在安装oracle数据库时,会需要为oracle用户配置ssh等效性,以实现不需要用户口令即可实现访问和文件传输。
步骤如下:
创建目录并生成密码
- su - oracle
- mkdir ~/.ssh
- chmod 755 ~/.ssh
- /usr/bin/ssh-keygen -t rsa ,连敲3次回车
- /usr/bin/ssh-keygen -t dsa ,连敲3次回车
创建认证文件并将密钥内容填入
- touch ~/.ssh/authorized_keys
- chmod 644 authorized_keys
- cat ~/.ssh/id_rsa.pub >> authorized_keys
- cat ~/.ssh/id_dsa.pub >> authorized_keys
- ssh racnode2 cat ~/.ssh/id_rsa.pub >> authorized_keys
- ssh racnode2 cat ~/.ssh/id_dsa.pub >> authorized_keys
在RAC的各个节点分别执行测试,测试是必须的,否则OUI可能会失败
- [oracle@orcnode1 ~]$ ssh racnode1 date
- [oracle@racnode1 ~]$ ssh racnode2 date
- [oracle@racnode1 ~]$ ssh racnode1-priv date
- [oracle@racnode1 ~]$ ssh racnode2-priv date
- [oracle@racnode2 ~]$ ssh racnode1 date
- [oracle@racnode2 ~]$ ssh racnode2 date
- [oracle@racnode2 ~]$ ssh racnode1-priv date
- [oracle@racnode2 ~]$ ssh racnode2-priv date
如果测试命令均可以在不需输入口令的情况下即可显示系统时间,则表示配置没有问题。
示例样式配置:
[oracle@orclcentos2 ~]$ mkdir ~/.ssh
[oracle@orclcentos2 ~]$ chmod 755 ~/.ssh
[oracle@orclcentos2 ~]$ ssh-keygen -t rsa
Generating public/private rsa key pair.
Enter file in which to save the key (/home/oracle/.ssh/id_rsa):
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /home/oracle/.ssh/id_rsa.
Your public key has been saved in /home/oracle/.ssh/id_rsa.pub.
The key fingerprint is:
5c:05:6b:3b:1c:8e:f8:e4:96:3e:7e:89:83:29:4d:07 oracle@orclcentos2
The key's randomart image is:
+--[ RSA 2048]----+
| ... |
| o |
| = |
| Eo * o |
| ..S = |
| .+.. . |
| o +=. . |
| . +o+ o |
| . .o+ |
+-----------------+
[oracle@orclcentos2 ~]$ ssh-keygen -t dsa
Generating public/private dsa key pair.
Enter file in which to save the key (/home/oracle/.ssh/id_dsa):
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /home/oracle/.ssh/id_dsa.
Your public key has been saved in /home/oracle/.ssh/id_dsa.pub.
The key fingerprint is:
58:36:4b:c4:89:34:22:cf:1c:b2:b1:a8:d8:d4:1b:b3 oracle@orclcentos2
The key's randomart image is:
+--[ DSA 1024]----+
| + o.oo.. |
| . @ o.oo |
|. + B = |
|oo = = o |
|o . E . S |
| |
| |
| |
| |
+-----------------+
[oracle@orclcentos2 ~]$ ssh rac2 cat ~/.ssh/id_rsa.pub >> authorized_keys
The authenticity of host 'rac2 (10.132.250.115)' can't be established.
RSA key fingerprint is 7f:e7:31:e0:f9:44:0f:19:98:69:a7:45:c7:40:ba:8f.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added 'rac2,10.132.250.115' (RSA) to the list of known hosts.
oracle@rac2's password:
[oracle@orclcentos2 ~]$ ssh rac2 cat ~/.ssh/id_dsa.pub >> authorized_keys
oracle@rac2's password:
[oracle@orclcentos2 ~]$