【RAC】在所有集群节点手动配置SSH无密码访问

在进行RAC安装时，无密码的SSH配置是一项强制性的安装需求，用来在安装期间配置集群成员节点，并且在安装后，SSH由配置助手、OEM、OPatch和其他特性使用。

自动配置的无密码的SSH在集群的所有节点上使用OUI创建RSA密钥，如果由于系统限制无法自动配置，则需要手动配置SSH，例如使用DSA，本篇则演示手动配置无密码的SSH。

1、检查系统已存在的SSH配置

--查看SSH是否正在运行，使用如下命令：
[grid@strong ~]$ pgrep sshd --出现值表示进程正在运行
2242
10574
[grid@strong ~]$ ll -a .ssh
ls: cannot access .ssh: No such file or directory  --表示ssh目录不存在

2、在所有节点配置SSH

--创建ssh目录
[grid@strong ~]$ mkdir .ssh
--权限必须设为700
[grid@strong ~]$ chmod -R 700 .ssh/
--生成DSA
[grid@strong .ssh]$ ssh-keygen -t dsa
Generating public/private dsa key pair.
Enter file in which to save the key (/home/grid/.ssh/id_dsa): 
Enter passphrase (empty for no passphrase): 
Enter same passphrase again: 
Your identification has been saved in /home/grid/.ssh/id_dsa.
Your public key has been saved in /home/grid/.ssh/id_dsa.pub.
The key fingerprint is:
36:72:a5:f8:ae:01:63:94:fd:4e:83:ef:e1:aa:10:c3 [email protected]
The key's randomart image is:
+--[ DSA 1024]----+
|                 |
|     o           |
|    o .   .      |
| . .   + o       |
|  E + + S        |
|   + o O o       |
|  .   . =        |
|   .   = .       |
|    ..oo+        |
+-----------------+
[grid@strong .ssh]$ 
--将DSA Key添加到authorized_keys文件
[grid@strong .ssh]$ cat id_dsa.pub >> authorized_keys
[grid@strong .ssh]$ ll
total 12
-rw-r--r--. 1 grid oinstall 612 Apr  5 15:56 authorized_keys
-rw-------. 1 grid oinstall 668 Apr  5 15:51 id_dsa
-rw-r--r--. 1 grid oinstall 612 Apr  5 15:51 id_dsa.pub
--将authorized_keys拷贝至node2节点
[grid@strong .ssh]$ scp authorized_keys node2:/home/grid/.ssh/
The authenticity of host 'node2 (192.168.1.113)' can't be established.
RSA key fingerprint is 08:7b:57:bc:d6:8d:b9:2c:f0:a0:55:d2:ff:6c:22:b1.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added 'node2,192.168.1.113' (RSA) to the list of known hosts.
grid@node2's password: 
authorized_keys                                                                                                                                              100%  612     0.6KB/s   00:00    
[grid@strong .ssh]$ 
--将节点Node2的DSA key加至authorized_keys文件
[grid@strong .ssh]$ ssh node2
Last login: Thu Apr  5 12:17:37 2018 from strong
[grid@node2 ~]$ cat .ssh/id_dsa.pub >> .ssh/authorized_keys 
[grid@node2 ~]$ 
--查看authorized_keys文件内容
[grid@node2 ~]$ more .ssh/authorized_keys 
ssh-dss AAAAB3NzaC1kc3MAAACBAI7Mw5Oq05kyy7C7gnPMVpA4RmJQFxZbQLQw2sIQhtvjob22tBzZwlCxPie16Lz99qdx7AUL2xqgP8GsB4D+9Vv/WyQmwxx1FRpiYA+/PKyn6YEzS/t3Ng2zv2PckWdywUG/Ju5ZNuzds5EEl+ATJhStxxKUTaJU1xQ
