Site icon IT Tutorial

How to Setup Passwordless SSH User Equivalence ( (Key-Based Authentication) ) for Cluster Nodes ( Servers )

Hi,

I will explain How to Setup Passwordless SSH User Equivalence ( (Key-Based Authentication) ) for Cluster Nodes ( Servers ) in this post.

 

Normally, If you want to connect to any server from the other server, that server request the password of related user ( root, oracle,grid,weblogic or etc.. ). But sometimes you need to setup passwordless SSH User Equivalence ( (Key-Based Authentication) ) for these servers ( Nodes ).

 

 

 

Especially Cluster Nodes ( Servers ) need passwordless SSH connectivity between each other.

For example; Oracle RAC Cluster nodes must be passwordless SSH User Equivalence ( (Key-Based Authentication) between each nodes. Otherwise you cannot install the Oracle RAC and Grid Infrastructure.

These nodes are always communicating each other, so this communication must be passwordless SSH User Equivalence ( (Key-Based Authentication) ).

 

I will show you how to set up this passwordless communication with an example. In this example; I will set up passwordless SSH User Equivalence for oracle user and between msdbdbadm01, msdbdbadm02 nodes. Thus you and nodes can connect to each other passwordless with Oracle user.

You can do this example for all users ( root, oracle,grid,weblogic or etc..  )

 

Step-1: Firsty backup the .ssh directory under /home/oracle for the first Node.

[oracle@MSDBdbadm01:/home/oracle:> cp -r .ssh/ .ssh_ye/

[oracle@MSDBdbadm01:/home/oracle:> ls -all
total 16
drwxr-xr-x 4 oracle oinstall 256 May 16 15:59 .
drwxr-xr-x 9 bin bin 256 May 15 17:28 ..
-rw------- 1 oracle oinstall 1248 May 16 16:09 .bash_history
-rwxr----- 1 oracle oinstall 254 May 15 17:28 .profile
drwx------ 2 oracle oinstall 256 May 16 16:04 .ssh
drwxr-xr-x 2 oracle oinstall 256 May 16 15:58 .ssh_ye

 

Step-2: Remove the old .ssh directory and create the new one, grant the permission.

[oracle@MSDBdbadm01:/home/oracle:> rm -r .ssh

[oracle@MSDBdbadm01:/home/oracle:> mkdir ~/.ssh
[oracle@MSDBdbadm01:/home/oracle:> chmod 700 .ssh

 

Step-3: Now run the following command to generate RSA public and private key for first node, press Enter for all inputs.

/usr/bin/ssh-keygen -t rsa

 

[oracle@MSDBdbadm01:/home/oracle:> /usr/bin/ssh-keygen -t rsa
Generating public/private rsa key pair.
Enter file in which to save the key (/home/oracle/.ssh/id_rsa): 
Enter passphrase (empty for no passphrase): 
Enter same passphrase again: 
Your identification has been saved in /home/oracle/.ssh/id_rsa.
Your public key has been saved in /home/oracle/.ssh/id_rsa.pub.
The key fingerprint is:
60:79:0f:25:7f:40:83:e9:43:ff:e8:c3:38:91:45:f8 oracle@msdbdbadm01
The key's randomart image is:
+--[ RSA 2048]----+
|        .==      |
|       .=+.o     |
|      +oo+. .    |
|     . oooE.     |
|        S+.o     |
|        o . .    |
|         =       |
|        o +      |
|         . .     |
+-----------------+

 

 

 

Perform the same steps on the Second node.

 

Step-4: Firsty backup the .ssh directory under /home/oracle for the first Node.

[oracle@MSDBdbadm02:/home/oracle:> cp -r .ssh/ .ssh_ye/

[oracle@MSDBdbadm02:/home/oracle:> ls -all
total 16
drwxr-xr-x 4 oracle oinstall 256 May 16 15:59 .
drwxr-xr-x 9 bin bin 256 May 15 17:28 ..
-rw------- 1 oracle oinstall 1248 May 16 16:09 .bash_history
-rwxr----- 1 oracle oinstall 254 May 15 17:28 .profile
drwx------ 2 oracle oinstall 256 May 16 16:04 .ssh
drwxr-xr-x 2 oracle oinstall 256 May 16 15:58 .ssh_ye

 

Step-5: Remove the old .ssh directory and create the new one, grant the permission.

