Linux SSH 无密码登录

借用ORACLE RAC中设置SSH无密码的操作方法


在 clusterware (CRS) 和 Rac Database 安装过程中, Oracle Universal Installer (OUI) 必须能够以 oracle
的身份自动将软件复制到所有 RAC 节点。这里我们通过配置 ssh 让 oracle 用户拥有不输入密码即可访问
各节点的能力。
首先两个节点间互 ping ,要确保都是通的
[root@node1 ~]# ping 192.168.100.102
[root@node1 ~]# ping 10.10.17.222

要建立用户等效性,需要在两个节点上以 oracle 用户身份生成用户的公钥和私钥,首先在 node1 执 行 :

[root@node1 opt]# su - oracle

[oracle@node1 ~]$ mkdir ~/.ssh
[oracle@node1 ~]$ chmod 700 ~/.ssh
[oracle@node1 ~]$ ssh-keygen -t rsa

Generating public/private rsa key pair.
Enter file in which to save the key (/home/oracle/.ssh/id_rsa):
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /home/oracle/.ssh/id_rsa.
Your public key has been saved in /home/oracle/.ssh/id_rsa.pub.
The key fingerprint is:
d2:69:eb:ac:86:62:27:50:99:ff:e8:1e:a2:e6:5d:7f oracle@node1
[oracle@node1 ~]$ ssh-keygen -t dsa
Generating public/private dsa key pair.
Enter file in which to save the key (/home/oracle/.ssh/id_dsa):

Enter passphrase (empty for no passphrase):

Enter same passphrase again:
Your identification has been saved in /home/oracle/.ssh/id_dsa.
Your public key has been saved in /home/oracle/.ssh/id_dsa.pub.
The key fingerprint is:
0a:9a:20:46:a2:28:ec:72:23:82:f2:9d:f8:62:9b:d1 oracle@node1
然后换 node2 执行
[root@node2 ~]# ping 192.168.100.102
[root@node2 ~]# ping 10.10.17.222
[root@node2 opt]# su - oracle
[oracle@node2 ~]$ mkdir ~/.ssh
[oracle@node2 ~]$ chmod 700 ~/.ssh
[oracle@node2 ~]$ ssh-keygen -t rsa

Generating public/private rsa key pair.
Enter file in which to save the key (/home/oracle/.ssh/id_rsa):
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /home/oracle/.ssh/id_rsa.
Your public key has been saved in /home/oracle/.ssh/id_rsa.pub.
The key fingerprint is:
dd:be:7a:37:e4:b5:f0:b2:24:95:50:61:ea:a1:61:07 oracle@node2
[oracle@node2 ~]$ ssh-keygen -t dsa
Generating public/private dsa key pair.
Enter file in which to save the key (/home/oracle/.ssh/id_dsa):
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /home/oracle/.ssh/id_dsa.
Your public key has been saved in /home/oracle/.ssh/id_dsa.pub.
The key fingerprint is:
bc:b5:cb:43:c7:19:53:d6:f7:16:69:85:12:7f:aa:be oracle@node2
切换回 node1 ,接着执行:
[oracle@node1 ~]$ cat ~/.ssh/id_rsa.pub >> ~/.ssh/authorized_keys
[oracle@node1 ~]$ cat ~/.ssh/id_dsa.pub >> ~/.ssh/authorized_keys

提示:下列命令会提示你输入 node2 的 oracle 密码,按照提示输入即可,如果失败可重新尝试执行命
令。
[oracle@node1 ~]$ ssh node2 cat ~/.ssh/id_rsa.pub >> ~/.ssh/authorized_keys
The authenticity of host 'node2 (192.168.100.102)' can't be established.
RSA key fingerprint is 92:d1:ce:5b:c8:a1:52:d5:ac:00:5f:48:5d:12:06:e4.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added 'node2,192.168.100.102' (RSA) to the list of known hosts.
oracle@node2's password:
[oracle@node1 ~]$ ssh node2 cat ~/.ssh/id_dsa.pub >> ~/.ssh/authorized_keys

oracle@node2's password:
[oracle@node1 ~]$ scp ~/.ssh/authorized_keys node2:~/.ssh/authorized_keys
oracle@node2's password:
authorized_keys 100% 1992 2.0KB/s 00:00
两机相互执行,看看是否还需要输入密码
[oracle@node1 ~]$ ssh node1 date
[oracle@node1 ~]$ ssh node2 date
[oracle@node1 ~]$ ssh node1-priv date
[oracle@node1 ~]$ ssh node2-priv date
切换至 node2 执行
[oracle@node2 ~]$ ssh node1 date
[oracle@node2 ~]$ ssh node2 date
[oracle@node2 ~]$ ssh node1-priv date
[oracle@node2 ~]$ ssh node2-priv date
提示:
注意命令的返回信息,由于 rac 对节点间时间较敏感,因此如果此处显示节点单时间不一至,建议同
步 ( 一般相隔超过 20 秒就需要同步时间了 ) 。


你可能感兴趣的:(Linux SSH 无密码登录)