>> Create SSH Directory, and Create SSH Keys On Each Node
Complete the following steps on each node:
1. Log in as the software owner (in this example, the grid user).
$ id
uid=502(grid) gid=501(oinstall) groups=501(oinstall),502(grid,asmadmin,asmdba)
$ id grid
uid=502(grid) gid=501(oinstall) groups=501(oinstall),502(grid,asmadmin,asmdba)
3. If necessary, create the .ssh directory in the grid user's home directory, and set permissions on it to ensure that only the oracle user has read and write permissions:
$ mkdir ~/.ssh
$ chmod 700 ~/.ssh
Note: SSH configuration will fail if the permissions are not set to 700.
4. Enter the following command:
$ /usr/bin/ssh-keygen -t dsa
At the prompts, accept the default location for the key file (press Enter).
Note: SSH with passphrase is not supported for Oracle Clusterware 11g release 2 and later releases. So press enter.
This command writes the DSA public key to the ~/.ssh/id_dsa.pub file and the private key to the ~/.ssh/id_dsa file.
5. Repeat steps 1 through 3 on each node that you intend to make a member of the cluster, using the DSA key.
>>Add All Keys to a Common authorized_keys File
Complete the following steps:
1. user is grid. Add the DSA key to the authorized_keys file using the following commands:
[grid@host01 ~]$ cd ~/.ssh
[grid@host01 .ssh]$
[grid@host01 .ssh]$ cat id_dsa.pub >> authorized_keys
[grid@host01 .ssh]$ ls -ltr
total 16
-rw-r--r-- 1 grid oinstall 601 Sep 23 13:07 id_dsa.pub
-rw------- 1 grid oinstall 672 Sep 23 13:07 id_dsa
-rw-r--r-- 1 grid oinstall 400 Sep 23 13:07 known_hosts
-rw-r--r-- 1 grid oinstall 601 Sep 23 13:12 authorized_keys
[grid@host01 .ssh]$
[grid@host01 .ssh]$
[grid@host01 .ssh]$ scp authorized_keys host02:/home/grid/.ssh/
grid@host02's password:
authorized_keys 100% 601 0.6KB/s 00:00
[grid@host01 .ssh]$ scp authorized_keys host03:/home/grid/.ssh/
The authenticity of host 'host03 (192.0.2.103)' can't be established.
RSA key fingerprint is e8:aa:00:2c:2e:5c:e4:d8:fe:fd:9b:3f:8c:8b:d4:0b.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added 'host03,192.0.2.103' (RSA) to the list of known hosts.
grid@host03's password:
authorized_keys 100% 601 0.6KB/s 00:00
[grid@host01 .ssh]$
** repeat this work [Add All Keys to a Common authorized_keys File] for host02 and host03
>> Enabling SSH User Equivalency on Cluster Nodes
[grid@nodename]$ ssh host01 date
[grid@nodename]$ ssh host022 date
Implementation
================
[grid@host01 ~]$
[grid@host01 ~]$ id
uid=54322(grid) gid=54321(oinstall) groups=54321(oinstall),54327(asmdba),54328(asmoper),54329(asmadmin)
[grid@host01 ~]$
[grid@host01 ~]$
[grid@host01 ~]$ rm -rf ~/.ssh
[grid@host01 ~]$
[grid@host01 ~]$ mkdir ~/.ssh
[grid@host01 ~]$ chmod 700 ~/.ssh
[grid@host01 ~]$
[grid@host01 ~]$ /usr/bin/ssh-keygen -t dsa
Generating public/private dsa key pair.
Enter file in which to save the key (/home/grid/.ssh/id_dsa):
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /home/grid/.ssh/id_dsa.
Your public key has been saved in /home/grid/.ssh/id_dsa.pub.
The key fingerprint is:
ae:ab:0e:7d:ad:11:cf:3d:74:59:95:3d:6e:95:6a:67 grid@host01
The key's randomart image is:
+--[ DSA 1024]----+
| =|
| =o|
| + o|
| = E |
| . S . + + |
| . * o . |
| . . o = o |
| . . + . |
| .o.+. |
+-----------------+
[grid@host01 ~]$
[grid@host01 ~]$ ssh grid@host02
The authenticity of host 'host02 (192.0.2.102)' can't be established.
