Passwordless Connection between RAC NOdes

Hi Team,

During the add node or  cluster upgradation,rdbms upgradation  or cluster installation or rdbms installation if you want to check any pre-requisites  using runcluvfy.sh script or cluvfy.sh script  it required password less connection between the RAC nodes for same user.

About SSH Keys

SSH keys provide a more secure way of logging into a virtual private server with SSH than using a password alone. While a password can eventually be cracked with a brute force attack, SSH keys are nearly impossible to decipher by brute force alone. Generating a key pair provides you with two long string of characters: a public and a private key. You can place the public key on any server, and then unlock it by connecting to it with a client that already has the private key. When the two match up, the system unlocks without the need for a password. You can increase security even more by protecting the private key with a passphrase.

Step1:  Passwordless connection between RAC NODES or same OS user across Nodes

[root@localhost ~]# 

[root@localhost ~]# su - grid              --DO for all Nodes

[grid@localhost ~]$ pwd

/home/grid

[grid@localhost ~]$ ls -lrt

total 0

[grid@localhost ~]$ cd .ssh

-bash: cd: .ssh: No such file or directory

[grid@localhost ~]$ mkdir .ssh

[grid@localhost ~]$ ls -lart

-rw-r--r-- 1 grid grid  124 Jul 24 11:01 .bashrc

-rw-r--r-- 1 grid grid  176 Jul 24 11:01 .bash_profile

-rw-r--r-- 1 grid grid   33 Jul 24 11:01 .bash_logout

drwxr-xr-x 4 root root 4096 Jul 24 11:01 ..

-rw------- 1 grid grid   17 Jul 24 11:02 .bash_history

drwxrwxr-x 2 grid grid 4096 Jul 24 11:03 .ssh

drwx------ 5 grid grid 4096 Jul 24 11:03 .

[grid@localhost ~]$ 

Note: If password less connection required for two different OS users across nodes then make sure the file perssion

By default drwxrwxr-x 2 grid grid 4096 Jul 24 11:03 .ssh

[grid@localhost ~]$ chmod 700 .ssh

it should be

drwx______ 2 grid grid 4096 Jul 24 11:03 .ssh

Step2:  Generate the SSH KEY

[grid@localhost .ssh]$ ssh-keygen  -t rsa       --Do for all Nodes

Generating public/private rsa key pair.

Enter file in which to save the key (/home/grid/.ssh/id_rsa): 

Enter passphrase (empty for no passphrase): 

Enter same passphrase again: 

Your identification has been saved in /home/grid/.ssh/id_rsa.

Your public key has been saved in /home/grid/.ssh/id_rsa.pub.

The key fingerprint is:

da:b0:2e:46:c1:54:87:ba:ec:ae:88:25:bf:17:f4:ca grid@localhost.localdomain

step3:   COpy the Key

grid@linux01:~$ ssh-copy-id -i grid@Node2   --repeat for all nodes , do from all other nodes else it will be one way no password less.

The authenticity of host 'remotecomputer (66.147.244.84)' can't be established.

RSA key fingerprint is   :  :  :  :  :  :  :  :  :  :  :  :  :  :  :  :.

Are you sure you want to continue connecting (yes/no)? yes

Warning: Permanently added 'remotecomputer,10.20.30.40' (RSA) to the list of known hosts.

grid@remotecomputer's password:

Now try logging into the machine, with "ssh 'grid@remotecomputer.com'", and check in:

~/.ssh/authorized_keys

to make sure we haven't added extra keys that you weren't expecting.

grid@linux01:~$