sH7wQyh2ZAAAAFQDdaW+vFoAyb42ATSWOHaFIOJ6r5QAAAIBKtmgLLaY0ALsgxnDHcBtYp6nnXVPL16J1+mdPy1XEWRTkpCzRsh8h8PsCNUNYXsV4alFOctjLJpWTRSCCFlPqxSvP7nPaQInQ/Q89gfAxJWlXZPvIf228hBsU9v4DTyAwXbkdVZuLucqJGy
Ktgo8IZjIZsSAuuR/mcswZmD8fnAAAAIAf2R6pc0jn71iYeDNPMQGtUmlY0NO871BigH2jPkiAEvIkDBkN4BY4SC2VuBKcaP+6QwSMG6dBWV5NTxO7AlW3uk5fcVDZKvZc2cMnsADThqOSlu5PTV6CKNu+X2J4Lcq8BR3yOrj6FOBN3WIPGuQaRYMMpwtbZ
zNDvr+G4w3otw== [email protected]
ssh-dss AAAAB3NzaC1kc3MAAACBAN/iRyAIQsg1+PvCtgKuHcr/jfTDoCgrbyNKaGtNDOKz/TtCzUslb9RYM2vzUrg3/ug/1oYmYd6apFxMDIN1SF+wS5c1Od5+dLYr/N8onc9/oVl9eSoH28ObhpEtG8pBmQVAMMqhOoSBeCEo1iAPjgXX0qNlURW3yXY
4pN87y3L9AAAAFQCrbYjJZp3dWo6JANUP7YzyncdbSQAAAIBnzn8EyZl6auXCjMn5o3UgClbbslwqXHF4/BG4xM3lGfDjfZuuH4cUBxhpxBJMMRwIXvvykGHR+RMG+OevUtELsNGDG53SZG1z4wwsT92q+WZ/ilS2FrOLbTbqxlgQqbwWR6nnS/H5ofQoKm
qjJ87NtAbKKJdT1JnZ8AWZDaMWaAAAAIEAn6R0McOZd1bIIFY7PuJ4cBO8BbgmDsLdO15B9Tzq2zxfd3HJi93GlsIbvK4ivdkGgfxpb9e7ZgotVoodAKODXuCdLOGClZVeObBj+G3mX5YXejIkbH3bMvcCVlZ4cqqwqKZAYCKMQ6lrGeBEAq3qbv1z0Ccv9
W8w40HtzWMSMyk= [email protected]
[grid@node2 ~]$
--将所有节点的DSA Key加至authorized_keys后，再将其拷贝至所有节点
[grid@node2 ~]$ scp .ssh/authorized_keys strong:/home/grid/.ssh/
The authenticity of host 'strong (192.168.1.115)' can't be established.
RSA key fingerprint is 08:7b:57:bc:d6:8d:b9:2c:f0:a0:55:d2:ff:6c:22:b1.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added 'strong,192.168.1.115' (RSA) to the list of known hosts.
grid@strong's password: 
authorized_keys                                                                                                                                              100% 1223     1.2KB/s   00:00    
[grid@node2 ~]$

3、在集群节点激活SSH用户等效性

--在所有节点执行，包括自己
[grid@node2 ~]$ ssh node2 date
The authenticity of host 'node2 (192.168.1.113)' can't be established.
RSA key fingerprint is 08:7b:57:bc:d6:8d:b9:2c:f0:a0:55:d2:ff:6c:22:b1.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added 'node2,192.168.1.113' (RSA) to the list of known hosts.
Thu Apr  5 12:58:47 CST 2018
[grid@node2 ~]$ ssh strong date
Thu Apr  5 16:00:23 CST 2018
--上述过程结束后，主机名被注册到known_hosts文件
[grid@strong .ssh]$ ll known_hosts 
-rw-r--r--. 1 grid oinstall 803 Apr  5 16:01 known_hosts
--检查SSH用户等效性，不必输入密码
[grid@strong .ssh]$ ssh strong date
Thu Apr  5 16:02:27 CST 2018
[grid@strong .ssh]$ ssh node2 date
Thu Apr  5 13:01:05 CST 2018