RSA key fingerprint is e8:aa:00:2c:2e:5c:e4:d8:fe:fd:9b:3f:8c:8b:d4:0b.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added 'host02,192.0.2.102' (RSA) to the list of known hosts.
grid@host02's password:
[grid@host02 ~]$
[grid@host02 ~]$
[grid@host02 ~]$ rm -rf ~./ssh
[grid@host02 ~]$ rm -rf ~/.ssh
[grid@host02 ~]$ mkdir ~/.ssh
[grid@host02 ~]$ chmod 700 ~/.ssh
[grid@host02 ~]$
[grid@host02 ~]$ /usr/bin/ssh-keygen -t dsa
Generating public/private dsa key pair.
Enter file in which to save the key (/home/grid/.ssh/id_dsa):
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /home/grid/.ssh/id_dsa.
Your public key has been saved in /home/grid/.ssh/id_dsa.pub.
The key fingerprint is:
f8:3d:73:d8:96:65:4c:29:30:c5:66:35:a5:1d:4a:6e grid@host02
The key's randomart image is:
+--[ DSA 1024]----+
| oo.ooo.|
| o* .=.|
| o.E+ .|
| . .+ |
| . S + |
| . . o + |
| . = = |
| = |
| |
+-----------------+
[grid@host02 ~]$
[grid@host02 ~]$
[grid@host02 ~]$
[grid@host02 ~]$ ssh grid@host03
The authenticity of host 'host03 (192.0.2.103)' can't be established.
RSA key fingerprint is e8:aa:00:2c:2e:5c:e4:d8:fe:fd:9b:3f:8c:8b:d4:0b.
Are you sure you want to continue connecting (yes/no)? y
Please type 'yes' or 'no': yes
Warning: Permanently added 'host03,192.0.2.103' (RSA) to the list of known hosts.
grid@host03's password:
[grid@host03 ~]$
[grid@host03 ~]$
[grid@host03 ~]$ rm -rf ~/.ssh
[grid@host03 ~]$
[grid@host03 ~]$ mkdir ~/.ssh
[grid@host03 ~]$ chmod 700 ~/.ssh
[grid@host03 ~]$
[grid@host03 ~]$
[grid@host03 ~]$ /usr/bin/ssh-keygen -t dsa
Generating public/private dsa key pair.
Enter file in which to save the key (/home/grid/.ssh/id_dsa):
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /home/grid/.ssh/id_dsa.
Your public key has been saved in /home/grid/.ssh/id_dsa.pub.
The key fingerprint is:
bd:91:2c:57:93:b9:9f:22:bc:23:7a:9b:e7:fb:07:71 grid@host03
The key's randomart image is:
+--[ DSA 1024]----+
| |
| o |
| = |
| o o.oE |
| S * .o |
| + o.. . |
| + ..o |
| o.oo .. |
| .oo=++.. |
+-----------------+
[grid@host03 ~]$
[grid@host03 ~]$
[grid@host03 ~]$
[grid@host03 ~]$ logout
Connection to host03 closed.
[grid@host02 ~]$ logout
Connection to host02 closed.
[grid@host01 ~]$
[grid@host01 ~]$
[grid@host01 ~]$ cd ~/.ssh
[grid@host01 .ssh]$
[grid@host01 .ssh]$ cat id_dsa.pub >> authorized_keys
[grid@host01 .ssh]$ ls -ltr
total 16
-rw-r--r-- 1 grid oinstall 601 Sep 23 13:07 id_dsa.pub
-rw------- 1 grid oinstall 672 Sep 23 13:07 id_dsa
-rw-r--r-- 1 grid oinstall 400 Sep 23 13:07 known_hosts
-rw-r--r-- 1 grid oinstall 601 Sep 23 13:12 authorized_keys
[grid@host01 .ssh]$
[grid@host01 .ssh]$
[grid@host01 .ssh]$ scp authorized_keys host02:/home/grid/.ssh/
grid@host02's password:
authorized_keys 100% 601 0.6KB/s 00:00
[grid@host01 .ssh]$ scp authorized_keys host03:/home/grid/.ssh/
The authenticity of host 'host03 (192.0.2.103)' can't be established.
RSA key fingerprint is e8:aa:00:2c:2e:5c:e4:d8:fe:fd:9b:3f:8c:8b:d4:0b.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added 'host03,192.0.2.103' (RSA) to the list of known hosts.
grid@host03's password:
authorized_keys 100% 601 0.6KB/s 00:00
[grid@host01 .ssh]$
[grid@host01 .ssh]$
[grid@host01 .ssh]$ ssh grid@host02
[grid@host02 ~]$
[grid@host02 ~]$
[grid@host02 ~]$ cd /home/grid/.ssh
[grid@host02 .ssh]$
[grid@host02 .ssh]$ cat id_dsa.pub >> authorized_keys
[grid@host02 .ssh]$
[grid@host02 .ssh]$ ll
total 16
-rw-r--r-- 1 grid oinstall 1202 Sep 23 13:16 authorized_keys
-rw------- 1 grid oinstall 668 Sep 23 13:08 id_dsa
-rw-r--r-- 1 grid oinstall 601 Sep 23 13:08 id_dsa.pub
-rw-r--r-- 1 grid oinstall 400 Sep 23 13:09 known_hosts
[grid@host02 .ssh]$
[grid@host02 .ssh]$
[grid@host02 .ssh]$ scp authorized_keys host01:/home/grid/.ssh/
The authenticity of host 'host01 (192.0.2.101)' can't be established.
RSA key fingerprint is e8:aa:00:2c:2e:5c:e4:d8:fe:fd:9b:3f:8c:8b:d4:0b.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added 'host01,192.0.2.101' (RSA) to the list of known hosts.
grid@host01's password:
authorized_keys 100% 1202 1.2KB/s 00:00
[grid@host02 .ssh]$ scp authorized_keys host03:/home/grid/.ssh/
grid@host03's password:
authorized_keys 100% 1202 1.2KB/s 00:00
[grid@host02 .ssh]$
[grid@host02 .ssh]$ ssh grid@host03
[grid@host03 ~]$
[grid@host03 ~]$
[grid@host03 ~]$ cd /home/grid/.ssh
[grid@host03 .ssh]$
[grid@host03 .ssh]$ cat id_dsa.pub >> authorized_keys
[grid@host03 .ssh]$ ls
authorized_keys id_dsa id_dsa.pub
[grid@host03 .ssh]$
[grid@host03 .ssh]$
[grid@host03 .ssh]$ ll
total 12
-rw-r--r-- 1 grid oinstall 1803 Sep 23 13:17 authorized_keys
-rw------- 1 grid oinstall 668 Sep 23 13:10 id_dsa
-rw-r--r-- 1 grid oinstall 601 Sep 23 13:10 id_dsa.pub
[grid@host03 .ssh]$
[grid@host03 .ssh]$
[grid@host03 .ssh]$ scp authorized_keys host01:/home/grid/.ssh
The authenticity of host 'host01 (192.0.2.101)' can't be established.
RSA key fingerprint is e8:aa:00:2c:2e:5c:e4:d8:fe:fd:9b:3f:8c:8b:d4:0b.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added 'host01,192.0.2.101' (RSA) to the list of known hosts.
grid@host01's password:
authorized_keys 100% 1803 1.8KB/s 00:00
[grid@host03 .ssh]$
[grid@host03 .ssh]$ scp authorized_keys host02:/home/grid/.ssh/
The authenticity of host 'host02 (192.0.2.102)' can't be established.
RSA key fingerprint is e8:aa:00:2c:2e:5c:e4:d8:fe:fd:9b:3f:8c:8b:d4:0b.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added 'host02,192.0.2.102' (RSA) to the list of known hosts.
grid@host02's password:
authorized_keys 100% 1803 1.8KB/s 00:00
[grid@host03 .ssh]$
[grid@host03 .ssh]$
[grid@host03 .ssh]$ logout
Connection to host03 closed.
[grid@host02 .ssh]$ logout
Connection to host02 closed.
[grid@host01 .ssh]$
[grid@host01 .ssh]$ ssh hos02 date
ssh: Could not resolve hostname hos02: Name or service not known
[grid@host01 .ssh]$ ssh host02 date
Sat Sep 23 13:19:29 UTC 2017
[grid@host01 .ssh]$
[grid@host01 .ssh]$ ssh host03 date
Sat Sep 23 13:19:36 UTC 2017
[grid@host01 .ssh]$