SSH 互信配置

在安装RAC的时候，会需要SSH互信配置。11g开始可以在图形界面上设置。10g没有这个功能，需要手工配置。

另外，在mysql的mha搭建的时候，也需要配饰ssh互信配置。

配置ssh互信的步骤，

mkdir ~/.sshchmod 700 ~/.sshssh-keygen -t rsassh-keygen -t dsa -- rsa或dsa其中任意一个cat id_rsa.pub >> authorized_keys -- 所有服务器上的合并成一个 ssh remote_host -- 第一次yes后就可以了ssh-copy-id -i id_rsa.pub mysql@rac02 -- 或者直接这样发送到对方服务器上

--- 节点1

[root@rac01 .ssh]# ssh-keygen -t rsaGenerating public/private rsa key pair.Enter file in which to save the key (/root/.ssh/id_rsa): Enter passphrase (empty for no passphrase): Enter same passphrase again: Your identification has been saved in /root/.ssh/id_rsa.Your public key has been saved in /root/.ssh/id_rsa.pub.The key fingerprint is:72:ef:87:65:43:72:4c:2c:2e:bc:98:8d:6f:cd:5c:f1 root@rac01The key's randomart image is:+--[ RSA 2048]----+| .||. o || . . +|| o o = ||.=So + o ||+oo. = E || . +.= . || o.= . || . ..|+-----------------+[root@rac01 .ssh]#

-- 节点2

[root@rac02 .ssh]# ssh-keygen -t rsaGenerating public/private rsa key pair.Enter file in which to save the key (/root/.ssh/id_rsa): Enter passphrase (empty for no passphrase): Enter same passphrase again: Your identification has been saved in /root/.ssh/id_rsa.Your public key has been saved in /root/.ssh/id_rsa.pub.The key fingerprint is:63:cd:b5:f3:45:86:e7:89:c0:1e:40:cb:b3:bf:cb:b2 root@rac02The key's randomart image is:+--[ RSA 2048]----+| .o || . + . || + +. . +|| o+.o..=.|| S.o.o. .o|| . .. o . || . . || .. . || Eo+. |+-----------------+[root@rac02 .ssh]#

-- 节点3

[root@rac03 .ssh]# ssh-keygen -t rsaGenerating public/private rsa key pair.Enter file in which to save the key (/root/.ssh/id_rsa): Enter passphrase (empty for no passphrase): Enter same passphrase again: Your identification has been saved in /root/.ssh/id_rsa.Your public key has been saved in /root/.ssh/id_rsa.pub.The key fingerprint is:26:65:6c:af:d5:20:47:cc:ea:b9:66:b0:da:ea:8f:16 root@rac03The key's randomart image is:+--[ RSA 2048]----+| o.|| . .o|| *.o|| +.+ o||..S.o . || E .ooo ||. o.. || .o. + || o=+oo |+-----------------+[root@rac03 .ssh]#

-- 将各个节点上生成的id_rsa.pub文件的内容放在authorized_keys文件中

-- 节点1 [root@rac01 .ssh]# cat id_rsa.pub >>authorized_keys[root@rac01 .ssh]# lsauthorized_keys id_rsa id_rsa.pub known_hosts[root@rac01 .ssh]# -- 节点2 [root@rac02 .ssh]# cat id_rsa >>authorized_keys[root@rac02 .ssh]# lsauthorized_keys id_rsa id_rsa.pub[root@rac02 .ssh]# -- 节点3 [root@rac03 .ssh]# cat id_rsa >>authorized_keys[root@rac03 .ssh]# lsauthorized_keys id_rsa id_rsa.pub[root@rac03 .ssh]#

