SSH Connectivity between two nodes (Manual)
In this article we will see how to make SSH connection manually between two nodes.
Node Details :
Node1 : RAC1
Node2 : RAC2
Follow below steps to setup SSH
In Node1 (RAC1) :
Create directory called .ssh and give 755 permissions
|
1 2 |
[oracle@RAC1 ~]$ mkdir ~/.ssh [oracle@RAC1 ~]$ chmod -R 755 ~/.ssh |
Generate public and private keys using following command
|
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 |
[oracle@RAC1 ~]$ /usr/bin/ssh-keygen -t rsa Generating public/private rsa key pair. Enter file in which to save the key (/home/oracle/.ssh/id_rsa): Enter passphrase (empty for no passphrase): Enter same passphrase again: Your identification has been saved in /home/oracle/.ssh/id_rsa. Your public key has been saved in /home/oracle/.ssh/id_rsa.pub. The key fingerprint is: 5e:83:90:da:ef:f8:9d:67:bd:f3:96:e6:3c:d9:9d:93 oracle@RAC1 The key's randomart image is: +--[ RSA 2048]----+ | | | . | | o | | o . . | | . . S o | | o . . | | o . B| | o . .o +E+| | ..o oo +B+| +-----------------+ |
One more command
|
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 |
[oracle@RAC1 ~]$ /usr/bin/ssh-keygen -t dsa Generating public/private dsa key pair. Enter file in which to save the key (/home/oracle/.ssh/id_dsa): Enter passphrase (empty for no passphrase): Enter same passphrase again: Your identification has been saved in /home/oracle/.ssh/id_dsa. Your public key has been saved in /home/oracle/.ssh/id_dsa.pub. The key fingerprint is: 3a:16:6e:40:7e:e4:14:67:dc:fe:e7:eb:9d:f2:99:fe oracle@RAC1 The key's randomart image is: +--[ DSA 1024]----+ | ..o. | | +. . | | . o . | | o + . | | o + S . | | + o . . | | * o | | o . ...+| | .*BE| +-----------------+ |
Now goto .ssh directory and check files
|
1 |
[oracle@RAC1 ~]$ cd .ssh |
|
1 2 3 4 5 |
[oracle@RAC1 .ssh]$ ls -l -rw------- 1 oracle oinstall 668 May 22 15:53 id_dsa -rw-r--r-- 1 oracle oinstall 601 May 22 15:53 id_dsa.pub -rw------- 1 oracle oinstall 1675 May 22 15:53 id_rsa -rw-r--r-- 1 oracle oinstall 393 May 22 15:53 id_rsa.pub |
Here .pub extension files are public keys and remaining will be private keys
Now copy the content of the both public files into authorized_keys file by following below steps
|
1 2 3 |
[oracle@RAC1 .ssh]$ cat id_rsa.pub >RAC1 [oracle@RAC1 .ssh]$ cat id_dsa.pub >>RAC1 [oracle@RAC1 .ssh]$ cat RAC1 >authorized_keys |
In NODE2 (RAC2) :
Create directory called .ssh and give 755 permissions
|
1 2 |
[oracle@RAC2 ~]$ mkdir ~/.ssh [oracle@RAC2 ~]$ chmod -R 755 ~/.ssh |
Generate public and private keys using following command
|
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 |
[oracle@RAC2 ~]$ /usr/bin/ssh-keygen -t rsa Generating public/private rsa key pair. Enter file in which to save the key (/home/oracle/.ssh/id_rsa): Enter passphrase (empty for no passphrase): Enter same passphrase again: Your identification has been saved in /home/oracle/.ssh/id_rsa. Your public key has been saved in /home/oracle/.ssh/id_rsa.pub. The key fingerprint is: 5e:83:90:da:ef:f8:9d:67:bd:f3:96:e6:3c:d9:9d:93 oracle@RAC1 The key's randomart image is: +--[ RSA 2048]----+ | | | . | | o | | o . . | | . . S o | | o . . | | o . B| | o . .o +E+| | ..o oo +B+| +-----------------+ |
