Re: 10g RAC --using ssh without password

If you're wanting RAC1 to trust RAC2 then the
"${HOME}/.ssh/authorized_keys" file on RAC1
needs to contain the *.pub that was generated
on RAC2.

What I usually do is:

RAC1:

ssh-keygen -t rsa
ssh-keygen -t dsa
cd ${HOME}/.ssh
cp id_rsa.pub id_rsa_oracle@xxxxxxxx
cp id_dsa.pub id_dsa_oracle@xxxxxxxx
scp ${HOME}/.ssh/id_?sa_oracle@xxxxxxxx oracle@rac2:.ssh/.

RAC2:

ssh-keygen -t rsa
ssh-keygen -t dsa
cd ${HOME}/.ssh
cp id_rsa.pub id_rsa_oracle@xxxxxxxx
cp id_dsa.pub id_dsa_oracle@xxxxxxxx
scp ${HOME}/.ssh/id_?sa_oracle@xxxxxxxx oracle@rac1:.ssh/.

Once you've done that:

RAC1:

cat id_?sa_oracle@xxxxxxxx >>authorized_keys

RAC2:

cat id_?sa_oracle@xxxxxxxx >>authorized_keys

Your trusiting relationship should be established at this point.

-- James

On 2/14/08, Pedro Espinoza <raindoctor@xxxxxxxxx> wrote:
> If you don't want to proect the private key without passphrase, you
>  dont need worry anything. That is, you dont need to run ssh-agent, nor
>  do you need to load the private keys to that ssh-agent.
>
>
>   However, if you want to protect using a private key, you gott export
>  that socket id, and agent pid. Doing the latter requires some
>  scripting, some changes to .profile of that oracle user.
>
>  You can use the script at
>  http://mah.everybody.org/docs/ssh
>
>  Or, you can use the big shell script called keychain developed by gentoo
>  http://pkgsrc.se/security/keychain
>
>
>
>
>
>
>
>
>
>
>
>  On Thu, Feb 14, 2008 at 12:30 AM, Sridhar <sridhara.m@xxxxxxxxxxxx> wrote:
>  >
>  >
>  >
>  >
>  > Hi Kathy/Atul,
>  >
>  >
>  >
>  > I am configuring 10g RAC on vmware (RHEL AS4 & 2 nodes).When I am
>  > configuring ssh without password I am unable to do so.
>  >
>  > Please see the steps I followed
>  >
>  > rac1
>  >
>  > cd /home/oracle/
>  >
>  > mkdir .ssh
>  >
>  > chmod 700 .ssh
>  >
>  > cd .ssh
>  >
>  > ssh-keygen rsa
>  >
>  > ssh-keygen dsa
>  >
>  >
>  >
>  > Performed same steps on rac2
>  >
>  >
>  >
>  > then at rac1
>  >
>  > touch authorized_keys
>  >
>  > ssh rac1 cat /home/oracle/.ssh/id_rsa.pub >> authorized_keys
>  >
>  > --followed steps
>  >
>  > ssh rac1 cat /home/oracle/.ssh/id_dsa.pub >> authorized_keys
>  >
>  > --followed steps
>  >
>  > ssh rac2 cat /home/oracle/.ssh/id_rsa.pub >> authorized_keys
>  >
>  > --followed steps
>  >
>  > ssh rac2 cat /home/oracle/.ssh/id_dsa.pub >> authorized_keys
>  >
>  > chmod 644 ~/.ssh/authorized_keys
>  >
>  >
>  >
>  > performed the same steps at rac2
>  >
>  >
>  >
>  > --establish user equivalency
>  >
>  > as oracle user
>  >
>  > exec /usr/bin/ssh-agent $SHELL
>  >
>  > /usr/bin/ssh-add
>  >
>  >
>  >
>  > then i typed
>  >
>  > at rac1
>  >
>  > ssh rac1 date --asking me the password (without password if i enter it is
>  > asking me password
>  >
>  > ssh rac2 date --- same above
>  >
>  > at rac2
>  >
>  >
>  >
>  > ssh rac1 date --same above
>  >
>  > ssh rac2 date --same above
>  >
>  >
>  >
>  > Any good suggestion (I can use rsh/rcp) to resolve ssh without password.
>  >
>  >
>  >
>  > Thanks in advance,
>  >
>  > Dr.M.Sridhar
>  >
>  > Team Lead
>  >
>  > Vertex Computer Systems
>
>


-- 
----------------------------------------------------------------------
James J. Morrow | Senior Oracle Applications DBA | Solution Beacon, LLC
jmorrow <at> solutionbeacon <dot> com
morrow.james <at> gmail <dot> com
http://www.solutionbeacon.com
http://www.solutionbeaconfoundation.com

Other related posts: