~]$ ssh grid@host03
The authenticity of host 'host03 (192.0.2.103)' can't be established.
RSA key fingerprint is e8:aa:00:2c:2e:5c:e4:d8:fe:fd:9b:3f:8c:8b:d4:0b.
Are you sure you want to continue connecting (yes/no)? y
Please type 'yes' or 'no': yes
Warning: Permanently added 'host03,192.0.2.103' (RSA) to the list of known hosts.
grid@host03's password:
[grid@host03 ~]$
[grid@host03 ~]$
[grid@host03 ~]$ rm -rf ~/.ssh
[grid@host03 ~]$
[grid@host03 ~]$ mkdir ~/.ssh
[grid@host03 ~]$ chmod 700 ~/.ssh
[grid@host03 ~]$
[grid@host03 ~]$
[grid@host03 ~]$ /usr/bin/ssh-keygen -t dsa
Generating public/private dsa key pair.
Enter file in which to save the key (/home/grid/.ssh/id_dsa):
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /home/grid/.ssh/id_dsa.
Your public key has been saved in /home/grid/.ssh/id_dsa.pub.
The key fingerprint is:
bd:91:2c:57:93:b9:9f:22:bc:23:7a:9b:e7:fb:07:71 grid@host03
The key's randomart image is:
+--[ DSA 1024]----+
|                 |
|             o   |
|            =    |
|         o o.oE  |
|        S * .o   |
|         + o.. . |
|          + ..o  |
|        o.oo ..  |
|      .oo=++..   |
+-----------------+
[grid@host03 ~]$
[grid@host03 ~]$
[grid@host03 ~]$
[grid@host03 ~]$ logout
Connection to host03 closed.
[grid@host02 ~]$ logout
Connection to host02 closed.
[grid@host01 ~]$
[grid@host01 ~]$
[grid@host01 ~]$ cd ~/.ssh
[grid@host01 .ssh]$
[grid@host01 .ssh]$ cat id_dsa.pub >> authorized_keys
[grid@host01 .ssh]$ ls -ltr
total 16
-rw-r--r-- 1 grid oinstall 601 Sep 23 13:07 id_dsa.pub
-rw------- 1 grid oinstall 672 Sep 23 13:07 id_dsa
-rw-r--r-- 1 grid oinstall 400 Sep 23 13:07 known_hosts
-rw-r--r-- 1 grid oinstall 601 Sep 23 13:12 authorized_keys
[grid@host01 .ssh]$
[grid@host01 .ssh]$
[grid@host01 .ssh]$ scp authorized_keys host02:/home/grid/.ssh/
grid@host02's password:
authorized_keys                                                                                                                                                                                            100%  601     0.6KB/s   00:00 
[grid@host01 .ssh]$ scp authorized_keys host03:/home/grid/.ssh/
The authenticity of host 'host03 (192.0.2.103)' can't be established.
RSA key fingerprint is e8:aa:00:2c:2e:5c:e4:d8:fe:fd:9b:3f:8c:8b:d4:0b.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added 'host03,192.0.2.103' (RSA) to the list of known hosts.
grid@host03's password:
authorized_keys                                                                                                                                                                                            100%  601     0.6KB/s   00:00 
[grid@host01 .ssh]$
[grid@host01 .ssh]$
[grid@host01 .ssh]$ ssh grid@host02
[grid@host02 ~]$
[grid@host02 ~]$
[grid@host02 ~]$ cd /home/grid/.ssh
[grid@host02 .ssh]$
[grid@host02 .ssh]$ cat id_dsa.pub >> authorized_keys
[grid@host02 .ssh]$
[grid@host02 .ssh]$ ll
total 16
-rw-r--r-- 1 grid oinstall 1202 Sep 23 13:16 authorized_keys
-rw------- 1 grid oinstall  668 Sep 23 13:08 id_dsa
-rw-r--r-- 1 grid oinstall  601 Sep 23 13:08 id_dsa.pub
-rw-r--r-- 1 grid oinstall  400 Sep 23 13:09 known_hosts
[grid@host02 .ssh]$
[grid@host02 .ssh]$
[grid@host02 .ssh]$ scp authorized_keys host01:/home/grid/.ssh/
The authenticity of host 'host01 (192.0.2.101)' can't be established.
RSA key fingerprint is e8:aa:00:2c:2e:5c:e4:d8:fe:fd:9b:3f:8c:8b:d4:0b.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added 'host01,192.0.2.101' (RSA) to the list of known hosts.
grid@host01's password:
authorized_keys                                                                                                                                                                                            100% 1202     1.2KB/s   00:00 
[grid@host02 .ssh]$ scp authorized_keys host03:/home/grid/.ssh/
grid@host03's password:
authorized_keys                                                                                                                                                                                            100% 1202     1.2KB/s   00:00 
[grid@host02 .ssh]$
[grid@host02 .ssh]$ ssh grid@host03
[grid@host03 ~]$
[grid@host03 ~]$
[grid@host03 ~]$ cd /home/grid/.ssh
[grid@host03 .ssh]$
[grid@host03 .ssh]$ cat id_dsa.pub >> authorized_keys
[grid@host03 .ssh]$ ls
authorized_keys  id_dsa  id_dsa.pub
[grid@host03 .ssh]$
[grid@host03 .ssh]$
[grid@host03 .ssh]$ ll
total 12
-rw-r--r-- 1 grid oinstall 1803 Sep 23 13:17 authorized_keys
-rw------- 1 grid oinstall  668 Sep 23 13:10 id_dsa
-rw-r--r-- 1 grid oinstall  601 Sep 23 13:10 id_dsa.pub
[grid@host03 .ssh]$
[grid@host03 .ssh]$
[grid@host03 .ssh]$ scp authorized_keys host01:/home/grid/.ssh
The authenticity of host 'host01 (192.0.2.101)' can't be established.
RSA key fingerprint is e8:aa:00:2c:2e:5c:e4:d8:fe:fd:9b:3f:8c:8b:d4:0b.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added 'host01,192.0.2.101' (RSA) to the list of known hosts.
grid@host01's password:
authorized_keys                                                                                                                                                                                            100% 1803     1.8KB/s   00:00 
[grid@host03 .ssh]$
[grid@host03 .ssh]$ scp authorized_keys host02:/home/grid/.ssh/
The authenticity of host 'host02 (192.0.2.102)' can't be established.
RSA key fingerprint is e8:aa:00:2c:2e:5c:e4:d8:fe:fd:9b:3f:8c:8b:d4:0b.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added 'host02,192.0.2.102' (RSA) to the list of known hosts.
grid@host02's password:
authorized_keys                                                                                                                                                                                            100% 1803     1.8KB/s   00:00 
[grid@host03 .ssh]$
[grid@host03 .ssh]$
[grid@host03 .ssh]$ logout
Connection to host03 closed.
[grid@host02 .ssh]$ logout
Connection to host02 closed.
[grid@host01 .ssh]$
[grid@host01 .ssh]$ ssh hos02 date
ssh: Could not resolve hostname hos02: Name or service not known
[grid@host01 .ssh]$ ssh host02 date
Sat Sep 23 13:19:29 UTC 2017
[grid@host01 .ssh]$
[grid@host01 .ssh]$ ssh host03 date
Sat Sep 23 13:19:36 UTC 2017
[grid@host01 .ssh]$