One more command
|
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 |
[oracle@RAC2 ~]$ /usr/bin/ssh-keygen -t dsa Generating public/private dsa key pair. Enter file in which to save the key (/home/oracle/.ssh/id_dsa): Enter passphrase (empty for no passphrase): Enter same passphrase again: Your identification has been saved in /home/oracle/.ssh/id_dsa. Your public key has been saved in /home/oracle/.ssh/id_dsa.pub. The key fingerprint is: 3a:16:6e:40:7e:e4:14:67:dc:fe:e7:eb:9d:f2:99:fe oracle@RAC1 The key's randomart image is: +--[ DSA 1024]----+ | ..o. | | +. . | | . o . | | o + . | | o + S . | | + o . . | | * o | | o . ...+| | .*BE| +-----------------+ |
Now goto .ssh directory and check files
|
1 |
[oracle@RAC2 ~]$ cd .ssh |
|
1 2 3 4 5 |
[oracle@RAC2 .ssh]$ ls -l -rw------- 1 oracle oinstall 668 May 22 15:53 id_dsa -rw-r--r-- 1 oracle oinstall 601 May 22 15:53 id_dsa.pub -rw------- 1 oracle oinstall 1675 May 22 15:53 id_rsa -rw-r--r-- 1 oracle oinstall 393 May 22 15:53 id_rsa.pub |
Here .pub extension files are public keys and remaining will be private keys
Now copy the content of the both public files into RAC2 file by following below steps
|
1 2 |
[oracle@RAC2 .ssh]$ cat id_rsa.pub >RAC2 [oracle@RAC2 .ssh]$ cat id_dsa.pub >>RAC2 |
Now do SCP of file RAC2 from this node to RAC1 node
|
1 2 3 4 5 6 7 |
[oracle@RAC2 .ssh]$ scp RAC2 RAC1:/home/oracle/.ssh The authenticity of host 'rac1 (192.168.0.20)' can't be established. RSA key fingerprint is 36:db:29:b6:45:e5:84:bc:25:8f:01:1a:05:8e:15:d7. Are you sure you want to continue connecting (yes/no)? yes Warning: Permanently added 'rac1,192.168.0.20' (RSA) to the list of known hosts. oracle@rac1's password: RAC2 100% 994 1.0KB/s |
In NODE 1 (RAC1):
Check content in authorized_keys file
|
1 2 3 4 5 6 7 8 9 |
[oracle@RAC1 .ssh]$ ls -l total 28 -rw-r--r-- 1 oracle oinstall 994 May 22 15:54 authorized_keys -rw------- 1 oracle oinstall 668 May 22 15:53 id_dsa -rw-r--r-- 1 oracle oinstall 601 May 22 15:53 id_dsa.pub -rw------- 1 oracle oinstall 1675 May 22 15:53 id_rsa -rw-r--r-- 1 oracle oinstall 393 May 22 15:53 id_rsa.pub -rw-r--r-- 1 oracle oinstall 994 May 22 15:54 RAC1 -rw-r--r-- 1 oracle oinstall 994 May 22 16:07 RAC2 |
|
1 2 3 4 5 6 |
[oracle@RAC1 .ssh]$ cat authorized_keys ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEA8ztsTCrt9MgLFxmkKjV3VrqlE3xPpwSDwIoPTpjIPj5wN3YPrZa07sxzqAWVS8scCD5Pti7qI83TNEPQ0KtQMHyF5po+mRqml7rFUD/Gfale32mdl74czkPsDB4nOx7eUfYbxMYAuBBCTYhNCRqoBl40u/ mqqSLVZcJKaFN187BUdZaFrM7eVnQayZbK9VEGVhabaReqHaLLmneZLVy3K3aZk/wgcXLlTOZ4tBhjW9eCKVI/ZfPcpc28rkoRXpV7ikFAy16CEIrxGgolzJFtYGh7IDXyySy6TR1TNsaOF7ph91fQ9Dk8O8y/CGCk4YP8W4npp5zRXZBRa3kIMcxLFw== oracle@RAC1 ssh-dss AAAAB3NzaC1kc3MAAACBAK6kEhk9fbHsiPhpQTrFAWJTpjVW9pNpKoZHHX5u1ixsxkz3I1q9G6QePLYLwp8GypOhmWlUmqRrsyPK/SJULxYEo9fcOvUYwIUcRbRx0aO1Yo9ZuNUNhashs3BPkvP/pEKDZIv+9wwSGB5dzgg10QO/fBR7wI1rtES4V23x/S9nAAAAFQDFAzrpSyrXjI7xwt /DSP/2iGaFUQAAAIAcB7Q8mwBOPYQWN3oJSGSyDkfRZOVdlgDicrqK6ste3+ov9CD/Lu5+K1nkOae6U9F4ok62dkDf1ezxAgGhZWyV9G33LZWJ5cXAEwjp+ldwtrD5yX40fve5i6JXTOP1XjSpPaDzoOCOM+SiQHpCv9YDUr2r6qJ2HepmveFFbcZkBQAAAIBsE65edTbrKuvs5hz197X8KyBklJe /IaJNfcNyVREA5deu0QmY9V6E3NQzZCU3nxwzRY0j7MlBzdHj7OU2BofIiQ9Rb7a9xPIh81NHTP1BVmdeWDvVKJKsWS5n3Kf8DmVzzi6AJjjkN2mIwu0Rfsr37oHXwfEgaNqxcYE96QgadA== oracle@RAC1 |
