How To Configure SSH for a RAC Installation /Oracle user equalance

To configure SSH you need to perform the following steps on each node in the cluster.

$ cd $HOME
$ mkdir .ssh
$ chmod 700 .ssh 
$ cd .ssh
$ ssh-keygen -t rsa

Now accept the default location for the key file
Enter and confirm a passphrase. (you can also press enter twice).

$ ssh-keygen -t dsa

Now accept the default location for the key file
Enter and confirm a passphrase. (you can also press enter twice).

$ cat *.pub >> authorized_keys.<nodeX> (nodeX could be the nodename to differentiate files later)

Now do the same steps on the other nodes in the cluster.

When all those steps are done on the other nodes, start to copy the authorized_keys.<nodeX> to all the nodes into $HOME/.ssh/

For example if you have 4 nodes you will have after the copy in the .ssh 4 files with the name authorized_keys.<nodeX>
Then on EACH node continue the configuration of SSH by doing the following:

$ cd $HOME/.ssh
$ cat *.node* >> authorized_keys
$ chmod 600 authorized_keys

like

[oracle@node1 .ssh]$ ls -rtl authorized_keys*
-rwx------ 1 oracle oinstall 1018 Oct 29 22:43 authorized_keys-node1
-rwx------ 1 oracle oinstall 1018 Oct 29 22:43 authorized_keys-node2
-rwx------ 1 oracle oinstall 2036 Oct 29 22:44 authorized_keys
[oracle@node1 .ssh]$

NOTE: ALL public keys must appear in ALL authorized_keys files, INCLUDING the LOCAL public key for each node.

To test that everything is working correct now execute the commands

$ ssh <hostnameX> date

So on example in a 4 node environment:

$ ssh node1 date
$ ssh node2 date
$ ssh node3 date
$ ssh node4 date

Repeat this 4 times on each node, including ssh back to the node itself. The nodeX is the hostname of the node.

The first time you will be asked to add the node to a file called ‘known_hosts’ this is correct and answer the question with ‘yes’. After that when correctly configured you must be able to get the date returned and you will not be prompted for a password.

Note: the above will work if during RSA and DSA configuration no password was provided. If you provide a password then you need to do 2 addition steps.

$ exec /usr/bin/ssh-agent $SHELL
$ /usr/bin/ssh-add

These statements will inform the ssh agent to add the keys to the shell used. So when a new shell is started you need to repeat the last to statements to make sure ssh is working properly.

ssh will not allow passwordless access if permissions on the home directory of the account you are using  allow write access for everyone.

You will also see permission denied error when the permissions on $HOME are 777 or 775

Advertisements

About Sher khan

Senior Oracle DBA, Oracle 10g , Oracle 11g OCE ,Oracle 12C and Oracle 11g OPN certified Specialist, OCP Certified in Oracle 9i,10g , 11g and 12C. I am working in Oracle technology since 2004. Currently working in U.A.E Email: sher487@hotmail.com
This entry was posted in Oracle RAC. Bookmark the permalink.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s