[oracle@MSDBdbadm02:/home/oracle:> rm -r .ssh

[oracle@MSDBdbadm02:/home/oracle:> mkdir ~/.ssh
[oracle@MSDBdbadm02:/home/oracle:> chmod 700 .ssh

 

Step-6: Now run the following command to generate RSA public and private key for second node, press Enter for all inputs.

/usr/bin/ssh-keygen -t rsa

 

[oracle@MSDBdbadm02:/home/oracle:> /usr/bin/ssh-keygen -t rsa
Generating public/private rsa key pair.
Enter file in which to save the key (/home/oracle/.ssh/id_rsa): 
Enter passphrase (empty for no passphrase): 
Enter same passphrase again: 
Your identification has been saved in /home/oracle/.ssh/id_rsa.
Your public key has been saved in /home/oracle/.ssh/id_rsa.pub.
The key fingerprint is:
a0:36:08:6e:1b:84:41:95:5a:cd:52:bd:6c:6c:94:87 oracle@msdbdbadm02
The key's randomart image is:
+--[ RSA 2048]----+
|o...=.. o        |
|.. + o E .       |
|o.o . = o        |
|oo . . B         |
| +. + o S        |
|. o. .           |
| .               |
|                 |
|                 |
+-----------------+

 

Step-7: Now copy the id_rsa.pub file from first node to the second node as /home/oracle/.ssh/authorized_keys as follows.

[oracle@MSDBdbadm01:/home/oracle:> scp id_rsa.pub msdbdbadm02:/home/oracle/.ssh/authorized_keys
The authenticity of host 'msdbdbadm02 (192.168.63.206)' can't be established.
RSA key fingerprint is bd:14:aa:9d:da:ab:0c:ba:fd:d0:26:b2:f4:67:9e:46.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added 'msdbdbadm02,192.168.63.206' (RSA) to the list of known hosts.
oracle@msdbdbadm02's password: 
id_rsa.pub                                                                                        100%  401     0.4KB/s   00:00    
[oracle@MSDBdbadm01:/home/oracle/.ssh:>

 

Step-8: Copy the id_rsa.pub file from second node to the first node as /home/oracle/.ssh/authorized_keys as follows.

[oracle@MSDBdbadm02:/home/oracle/.ssh:> scp id_rsa.pub msdbdbadm01:/home/oracle/.ssh/authorized_keys
The authenticity of host 'msdbdbadm01 (192.168.63.205)' can't be established.
RSA key fingerprint is bd:14:aa:9d:da:ab:0c:ba:fd:d0:26:b2:f4:67:9e:46.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added 'msdbdbadm01,192.168.63.205' (RSA) to the list of known hosts.
oracle@msdbdbadm01's password: 
id_rsa.pub                                                                                        100%  401     0.4KB/s   00:00    
[oracle@MSDBdbadm02:/home/oracle/.ssh:>

 

Step-9: Now append the RSA public key to the authorized_key file on node1 and node2

[oracle@MSDBdbadm01:/home/oracle/.ssh:>cat id_rsa.pub >>authorized_keys

[oracle@MSDBdbadm02:/home/oracle/.ssh:>cat id_rsa.pub >>authorized_keys

 

 

 

Step-10: Now SSH Passwordless communication has been established between msdbdbadm01 and msdbdbadm02. You can test it as follows.

[oracle@MSDBdbadm01:/home/oracle/.ssh:>ssh msdbdbadm02 date
Fri Apr 05 16:15:19 EEST 2020


[oracle@MSDBdbadm02:/home/oracle/.ssh:>ssh msdbdbadm01 date
Fri Apr 05 16:15:26 EEST 2020



oracle:msdbdbadm01:/home/oracle:> ssh msdbdbadm02
Last unsuccessful login: Tue Apr 05 15:48:01 EEST 2020 on ssh from msdbdbadm01.deveci.local
Last login: Tue May 20 14:28:19 EEST 2020 on /dev/pts/0 from msdbdbadm01.deveci.local
*******************************************************************************
*                                                                             *
*                                                                             *
*                                                                             *
*                            Authorized uses only.                            *
*                                                                             *
*                 All activity may be monitored and reported                  *
*                                                                             *
*                                                                             *
*                                                                             *
*                                                                             *
*******************************************************************************
#############################################
 
