SSH setup for Oracle RAC

Configuring SSH on Cluster Member Nodes

To configure SSH, you must first create RSA and DSA keys on each cluster node, and then copy the keys from all cluster node members into an authorized keys file on each node.

1. Log in as the oracle user.

2.Create the .ssh directory and set permissions

$ mkdir ~/.ssh
$ chmod 700 ~/.ssh

3. Enter the following commands to generate an RSA key for version 2 of the SSH protocol:

$ /usr/bin/ssh-keygen -t rsa

Press return 3 times to accept all defaults (including blank password)

4. Enter the following commands to generate a DSA key for version 2 of the SSH protocol:

$ /usr/bin/ssh-keygen -t dsa

Add keys to an authorized key file:

$ cat id_dsa.pub >> authorized_keys
$ cat id_rsa.pub >> authorized_keys
$ chmod 600 authorized_keys

Copy to next node

$ ssh node2 mkdir /export/home/oracle/.ssh (enter oracle password)
$ scp authorized_keys node2:/export/home/oracle/.ssh/ (enter oracle password)

Test primary node to second node

$ ssh node2 date (should not prompt for password)

Repeat from second node

$ ssh node2
$ cd .ssh
$ /usr/bin/ssh-keygen -t dsa
$ /usr/bin/ssh-keygen -t rsa
$ cat id_dsa.pub >> authorized_keys
$ cat id_rsa.pub >> authorized_keys
$ chmod 600 authorized_keys
$ scp authorized_keys node1:/export/home/oracle/.ssh/

Test from secondary node

$ ssh node1 date (should not prompt for password)

Login as oracle and run the following on both nodes:-

$ exec /usr/bin/ssh-agent $SHELL
$ /usr/bin/ssh-add

NOTE : run ssh to all node interface names including their own hostnames to remove the yes/no initial connection prompt.

Advertisements
This entry was posted in Oracle Cluster Ready Services, Oracle Real Application Cluster and tagged . Bookmark the permalink.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s