Friday, July 24, 2015

Passwordless Connection between RAC NOdes

Hi Team,

During the add node or  cluster upgradation,rdbms upgradation  or cluster installation or rdbms installation if you want to check any pre-requisites  using runcluvfy.sh script or cluvfy.sh script  it required password less connection between the RAC nodes for same user.

About SSH Keys

SSH keys provide a more secure way of logging into a virtual private server with SSH than using a password alone. While a password can eventually be cracked with a brute force attack, SSH keys are nearly impossible to decipher by brute force alone. Generating a key pair provides you with two long string of characters: a public and a private key. You can place the public key on any server, and then unlock it by connecting to it with a client that already has the private key. When the two match up, the system unlocks without the need for a password. You can increase security even more by protecting the private key with a passphrase.
Step1:  Passwordless connection between RAC NODES or same OS user across Nodes
[root@localhost ~]# 
[root@localhost ~]# su - grid              --DO for all Nodes
[grid@localhost ~]$ pwd
/home/grid
[grid@localhost ~]$ ls -lrt
total 0
[grid@localhost ~]$ cd .ssh
-bash: cd: .ssh: No such file or directory
[grid@localhost ~]$ mkdir .ssh
[grid@localhost ~]$ ls -lart
-rw-r--r-- 1 grid grid  124 Jul 24 11:01 .bashrc
-rw-r--r-- 1 grid grid  176 Jul 24 11:01 .bash_profile
-rw-r--r-- 1 grid grid   33 Jul 24 11:01 .bash_logout
drwxr-xr-x 4 root root 4096 Jul 24 11:01 ..
-rw------- 1 grid grid   17 Jul 24 11:02 .bash_history
drwxrwxr-x 2 grid grid 4096 Jul 24 11:03 .ssh
drwx------ 5 grid grid 4096 Jul 24 11:03 .
[grid@localhost ~]$ 

Note: If password less connection required for two different OS users across nodes then make sure the file perssion
By default drwxrwxr-x 2 grid grid 4096 Jul 24 11:03 .ssh
[grid@localhost ~]$ chmod 700 .ssh
it should be
drwx______ 2 grid grid 4096 Jul 24 11:03 .ssh

Step2:  Generate the SSH KEY
[grid@localhost .ssh]$ ssh-keygen  -t rsa       --Do for all Nodes
Generating public/private rsa key pair.
Enter file in which to save the key (/home/grid/.ssh/id_rsa): 
Enter passphrase (empty for no passphrase): 
Enter same passphrase again: 
Your identification has been saved in /home/grid/.ssh/id_rsa.
Your public key has been saved in /home/grid/.ssh/id_rsa.pub.
The key fingerprint is:
da:b0:2e:46:c1:54:87:ba:ec:ae:88:25:bf:17:f4:ca grid@localhost.localdomain

step3:   COpy the Key
grid@linux01:~$ ssh-copy-id -i grid@Node2   --repeat for all nodes , do from all other nodes else it will be one way no password less.
The authenticity of host 'remotecomputer (66.147.244.84)' can't be established.
RSA key fingerprint is   :  :  :  :  :  :  :  :  :  :  :  :  :  :  :  :.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added 'remotecomputer,10.20.30.40' (RSA) to the list of known hosts.
grid@remotecomputer's password:
Now try logging into the machine, with "ssh 'grid@remotecomputer.com'", and check in:
~/.ssh/authorized_keys
to make sure we haven't added extra keys that you weren't expecting.
grid@linux01:~$

No comments:

Post a Comment

Share your knowledge it really improves, don't show off...