SSH信任
配置SSH的目的就是使得两个节点的主机之间的相同用户可以无障碍的通信,SSH主要包括两条命令,即scp和ssh。当用户在一个节点上安装和配置RAC软件时,SSH将通过scp命令,以对等用户的身份,将软件复制到其他节点上。
注意:这种信任是oracle用户之间的,所以要切换到oracle用户下进行。
[oracle@rac2 ~]$ mkdir .ssh
[oracle@rac2 ~]$ chmod 700 .ssh
在rac2上产生rsa、dsa密钥
[oracle@rac2 ~]$ ssh-keygen -t rsa
Generating public/private rsa key pair. */以下全部回车
Enter file in which to save the key (/home/oracle/.ssh/id_rsa):
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /home/oracle/.ssh/id_rsa.
Your public key has been saved in /home/oracle/.ssh/id_rsa.pub.
The key fingerprint is:
cd:a7:af:8d:50:89:84:65:e9:83:23:c9:09:3d:3c:e0 oracle@rac2.localdomain
[oracle@rac2 ~]$ ssh-keygen -t dsa
Generating public/private dsa key pair. */以下全部回车
Enter file in which to save the key (/home/oracle/.ssh/id_dsa):
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /home/oracle/.ssh/id_dsa.
Your public key has been saved in /home/oracle/.ssh/id_dsa.pub.
The key fingerprint is:
e1:b4:97:bd:85:b4:07:f9:fc:83:c4:5b:10:cf:51:a3 oracle@rac2.localdomain
[oracle@rac2 ~]$ cd .ssh
[oracle@rac2 .ssh]$ ls
id_dsa id_dsa.pub id_rsa id_rsa.pub
将密钥信息写道authorized_keys文件中并修改修改权限
[oracle@rac2 .ssh]$ cat id_rsa.pub >> authorized_keys
[oracle@rac2 .ssh]$ cat id_dsa.pub >> authorized_keys
[oracle@rac2 .ssh]$ chmod 600 authorized_keys
在rac1上作同样的操作。
[oracle@rac1 ~]$ mkdir .ssh
[oracle@rac1 ~]$ chmod 700 .ssh
[oracle@rac1 ~]$ cd .ssh
[oracle@rac1 .ssh]$ ls
[oracle@rac1 .ssh]$ ssh-keygen -t rsa
Generating public/private rsa key pair.
Enter file in which to save the key (/home/oracle/.ssh/id_rsa):
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /home/oracle/.ssh/id_rsa.
Your public key has been saved in /home/oracle/.ssh/id_rsa.pub.
The key fingerprint is:
d2:9d:01:7b:4c:7f:82:36:cf:ca:35:af:29:ba:84:bc oracle@rac1.oracle.com
[oracle@rac1 .ssh]$ ssh-keygen -t dsa
Generating public/private dsa key pair.
Enter file in which to save the key (/home/oracle/.ssh/id_dsa):
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /home/oracle/.ssh/id_dsa.
Your public key has been saved in /home/oracle/.ssh/id_dsa.pub.
The key fingerprint is:
41:57:98:38:63:a6:12:6d:f1:46:e5:af:6d:b1:25:55 oracle@rac1.oracle.com
[oracle@rac1 .ssh]$ cat id_rsa.pub >> authorized_keys
[oracle@rac1 .ssh]$ cat id_dsa.pub >> authorized_keys
将rac2中的authorized_keys拷贝到rac1中命名为key
[oracle@rac2 .ssh]$ scp authorized_keys rac1:/home/oracle/.ssh/key
The authenticity of host 'rac1 (192.168.84.241)' can't be established.
RSA key fingerprint is 83:1b:90:98:2f:56:5b:b1:36:16:e3:21:b5:8f:d7:f4.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added 'rac1,192.168.84.241' (RSA) to the list of known hosts.
oracle@rac1's password:
authorized_keys 100% 1018 1.0KB/s 00:00
再在rac1上将2个密钥合并,并拷贝到rac2上覆盖原来的authorized_keys
[oracle@rac1 .ssh]$ ls
authorized_keys id_dsa id_dsa.pub id_rsa id_rsa.pub key
[oracle@rac1 .ssh]$ cat key >> authorized_keys
[oracle@rac1 .ssh]$ scp authorized_keys rac2:/home/oracle/.ssh/
验证SSH是否配置成功,在oracle用户下ssh连接另外一个节点,如果不需要输入密码则配置成功。
[oracle@rac1 .ssh]$ exec /usr/bin/ssh-agent $SHELL
[oracle@rac1 .ssh]$ ssh-add
Enter passphrase for /home/oracle/.ssh/id_rsa:
Identity added: /home/oracle/.ssh/id_rsa (/home/oracle/.ssh/id_rsa)
Identity added: /home/oracle/.ssh/id_dsa (/home/oracle/.ssh/id_dsa)
[oracle@rac1 .ssh]$ ssh rac2
Last login: Fri Dec 16 12:13:36 2011 from rac1_priv
[oracle@rac2 ~]$ exit
logout
Connection to rac2 closed.
