Configuring SSH on Cluster Member Nodes
To configure SSH, you must first create RSA and DSA keys on each cluster node, and then copy the keys from all cluster node members into an authorized keys file on each node. Note that the SSH files must be readable only by root and by the oracle user. SSH ignores a private key file if it is accessible by others
To configure SSH, complete the following steps:
Create RSA and DSA keys on each node:
Complete the following steps on each node:
1.Log in as the oracle user.
2.If necessary, create the .ssh directory in the oracle user's home directory and set the correct permissions on it:
$ mkdir ~/.ssh
$ chmod 700 ~/.ssh
$ chmod 700
3.Enter the following commands to generate an RSA key for version 2 of the SSH protocol:
$ /usr/bin/ssh-keygen -t rsa
At the prompts:
◦Accept the default location for the key file.
◦Enter and confirm a pass phrase that is different from the oracle user's password.
This command writes the public key to the ~/.ssh/id_rsa.pub file and the private key to the ~/.ssh/id_rsa file. Never distribute the private key to anyone.
4.Enter the following commands to generate a DSA key for version 2 of the SSH protocol:
$ /usr/bin/ssh-keygen -t dsa
At the prompts:
◦Accept the default location for the key file
◦Enter and confirm a pass phrase that is different from the oracle user's password
This command writes the public key to the ~/.ssh/id_dsa.pub file and the private key to the ~/.ssh/id_dsa file. Never distribute the private key to anyone.
Add keys to an authorized key file:
Complete the following steps:
1.On the local node, determine if you have an authorized key file (~/.ssh/authorized_keys). If the authorized key file already exists, then proceed to step 2. Otherwise, enter the following commands:
$ touch ~/.ssh/authorized_keys
$ cd ~/.ssh
$ ls
You should see the id_dsa.pub and id_rsa.pub keys that you have created.
2.Using SSH, copy the contents of the ~/.ssh/id_rsa.pub and ~/.ssh/id_dsa.pub files to the file ~/.ssh/authorized_keys, and provide the oracle user password as prompted. This process is illustrated in the following syntax example with a two-node cluster, with nodes node1 and node2, where the oracle user path is /home/oracle:
[oracle@node1 .ssh]$ ssh node1 cat /home/oracle/.ssh/id_rsa.pub >> authorized_keys
oracle@node1's password:
[oracle@node1 .ssh]$ ssh node1 cat /home/oracle/.ssh/id_dsa.pub >> authorized_keys
[oracle@node1 .ssh$ ssh node2 cat /home/oracle/.ssh/id_rsa.pub >> authorized_keys
oracle@node2's password:
[oracle@node1 .ssh$ ssh node2 cat /home/oracle/.ssh/id_dsa.pub >>authorized_keys
oracle@node2's password:
Note:
Repeat this process for each node in the cluster.3.Use SCP (Secure Copy) or SFTP (Secure FTP) to copy the authorized_keys file to the oracle user .ssh directory on a remote node. The following example is with SCP, on a node called node2, where the oracle user path is /home/oracle:
[oracle@node1 .ssh]scp authorized_keys node2:/home/oracle/.ssh/
4.Repeat step 2 and 3 for each cluster node member. When you have added keys from each cluster node member to the authorized_keys file on the last node you want to have as a cluster node member, then use SCP to copy the complete authorized_keys file back to each cluster node member
Note:
the oracle user's /.ssh/authorized_keys file on every node must contain the contents from all of the /.ssh/id_rsa.pub and /.ssh/id_dsa.pub files that you generated on all cluster nodes.5.Change the permissions on the oracle user's /.ssh/authorized_keys file on all cluster nodes:
$ chmod 600 ~/.ssh/authorized_keys
At this point, if you use ssh to log in to or run a command on another node, you are prompted for the pass phrase that you specified when you created the DSA key.
To configure SSH, complete the following steps:
Create RSA and DSA keys on each node:
Complete the following steps on each node:
1.Log in as the oracle user.
2.If necessary, create the .ssh directory in the oracle user's home directory and set the correct permissions on it:
$ mkdir ~/.ssh
$ chmod 700 ~/.ssh
$ chmod 700
3.Enter the following commands to generate an RSA key for version 2 of the SSH protocol:
$ /usr/bin/ssh-keygen -t rsa
At the prompts:
◦Accept the default location for the key file.
◦Enter and confirm a pass phrase that is different from the oracle user's password.
This command writes the public key to the ~/.ssh/id_rsa.pub file and the private key to the ~/.ssh/id_rsa file. Never distribute the private key to anyone.
4.Enter the following commands to generate a DSA key for version 2 of the SSH protocol:
$ /usr/bin/ssh-keygen -t dsa
At the prompts:
◦Accept the default location for the key file
◦Enter and confirm a pass phrase that is different from the oracle user's password
This command writes the public key to the ~/.ssh/id_dsa.pub file and the private key to the ~/.ssh/id_dsa file. Never distribute the private key to anyone.
Add keys to an authorized key file:
Complete the following steps:
1.On the local node, determine if you have an authorized key file (~/.ssh/authorized_keys). If the authorized key file already exists, then proceed to step 2. Otherwise, enter the following commands:
$ touch ~/.ssh/authorized_keys
$ cd ~/.ssh
$ ls
You should see the id_dsa.pub and id_rsa.pub keys that you have created.
2.Using SSH, copy the contents of the ~/.ssh/id_rsa.pub and ~/.ssh/id_dsa.pub files to the file ~/.ssh/authorized_keys, and provide the oracle user password as prompted. This process is illustrated in the following syntax example with a two-node cluster, with nodes node1 and node2, where the oracle user path is /home/oracle:
[oracle@node1 .ssh]$ ssh node1 cat /home/oracle/.ssh/id_rsa.pub >> authorized_keys
oracle@node1's password:
[oracle@node1 .ssh]$ ssh node1 cat /home/oracle/.ssh/id_dsa.pub >> authorized_keys
[oracle@node1 .ssh$ ssh node2 cat /home/oracle/.ssh/id_rsa.pub >> authorized_keys
oracle@node2's password:
[oracle@node1 .ssh$ ssh node2 cat /home/oracle/.ssh/id_dsa.pub >>authorized_keys
oracle@node2's password:
Note:
Repeat this process for each node in the cluster.3.Use SCP (Secure Copy) or SFTP (Secure FTP) to copy the authorized_keys file to the oracle user .ssh directory on a remote node. The following example is with SCP, on a node called node2, where the oracle user path is /home/oracle:
[oracle@node1 .ssh]scp authorized_keys node2:/home/oracle/.ssh/
4.Repeat step 2 and 3 for each cluster node member. When you have added keys from each cluster node member to the authorized_keys file on the last node you want to have as a cluster node member, then use SCP to copy the complete authorized_keys file back to each cluster node member
Note:
the oracle user's /.ssh/authorized_keys file on every node must contain the contents from all of the /.ssh/id_rsa.pub and /.ssh/id_dsa.pub files that you generated on all cluster nodes.5.Change the permissions on the oracle user's /.ssh/authorized_keys file on all cluster nodes:
$ chmod 600 ~/.ssh/authorized_keys
At this point, if you use ssh to log in to or run a command on another node, you are prompted for the pass phrase that you specified when you created the DSA key.
Comments
Post a Comment