run setenv select oracle_home or grid_home
 
#############################################

oracle:msdbdbadm02:/home/oracle:> ssh msdbdbadm01
Last unsuccessful login: Tue Apr 05 16:58:31 EEST 2020 on ssh from msdbdbadm02.deveci.local
Last login: Tue May 20 14:34:48 EEST 2020 on /dev/pts/3 from msdbdbadm02.deveci.local
*******************************************************************************
*                                                                             *
*                                                                             *
*                                                                             *
*                            Authorized uses only.                            *
*                                                                             *
*                 All activity may be monitored and reported                  *
*                                                                             *
*                                                                             *
*                                                                             *
*                                                                             *
*******************************************************************************
#############################################
 
run setenv select oracle_home or grid_home
 
#############################################
oracle:msdbdbadm01:/home/oracle:>

 

Passwordless SSH Connectivity for Oracle user between two nodes have been set up.

 

Setup passwordless SSH via sshUserSetup.sh Oracle sh.

There is a “sshUserSetup.sh” file under “sshsetup” directory in the Grid and Database Setup for Oracle 11gR2 and beyond.

Run this sshUserSetup.sh file to set up this passwordless SSH connectivity.

sshUserSetup.sh syntax is as follows.

./sshUserSetup.sh -user <user name> [ -hosts "<space separated hostlist>" | -hostfile <absolute path of cluster configuration file> ] [ -advanced ] [ -verify] [ -exverify ] [ -logfile <desired absolute path of logfile> ] [-confirm] [-shared] [-help] [-usePassphrase] [-noPromptPassphrase]


[oracle@MSDBdbadm01:/home/oracle/media/sshsetup:> ./sshUserSetup.sh -user oracle -hosts "msdbdbadm01 msdbdbadm02" -noPromptPassphrase
The output of this script is also logged into /tmp/sshUserSetup_2020-04-01-20-01-06.log
Hosts are msdbdbadm01 msdbdbadm02
user is oracle
Platform:- Linux
Checking if the remote hosts are reachable
PING msdbdbadm01.localdomain (192.168.63.205) 56(84) bytes of data.
64 bytes from msdbdbadm01.localdomain (192.168.63.205): icmp_seq=1 ttl=64 time=0.018 ms
64 bytes from msdbdbadm01.localdomain (192.168.63.205): icmp_seq=2 ttl=64 time=0.017 ms
64 bytes from msdbdbadm01.localdomain (192.168.63.205): icmp_seq=3 ttl=64 time=0.017 ms
64 bytes from msdbdbadm01.localdomain (192.168.63.205): icmp_seq=4 ttl=64 time=0.019 ms
64 bytes from msdbdbadm01.localdomain (192.168.63.205): icmp_seq=5 ttl=64 time=0.018 ms

--- msdbdbadm01.localdomain ping statistics ---
5 packets transmitted, 5 received, 0% packet loss, time 3999ms
rtt min/avg/max/mdev = 0.017/0.017/0.019/0.004 ms
PING msdbdbadm02.localdomain (192.168.63.206) 56(84) bytes of data.
64 bytes from msdbdbadm02.localdomain (192.168.63.206): icmp_seq=1 ttl=64 time=0.110 ms
64 bytes from msdbdbadm02.localdomain (192.168.63.206): icmp_seq=2 ttl=64 time=0.265 ms
64 bytes from msdbdbadm02.localdomain (192.168.63.206): icmp_seq=3 ttl=64 time=0.254 ms
64 bytes from msdbdbadm02.localdomain (192.168.63.206): icmp_seq=4 ttl=64 time=0.101 ms
64 bytes from msdbdbadm02.localdomain (192.168.63.206): icmp_seq=5 ttl=64 time=0.321 ms

 

Passwordless SSH Connectivity has been established again with sshUserSetup.sh.

 

 

Do you want to learn Linux System Administration for Beginners, then read the following articles.

https://ittutorial.org/linux-administration-tutorial-for-beginners/

 

 

Do you want to learn Oracle Database for Beginners, then read the following articles.

https://ittutorial.org/oracle-database-19c-tutorials-for-beginners/

Exit mobile version