[oracle@rac1 .ssh]$ ssh rac2-priv
Last login: Fri Dec 16 12:15:30 2011 from rac1
SSH信任的更多相关文章
- 批量部署ssh信任关系
要求1:大批量部署SSH信任关系,在A文件分发服务器上大批量部署WEB层面信任关系文件分发服务器为:10.0.3.9 登录用户为:zhangsan WEB层IP段:10.0.3.10~10.0.3.6 ...
- linux建立ssh信任关系
一.建立SSH信任将A主机做为客户端(发起SSH请求 ip:192.168.200.170)将B主机作为服务器端(接收ssh请求 ip:192.168.200.149)以上以主动发起SSH登录请求 ...
- ssh远程登录操作 和ssh信任
ssh 可以参考上一篇telnet的文章 1.安装openssh-server sudo dpkg -i openssh-client_1%3a5.5p1-4ubuntu6_i386.deb ...
- Linux创建SSH信任关系
Linux服务器创建信任关系可以解决远程执行命令.远程传输文件多次手工输入的麻烦.可以实现环境一键打包备份. 测试环境 SuSE 手工创建 假设服务器A与B间要建立信任关系.用户想从服务器A免密码登录 ...
- linux如何配置双机SSH信任然后双向免密码登陆
linux如何配置双机SSH信任然后双向免密码登陆 www.111cn.net 更新:2015-01-14 编辑:edit02_lz 来源:转载 有时为了方便管理多台Linux主机,想实现双机之间信任 ...
- 【ssh信任关系】解决信任关系不生效问题
配置的时候遇见点问题,发现即便将id_rsa.pub拷贝到了另一台机器上,信任也没有建立起来. 原因是另外一台机器上目录权限不对,可以通过su root后观察/var/log/message里的日志信 ...
- Linux 配置双机SSH信任
一.实现原理 使用一种被称为"公私钥"认证的方式来进行ssh登录."公私钥"认证方式简单的解释是: 首先在客户端上创建一对公私钥(公钥文件:~/.ssh/id_ ...
- ssh信任 sftp用法 scp用法【转】
为了进行批量关机工作,前提要配置好ssh的双机信任. A机192.168.1.241 B机192.168.1.212 在A机上获取一个pub密钥,即为公共密钥. 执行这个命令后:ssh-keygen ...
- ssh 信任关系无密码登陆,清除公钥,批量脚本
实验机器: 主机a:192.168.2.128 主机b:192.168.2.130 实验目标: 手动建立a到b的信任关系,实现在主机a通过 ssh 192.168.2.130不用输入密码远程登陆b主机 ...
随机推荐
- ubuntu下安装ffmpeg和X264
第一步:安装必要的库 $:-dev libtheora-dev libx11-dev zlib1g-dev 第二步:安装SDL(否则可能编译不出ffplay) $:-dev $:-dev libsdl ...
- IPHONE开发知识
IPHONE开发知识http://www.cnblogs.com/valensoft/archive/2010/06/09/1754836.htmlhttp://www.cocoachina.com/ ...
- 统计网卡TX(发送)RX(接受)流量脚本
显示网卡流量的方法蛮多,一般我们可以通过dstat来查看,但dstat不一定所有的机器都有安装.而我们知道,通过ifconfig可以看到某一网卡发送与接收的字节数,所以我们可以写一个脚本来统计一下. ...
- 滚珠菜单动效-b
原型从网上找的,动效使用了CAAnimation和UIDynamic物理引擎. gitHub :https://github.com/BearRan/FlowMenuAnimation 大致步骤如 ...
- 基于Vuforia的Hololens图像识别
微软官方Hololens开发文档中有关于Vuforia的内容,https://developer.microsoft.com/en-us/windows/holographic/getting_sta ...
- 选择排序O(n^2)与快速排序O(nlogn)的优越性代码体现
随机函数生成一个超大数组: [code]: #include <iostream> #include <stdio.h> #include<time.h> #inc ...
- [转载]Eziriz .NET Reactor 4.7.0.0 官方原版+破解补丁(强大的代码保护和软件防盗版工具)
Eziriz .NET Reactor 是一个强大的代码保护和软件防盗版工具,完全由.NET框架编写..NET Reactor支持NET平台的软件许可系统,并支持NET程序集所有语言.当.Net编译器 ...
- ASP + ACCESS保存图片文件之实现
con.execute "CREATE tblImg (lngId COUNTER PRIMARY KEY, binImg IMAGE)" set ads=createobject ...
- Unity3D开发之NGUI结合粒子系统的遮挡问题
原地址:http://blog.csdn.net/lihandsome/article/details/22194025 我的是NGUI3.0.3版本,在加入粒子系统的时候发现一直都是在精灵的下面,所 ...
- grep正则表达式后面的单引号和双引号的区别
单引号''是全引用,被单引号括起的内容不管是常量还是变量者不会发生替换:双引号""是部分引用,被双引号括起的内容常量还是常量,变量则会发生替换,替换成变量内容! 一般常量用单引号' ...