Re: 10g RAC --using ssh without password
- From: "James Morrow" <morrow.james@xxxxxxxxx>
- To: ora-apps-dba@xxxxxxxxxxxxx
- Date: Thu, 14 Feb 2008 07:35:21 -0600
If you're wanting RAC1 to trust RAC2 then the
"${HOME}/.ssh/authorized_keys" file on RAC1
needs to contain the *.pub that was generated
on RAC2.
What I usually do is:
RAC1:
ssh-keygen -t rsa
ssh-keygen -t dsa
cd ${HOME}/.ssh
cp id_rsa.pub id_rsa_oracle@xxxxxxxx
cp id_dsa.pub id_dsa_oracle@xxxxxxxx
scp ${HOME}/.ssh/id_?sa_oracle@xxxxxxxx oracle@rac2:.ssh/.
RAC2:
ssh-keygen -t rsa
ssh-keygen -t dsa
cd ${HOME}/.ssh
cp id_rsa.pub id_rsa_oracle@xxxxxxxx
cp id_dsa.pub id_dsa_oracle@xxxxxxxx
scp ${HOME}/.ssh/id_?sa_oracle@xxxxxxxx oracle@rac1:.ssh/.
Once you've done that:
RAC1:
cat id_?sa_oracle@xxxxxxxx >>authorized_keys
RAC2:
cat id_?sa_oracle@xxxxxxxx >>authorized_keys
Your trusiting relationship should be established at this point.
-- James
On 2/14/08, Pedro Espinoza <raindoctor@xxxxxxxxx> wrote:
> If you don't want to proect the private key without passphrase, you
> dont need worry anything. That is, you dont need to run ssh-agent, nor
> do you need to load the private keys to that ssh-agent.
>
>
> However, if you want to protect using a private key, you gott export
> that socket id, and agent pid. Doing the latter requires some
> scripting, some changes to .profile of that oracle user.
>
> You can use the script at
> http://mah.everybody.org/docs/ssh
>
> Or, you can use the big shell script called keychain developed by gentoo
> http://pkgsrc.se/security/keychain
>
>
>
>
>
>
>
>
>
>
>
> On Thu, Feb 14, 2008 at 12:30 AM, Sridhar <sridhara.m@xxxxxxxxxxxx> wrote:
> >
> >
> >
> >
> > Hi Kathy/Atul,
> >
> >
> >
> > I am configuring 10g RAC on vmware (RHEL AS4 & 2 nodes).When I am
> > configuring ssh without password I am unable to do so.
> >
> > Please see the steps I followed
> >
> > rac1
> >
> > cd /home/oracle/
> >
> > mkdir .ssh
> >
> > chmod 700 .ssh
> >
> > cd .ssh
> >
> > ssh-keygen rsa
> >
> > ssh-keygen dsa
> >
> >
> >
> > Performed same steps on rac2
> >
> >
> >
> > then at rac1
> >
> > touch authorized_keys
> >
> > ssh rac1 cat /home/oracle/.ssh/id_rsa.pub >> authorized_keys
> >
> > --followed steps
> >
> > ssh rac1 cat /home/oracle/.ssh/id_dsa.pub >> authorized_keys
> >
> > --followed steps
> >
> > ssh rac2 cat /home/oracle/.ssh/id_rsa.pub >> authorized_keys
> >
> > --followed steps
> >
> > ssh rac2 cat /home/oracle/.ssh/id_dsa.pub >> authorized_keys
> >
> > chmod 644 ~/.ssh/authorized_keys
> >
> >
> >
> > performed the same steps at rac2
> >
> >
> >
> > --establish user equivalency
> >
> > as oracle user
> >
> > exec /usr/bin/ssh-agent $SHELL
> >
> > /usr/bin/ssh-add
> >
> >
> >
> > then i typed
> >
> > at rac1
> >
> > ssh rac1 date --asking me the password (without password if i enter it is
> > asking me password
> >
> > ssh rac2 date --- same above
> >
> > at rac2
> >
> >
> >
> > ssh rac1 date --same above
> >
> > ssh rac2 date --same above
> >
> >
> >
> > Any good suggestion (I can use rsh/rcp) to resolve ssh without password.
> >
> >
> >
> > Thanks in advance,
> >
> > Dr.M.Sridhar
> >
> > Team Lead
> >
> > Vertex Computer Systems
>
>
--
----------------------------------------------------------------------
James J. Morrow | Senior Oracle Applications DBA | Solution Beacon, LLC
jmorrow <at> solutionbeacon <dot> com
morrow.james <at> gmail <dot> com
http://www.solutionbeacon.com
http://www.solutionbeaconfoundation.com
Other related posts:
