No relevant resource is found in the selected language.

This site uses cookies. By continuing to browse the site you are agreeing to our use of cookies. Read our privacy policy>Search

Reminder

To have a better experience, please upgrade your IE browser.

upgrade

KunLun Mission Critical Server Oracle Database Oracle 12c R1 (RAC) Best Practice 02

Rate and give feedback :
Huawei uses machine translation combined with human proofreading to translate this document to different languages in order to help you better understand the content of this document. Note: Even the most advanced machine translation cannot match the quality of professional translators. Huawei shall not bear any responsibility for translation accuracy and it is recommended that you refer to the English document (a link for which has been provided).
Configuring the SSH Password-Free Interconnection Service

Configuring the SSH Password-Free Interconnection Service

There are two ways to configure mutual trust between nodes. One is to use the Oracle installation tool. On the grid installation page of the tool, you can configure SSH. For details, see Installation Procedure. The other is to perform the following steps to manually configure mutual trust.

Procedure

Log in as users oracle and grid separately and run the following commands to configure the password-free interconnection service (the following uses user oracle as an example):

NOTE:

If an error is reported during the following operations, check whether any format mistake exists in the command, such as redundant spaces or Chinese characters.

  1. Run the following commands on RAC node 1:

    dbn01: # ssh-keygen -t rsa
    dbn01: # ssh-keygen -t dsa
    Run the ssh-keygen -t rsa command. The command output is as follows:
    dbn01: # ssh-keygen -t rsa
    Generating public/private rsa key pair.
    Enter file in which to save the key (/home/oracle/.ssh/id_rsa): // Retain the default value and press Enter.
    Created directory '/home/oracle/.ssh'.
    Enter passphrase (empty for no passphrase): // Retain the default value and press Enter.
    Enter same passphrase again: //Retain the default value and press Enter.
    Your identification has been saved in /home/oracle/.ssh/id_rsa.
    Your public key has been saved in /home/oracle/.ssh/id_rsa.pub.
    The key fingerprint is:
    b9:67:bb:07:06:8b:20:1b:3a:a4:2e:ed:e3:d7:58:54 [MD5] root@dbn01
    The key's randomart image is:
    +--[ RSA 2048]----+
    |                 |
    |        E        |
    |       .         |
    | .o . . ..       |
    |o. + o .So       |
    |+ . o ..o      |
    |.o +  ..o.     |
    |..o o .  o .. |
    |.ooo      oo     |
    +--[MD5]----------+

  2. Run the following commands on RAC node 2:

    ssh-keygen -t rsa
    ssh-keygen -t dsa

  3. Copy the public key from the local node to the peer node.

    Before performing this operation, you must modify the /etc/hosts file to enable the host name and IP address resolution.

    The following uses dbn01 and dbn02 as an example.

    Run the following commands on RAC node 1:

    ssh dbn01 "echo $(cat /home/oracle/.ssh/id_dsa.pub) >> /home/oracle/.ssh/authorized_keys"
    ssh dbn02 "echo $(cat /home/oracle/.ssh/id_dsa.pub) >> /home/oracle/.ssh/authorized_keys"
    ssh dbn01 "echo $(cat /home/oracle/.ssh/id_rsa.pub) >> /home/oracle/.ssh/authorized_keys"
    ssh dbn02 "echo $(cat /home/oracle/.ssh/id_rsa.pub) >>
    /home/oracle/.ssh/authorized_keys"

    Run the following commands and enter the password of user oracle when prompted:

    dbn01: # ssh dbn01 "echo $(cat /home/oracle/.ssh/id_dsa.pub) >> /home/oracle /.ssh/authorized_keys"
    The authenticity of host 'dbn01 (192.168.35.41)' can't be established.
    ECDSA key fingerprint is ee:4c:78:4b:d8:5f:8d:44:85:c5:46:9c:90:9d:13:bd [MD5].
    Are you sure you want to continue connecting (yes/no)? // Enter yes.
    Warning: Permanently added 'dbn01,192.168.35.41' (ECDSA) to the list of known hosts.
    Password: // Enter the password.

  4. Run the following commands RAC node 2:

    ssh dbn01 "echo $(cat /home/oracle/.ssh/id_dsa.pub) >> /home/oracle/.ssh/authorized_keys"
    ssh dbn02 "echo $(cat /home/oracle/.ssh/id_dsa.pub) >> /home/oracle/.ssh/authorized_keys"
    ssh dbn01 "echo $(cat /home/oracle/.ssh/id_rsa.pub) >> /home/oracle/.ssh/authorized_keys"
    ssh dbn02 "echo $(cat /home/oracle/.ssh/id_rsa.pub) >> /home/oracle/.ssh/authorized_keys"

  5. Verify the configuration result.

    On the two nodes, use SSH to log in to each other. If you can log in to the peer node without entering the password, the trust relationship is established.

    On node 1, run the ssh dbn02 command to log in to node 2 without entering the password.

    On node 2, run the ssh dbn01 command to log in to node 1 without entering the password.

Download
Updated: 2019-02-01

Document ID: EDOC1100053123

Views: 13752

Downloads: 14

Average rating:
This Document Applies to these Products
Related Documents
Related Version
Share
Previous Next