概述
在安装RAC的时候,会需要SSH互信配置。11g开始可以在图形界面上设置。10g没有这个功能,需要手工配置。
另外,在mysql的mha搭建的时候,也需要配饰ssh互信配置。
配置ssh互信的步骤,
mkdir ~/.ssh
chmod 700 ~/.ssh
ssh-keygen -t rsa
ssh-keygen -t dsa -- rsa或dsa其中任意一个
cat id_rsa.pub >> authorized_keys -- 所有服务器上的合并成一个
ssh remote_host -- 第一次yes后就可以了
ssh-copy-id -i id_rsa.pub mysql@rac02 -- 或者直接这样发送到对方服务器上--- 节点1
[root@rac01 .ssh]# ssh-keygen -t rsa
Generating public/private rsa key pair.
Enter file in which to save the key (/root/.ssh/id_rsa):
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /root/.ssh/id_rsa.
Your public key has been saved in /root/.ssh/id_rsa.pub.
The key fingerprint is:
72:ef:87:65:43:72:4c:2c:2e:bc:98:8d:6f:cd:5c:f1 root@rac01
The key's randomart image is:
+--[ RSA 2048]----+
| . |
| . o |
| . . + |
| o o = |
| .=So + o |
| +oo. = E |
| . +.= . |
| o.= . |
| . .. |
+-----------------+
[root@rac01 .ssh]# -- 节点2
[root@rac02 .ssh]# ssh-keygen -t rsa
Generating public/private rsa key pair.
Enter file in which to save the key (/root/.ssh/id_rsa):
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /root/.ssh/id_rsa.
Your public key has been saved in /root/.ssh/id_rsa.pub.
The key fingerprint is:
63:cd:b5:f3:45:86:e7:89:c0:1e:40:cb:b3:bf:cb:b2 root@rac02
The key's randomart image is:
+--[ RSA 2048]----+
| .o |
| . + . |
| + +. . +|
| o+.o..=.|
| S.o.o. .o|
| . .. o . |
| . . |
| .. . |
| Eo+. |
+-----------------+
[root@rac02 .ssh]# -- 节点3
[root@rac03 .ssh]# ssh-keygen -t rsa
Generating public/private rsa key pair.
Enter file in which to save the key (/root/.ssh/id_rsa):
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /root/.ssh/id_rsa.
Your public key has been saved in /root/.ssh/id_rsa.pub.
The key fingerprint is:
26:65:6c:af:d5:20:47:cc:ea:b9:66:b0:da:ea:8f:16 root@rac03
The key's randomart image is:
+--[ RSA 2048]----+
| o. |
| . .o |
| *.o |
| +.+ o |
| ..S.o . |
| E .ooo |
| . o.. |
| .o. + |
| o=+oo |
+-----------------+
[root@rac03 .ssh]# -- 将各个节点上生成的id_rsa.pub文件的内容放在authorized_keys文件中
-- 节点1
[root@rac01 .ssh]# cat id_rsa.pub >>authorized_keys
[root@rac01 .ssh]# ls
authorized_keys id_rsa id_rsa.pub known_hosts
[root@rac01 .ssh]#
-- 节点2
[root@rac02 .ssh]# cat id_rsa >>authorized_keys
[root@rac02 .ssh]# ls
authorized_keys id_rsa id_rsa.pub
[root@rac02 .ssh]#
-- 节点3
[root@rac03 .ssh]# cat id_rsa >>authorized_keys
[root@rac03 .ssh]# ls
authorized_keys id_rsa id_rsa.pub
[root@rac03 .ssh]# ---- 合并各个节点上的authorized_keys内容。注意在vi下编辑,不要more出来粘贴,可能会有空格之类的导致问题,或者cat 命令也可以 。
ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEAwyBQfDO8tMrL0ICvuxOSPWw7GiGTXh0r4ymuZhLlJMrZXLjW+G7dnHF8F4
QrUZt+nxKraYuVn/9wmv6382AWiU8lFhrRHBVM6Ji+5loQ9L3wRW2QOgFLYFvlf8/X39J5mSxj9osjKpAffQ+b+cGBAMos
RYgdWsYs1QI9s9SHbJrRODrq33aUg2nEi+7WvzQkVKPBte2z8By4ytXoit9jcXdGoI97gaphJEJfTqRzugPoU2TPDUaQjz
ttKQHOAzVMr3T5HGrQn3zuXCRsqmHarg3DYtzqsXkXVAf2XtcZfytDT98nEVaUj3wSbyBwthkRlusn06dxsQfIp1OdIC1V
Qw== root@rac01
ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEA2pWLc5Djyt/ubMnZRvFNN1L5w6znjYIL3JsOZCHuYE/4OFQe/vg3LbZIhM
wHbqFuGFcTfdSkX9JFcZEMEmamX6x3dXzXWOKmBOBewt/0hrmdK5pfoIrMbr/eYipVSS0NPX8Q9j6IxMjXm88q8O7AgtWh
GHvV95qRQXg7auP6ocMft0tss/E+lHBEf/0SiXiWlO2YPpRrVplD8AHxt7lt9rOQUJ4OEUAXUpOoQN7wX+GcrfZHq0Kkfa
5N6twatVtioh66VzrKfswU03mjGG9/Bsum4Bw40/flDTsD3GhnOOOAWS6qi3sK31gTHSUZKrN/6jpozr8/d56XSDu4+g0j
Ew== root@rac02
ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEApowUexy8xizL9KH/JbCigcPHm9uAF3r1lD/0JvT9ms633x4JKH6SJgFA4X
iwNDmckhM09AEoQhvamXenf5wYfWTBCXY1naNah01T0XjAciHb4ZDbEQKZDpp5XrAIzDBFk/qqw9rmf77h5OEC/ljAEEwa
iuFSEp1nk1sx+lJngycMbF5Xu6tmDvJCE50es0xvb6v+v92OTg00TlZY3i58EfLQZlA4vkMCDsEJ/KH3MJB64v3Evaq8qk
KrU6BPJZ8hd/Oo+/aVkiWU75pmSfFbW0avSZOrvWNlBW+QCGikX8g3X/pHLyVJVIpvKM0rSH5eZmKiAFGRXVj+I+kFlm+h
yQ== root@rac03-- 各个节点上的测试
[root@rac01 .ssh]# ssh rac02
Last login: Mon Apr 8 14:25:16 2019 from rac01
[root@rac02 ~]#
[root@rac01 .ssh]# ssh rac03
Last login: Wed Apr 17 15:55:39 2019 from rac01
[root@rac03 ~]#
-- 节点2 测试
[root@rac02 .ssh]# ssh rac01
Last login: Mon Apr 8 14:25:57 2019 from rac02
[root@rac01 ~]#
[root@rac02 .ssh]# ssh rac03
Last login: Wed Apr 17 15:56:32 2019 from rac02
[root@rac03 ~]#
-- 节点3 测试
[root@rac03 .ssh]# ssh rac01
Last login: Mon Apr 8 14:26:41 2019 from rac03
[root@rac01 ~]#
[root@rac03 .ssh]# ssh rac02
Last login: Mon Apr 8 14:27:15 2019 from rac03
[root@rac02 ~]#-- 在mysql用户下测试 ,直接使用命令ssh-copy-id命令 ,发送到各个服务器。
[mysql@rac01 ~]$ mkdir ~/.ssh
[mysql@rac01 ~]$ chmod 700 ~/.ssh
[mysql@rac01 ~]$
ssh-keygen -t rsa[mysql@rac01 .ssh]$ ssh-copy-id -i id_rsa.pub mysql@rac02
The authenticity of host 'rac02 (192.168.2.122)' can't be established.
RSA key fingerprint is 20:0d:c8:a0:ff:4f:ba:f5:e2:42:65:8a:81:5d:21:a3.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added 'rac02,192.168.2.122' (RSA) to the list of known hosts.
mysql@rac02's password:
Permission denied, please try again.
mysql@rac02's password:
Now try logging into the machine, with "ssh 'mysql@rac02'", and check in:
.ssh/authorized_keys
to make sure we haven't added extra keys that you weren't expecting.
[mysql@rac01 .ssh]$
ssh-copy-id -i id_rsa.pub mysql@rac03-- 验证
[mysql@rac03 .ssh]$ ssh rac01
[mysql@rac01 ~]$ exit
logout
Connection to rac01 closed.
[mysql@rac03 .ssh]$ ssh rac02
[mysql@rac02 ~]$
[mysql@rac02 .ssh]$ ssh rac01
Last login: Mon Apr 8 14:35:54 2019 from rac03
[mysql@rac01 ~]$ exit
logout
Connection to rac01 closed.
[mysql@rac02 .ssh]$ ssh rac03
[mysql@rac03 ~]$
[mysql@rac01 .ssh]$ ssh rac02
Last login: Mon Apr 8 14:36:18 2019 from rac03
[mysql@rac02 ~]$ exit
logout
Connection to rac02 closed.
[mysql@rac01 .ssh]$ ssh rac03
Last login: Wed Apr 17 16:07:05 2019 from rac02
[mysql@rac03 ~]$
两种方法都可以。
-- 备注
id_dsa。pub为公钥,id_dsa为私钥。
END
最后
以上就是开放小兔子为你收集整理的SSH 互信配置的全部内容,希望文章能够帮你解决SSH 互信配置所遇到的程序开发问题。
如果觉得靠谱客网站的内容还不错,欢迎将靠谱客网站推荐给程序员好友。
本图文内容来源于网友提供,作为学习参考使用,或来自网络收集整理,版权属于原作者所有。
发表评论 取消回复