---- 合并各个节点上的authorized_keys内容。注意在vi下编辑，不要more出来粘贴，可能会有空格之类的导致问题，或者cat 命令也可以 。

ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEAwyBQfDO8tMrL0ICvuxOSPWw7GiGTXh0r4ymuZhLlJMrZXLjW+G7dnHF8F4QrUZt+nxKraYuVn/9wmv6382AWiU8lFhrRHBVM6Ji+5loQ9L3wRW2QOgFLYFvlf8/X39J5mSxj9osjKpAffQ+b+cGBAMosRYgdWsYs1QI9s9SHbJrRODrq33aUg2nEi+7WvzQkVKPBte2z8By4ytXoit9jcXdGoI97gaphJEJfTqRzugPoU2TPDUaQjzttKQHOAzVMr3T5HGrQn3zuXCRsqmHarg3DYtzqsXkXVAf2XtcZfytDT98nEVaUj3wSbyBwthkRlusn06dxsQfIp1OdIC1VQw== root@rac01ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEA2pWLc5Djyt/ubMnZRvFNN1L5w6znjYIL3JsOZCHuYE/4OFQe/vg3LbZIhMwHbqFuGFcTfdSkX9JFcZEMEmamX6x3dXzXWOKmBOBewt/0hrmdK5pfoIrMbr/eYipVSS0NPX8Q9j6IxMjXm88q8O7AgtWhGHvV95qRQXg7auP6ocMft0tss/E+lHBEf/0SiXiWlO2YPpRrVplD8AHxt7lt9rOQUJ4OEUAXUpOoQN7wX+GcrfZHq0Kkfa5N6twatVtioh66VzrKfswU03mjGG9/Bsum4Bw40/flDTsD3GhnOOOAWS6qi3sK31gTHSUZKrN/6jpozr8/d56XSDu4+g0jEw== root@rac02ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEApowUexy8xizL9KH/JbCigcPHm9uAF3r1lD/0JvT9ms633x4JKH6SJgFA4XiwNDmckhM09AEoQhvamXenf5wYfWTBCXY1naNah01T0XjAciHb4ZDbEQKZDpp5XrAIzDBFk/qqw9rmf77h5OEC/ljAEEwaiuFSEp1nk1sx+lJngycMbF5Xu6tmDvJCE50es0xvb6v+v92OTg00TlZY3i58EfLQZlA4vkMCDsEJ/KH3MJB64v3Evaq8qkKrU6BPJZ8hd/Oo+/aVkiWU75pmSfFbW0avSZOrvWNlBW+QCGikX8g3X/pHLyVJVIpvKM0rSH5eZmKiAFGRXVj+I+kFlm+hyQ== root@rac03

-- 各个节点上的测试

[root@rac01 .ssh]# ssh rac02Last login: Mon Apr 8 14:25:16 from rac01[root@rac02 ~]# [root@rac01 .ssh]# ssh rac03Last login: Wed Apr 17 15:55:39 from rac01[root@rac03 ~]# -- 节点2 测试[root@rac02 .ssh]# ssh rac01Last login: Mon Apr 8 14:25:57 from rac02[root@rac01 ~]#[root@rac02 .ssh]# ssh rac03Last login: Wed Apr 17 15:56:32 from rac02[root@rac03 ~]#-- 节点3 测试 [root@rac03 .ssh]# ssh rac01Last login: Mon Apr 8 14:26:41 from rac03[root@rac01 ~]# [root@rac03 .ssh]# ssh rac02Last login: Mon Apr 8 14:27:15 from rac03[root@rac02 ~]#

-- 在mysql用户下测试 ，直接使用命令ssh-copy-id命令 ，发送到各个服务器。

[mysql@rac01 ~]$ mkdir ~/.ssh[mysql@rac01 ~]$ chmod 700 ~/.ssh[mysql@rac01 ~]$ssh-keygen -t rsa

[mysql@rac01 .ssh]$ ssh-copy-id -i id_rsa.pub mysql@rac02The authenticity of host 'rac02 (192.168.2.122)' can't be established.RSA key fingerprint is 20:0d:c8:a0:ff:4f:ba:f5:e2:42:65:8a:81:5d:21:a3.Are you sure you want to continue connecting (yes/no)? yesWarning: Permanently added 'rac02,192.168.2.122' (RSA) to the list of known hosts.mysql@rac02's password: Permission denied, please try again.mysql@rac02's password: Now try logging into the machine, with "ssh 'mysql@rac02'", and check in:.ssh/authorized_keysto make sure we haven't added extra keys that you weren't expecting.[mysql@rac01 .ssh]$ ssh-copy-id -i id_rsa.pub mysql@rac03

-- 验证

[mysql@rac03 .ssh]$ ssh rac01[mysql@rac01 ~]$ exitlogoutConnection to rac01 closed.[mysql@rac03 .ssh]$ ssh rac02[mysql@rac02 ~]$ [mysql@rac02 .ssh]$ ssh rac01Last login: Mon Apr 8 14:35:54 from rac03[mysql@rac01 ~]$ exitlogoutConnection to rac01 closed.[mysql@rac02 .ssh]$ ssh rac03[mysql@rac03 ~]$ [mysql@rac01 .ssh]$ ssh rac02Last login: Mon Apr 8 14:36:18 from rac03[mysql@rac02 ~]$ exitlogoutConnection to rac02 closed.[mysql@rac01 .ssh]$ ssh rac03Last login: Wed Apr 17 16:07:05 from rac02[mysql@rac03 ~]$

两种方法都可以。

-- 备注

id_dsa。pub为公钥，id_dsa为私钥。

END