The authorized_keys file have Public keys of RAC1 Node. we need to maintain both nodes public keys content into authorized_keys file
Now append data from RAC2 file to authorized_keys file
|
1 |
[oracle@RAC1 .ssh]$ cat RAC2 >> authorized_keys |
Now check content in authorized_keys
|
1 2 3 4 5 |
[oracle@RAC1 .ssh]$ cat authorized_keys ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEA8ztsTCrt9MgLFxmkKjV3VrqlE3xPpwSDwIoPTpjIPj5wN3YPrZa07sxzqAWVS8scCD5Pti7qI83TNEPQ0KtQMHyF5po+mRqml7rFUD/Gfale32mdl74czkPsDB4nOx7eUfYbxMYAuBBCTYhNCRqoBl40u/mqqSLVZcJKaFN187BUdZaFrM7eVnQayZbK9VEGVhabaReqHaLLmneZLVy3K3aZk/wgcXLlTOZ4tBhjW9eCKVI/ZfPcpc28rkoRXpV7ikFAy16CEIrxGgolzJFtYGh7IDXyySy6TR1TNsaOF7ph91fQ9Dk8O8y/CGCk4YP8W4npp5zRXZBRa3kIMcxLFw== oracle@RAC1 ssh-dss AAAAB3NzaC1kc3MAAACBAK6kEhk9fbHsiPhpQTrFAWJTpjVW9pNpKoZHHX5u1ixsxkz3I1q9G6QePLYLwp8GypOhmWlUmqRrsyPK/SJULxYEo9fcOvUYwIUcRbRx0aO1Yo9ZuNUNhashs3BPkvP/pEKDZIv+9wwSGB5dzgg10QO/fBR7wI1rtES4V23x/S9nAAAAFQDFAzrpSyrXjI7xwt/DSP/2iGaFUQAAAIAcB7Q8mwBOPYQWN3oJSGSyDkfRZOVdlgDicrqK6ste3+ov9CD/Lu5+K1nkOae6U9F4ok62dkDf1ezxAgGhZWyV9G33LZWJ5cXAEwjp+ldwtrD5yX40fve5i6JXTOP1XjSpPaDzoOCOM+SiQHpCv9YDUr2r6qJ2HepmveFFbcZkBQAAAIBsE65edTbrKuvs5hz197X8KyBklJe/IaJNfcNyVREA5deu0QmY9V6E3NQzZCU3nxwzRY0j7MlBzdHj7OU2BofIiQ9Rb7a9xPIh81NHTP1BVmdeWDvVKJKsWS5n3Kf8DmVzzi6AJjjkN2mIwu0Rfsr37oHXwfEgaNqxcYE96QgadA== oracle@RAC1 ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEAwnRfb2P/lzW83E4Tn6Bd5LDCQvOPl2BTHPpDHs0SJk8EuoJWRmkMyNXp0rNUK4v/TCLYNWGUzmtRz11Ti9gtXA7gMfinD/nBhobyykbQY3uTnaJlEg5v0exqDK71LkXcQaNOiIO0vLUAPa7xplmM5i5GjglsQ9OfhJfJd8k7l4xKSKVTzjr3+NLP9AzhIIKJwbMcPRQqLcXk3w7ie8TV/LETYUNp5mHFzsnL1zIOFuFAyjt8r0ubX8fs9sFtXC7Ilq489mFKcl9H8ZabfzYoW2S2sFt1tRudkHDCcVZwUDKj1Xut3DP1SyNUhOIz65Z0Et2j235eZw1h5ZrPyjrlZQ== oracle@RAC2 ssh-dss AAAAB3NzaC1kc3MAAACBAPm/shppE28+OL5+xxxtdFMeImZjAT9fIixp8cCeiGmTO9yhl+8bGTuq1QuiUEZdx136ZmNp/iIJhCGIXHJNtatn8jgpp6QTGLhH0YwOO9ifeMR8CmPqkOqZPgLag7YwyX9QvoidB7rUtJaCNCdVMh4aAPKq4OPy1sYHnjxLMMtlAAAAFQCfd2j5ZI5yTIifR/RvkJP+PodJNwAAAIBND9gIKBKS6VHONb9/+Cbq68pB8LvO3ViJa2C/vnn6Y26/7rMK2z8y2iadmjuFkYsR0PqhrYZi5O+xBcRxLw+qJdC369kYrO7y7uUYIBCvHP7ju+xIiWOGQbXHcbbDRS5cku9lZJcScJEUTmUObOlpd0xVDVeRVqcWrBY1zXBiKAAAAIEA6dVh2tNjn+SyupLvv99KTNo2gZWj+HsFXG6hv0A4TXQzyDbgnIqH7jw2SKc3AE/WirpLf5Xj60iE4kRjFvka2cFDxst+ksGJVNJdanAJhy68bL9Pn3rwQoo+dXny/nOu4H+9OiRn+GfJrx1Y4hncJm3qjhEDbh9DDue9QP9XebQ= oracle@RAC2 |
Now SCP authorized_keys file from Node1 to Node2
|
1 2 3 4 5 6 7 |
[oracle@RAC1 .ssh]$ scp authorized_keys RAC2:/home/oracle/.ssh The authenticity of host 'rac2 (192.168.0.30)' can't be established. RSA key fingerprint is 36:db:29:b6:45:e5:84:bc:25:8f:01:1a:05:8e:15:d7. Are you sure you want to continue connecting (yes/no)? yes Warning: Permanently added 'rac2,192.168.0.30' (RSA) to the list of known hosts. oracle@rac2's password: authorized_keys 100% 1988 1.9KB/s 00:00 |
In Node2(RAC2):
Check content in authorized_keys file.
|
1 2 3 4 5 |
[oracle@RAC2 .ssh]$ cat authorized_keys ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEA8ztsTCrt9MgLFxmkKjV3VrqlE3xPpwSDwIoPTpjIPj5wN3YPrZa07sxzqAWVS8scCD5Pti7qI83TNEPQ0KtQMHyF5po+mRqml7rFUD/Gfale32mdl74czkPsDB4nOx7eUfYbxMYAuBBCTYhNCRqoBl40u/mqqSLVZcJKaFN187BUdZaFrM7eVnQayZbK9VEGVhabaReqHaLLmneZLVy3K3aZk/wgcXLlTOZ4tBhjW9eCKVI/ZfPcpc28rkoRXpV7ikFAy16CEIrxGgolzJFtYGh7IDXyySy6TR1TNsaOF7ph91fQ9Dk8O8y/CGCk4YP8W4npp5zRXZBRa3kIMcxLFw== oracle@RAC1 ssh-dss AAAAB3NzaC1kc3MAAACBAK6kEhk9fbHsiPhpQTrFAWJTpjVW9pNpKoZHHX5u1ixsxkz3I1q9G6QePLYLwp8GypOhmWlUmqRrsyPK/SJULxYEo9fcOvUYwIUcRbRx0aO1Yo9ZuNUNhashs3BPkvP/pEKDZIv+9wwSGB5dzgg10QO/fBR7wI1rtES4V23x/S9nAAAAFQDFAzrpSyrXjI7xwt/DSP/2iGaFUQAAAIAcB7Q8mwBOPYQWN3oJSGSyDkfRZOVdlgDicrqK6ste3+ov9CD/Lu5+K1nkOae6U9F4ok62dkDf1ezxAgGhZWyV9G33LZWJ5cXAEwjp+ldwtrD5yX40fve5i6JXTOP1XjSpPaDzoOCOM+SiQHpCv9YDUr2r6qJ2HepmveFFbcZkBQAAAIBsE65edTbrKuvs5hz197X8KyBklJe/IaJNfcNyVREA5deu0QmY9V6E3NQzZCU3nxwzRY0j7MlBzdHj7OU2BofIiQ9Rb7a9xPIh81NHTP1BVmdeWDvVKJKsWS5n3Kf8DmVzzi6AJjjkN2mIwu0Rfsr37oHXwfEgaNqxcYE96QgadA== oracle@RAC1 ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEAwnRfb2P/lzW83E4Tn6Bd5LDCQvOPl2BTHPpDHs0SJk8EuoJWRmkMyNXp0rNUK4v/TCLYNWGUzmtRz11Ti9gtXA7gMfinD/nBhobyykbQY3uTnaJlEg5v0exqDK71LkXcQaNOiIO0vLUAPa7xplmM5i5GjglsQ9OfhJfJd8k7l4xKSKVTzjr3+NLP9AzhIIKJwbMcPRQqLcXk3w7ie8TV/LETYUNp5mHFzsnL1zIOFuFAyjt8r0ubX8fs9sFtXC7Ilq489mFKcl9H8ZabfzYoW2S2sFt1tRudkHDCcVZwUDKj1Xut3DP1SyNUhOIz65Z0Et2j235eZw1h5ZrPyjrlZQ== oracle@RAC2 ssh-dss AAAAB3NzaC1kc3MAAACBAPm/shppE28+OL5+xxxtdFMeImZjAT9fIixp8cCeiGmTO9yhl+8bGTuq1QuiUEZdx136ZmNp/iIJhCGIXHJNtatn8jgpp6QTGLhH0YwOO9ifeMR8CmP |
Now check connectivity
|
1 2 3 4 5 |
[oracle@RAC2 .ssh]$ ssh RAC1 enter password for RAC1 : Last login: Wed May 22 15:49:37 2019 from rac1 [oracle@RAC1 ~]$ ssh RAC2 Last login: Wed May 22 15:50:21 2019 from rac2 |
Now password less connection was happening between two nodes.
Only first time it will ask password.
Note: Please test scripts in Non Prod before trying in Production.
Loading...
