From one of rac alert log we got below warning alerts:-
CRS-10051:CVU found following errors with Clusterware setup :
PRVF-4098 : User equivalence not found for node "kumar"
PRVF-4098 : User equivalence not found for node "sunil"
PRVF-4008 : User equivalence unavailable on all the specified nodes
I have two nodes
Node 1: sunil
Node2 : kumar
I am able to ssh in all the ways other than one scenario where its asking password.
[oracle@sunil ]$ ssh kumar
oracle@sunil's password:XXXXXX
Complete the following steps on one of the nodes to create and then distribute the authorized key file. For the purpose of this example, I am using sunil.
From sunil, determine if the authorized key file ~/.ssh/authorized_keys already exists in the .ssh directory of the owner's home directory. In most cases this will not exist since this guide assumes you are working with a new install. If the file doesn't exist, create it now.
[oracle@sunil ~]$ touch ~/.ssh/authorized_keys
[oracle@sunil ~]$ ls -l ~/.ssh
total 8
-rw-r--r-- 1 oracle oinstall 0 Jan 2 15:07 authorized_keys
-rw------- 1 oracle oinstall 668 Jan 2 14:57 id_dsa
-rw-r--r-- 1 oracle oinstall 623 Jan 2 14:57 id_dsa.pub
In the .ssh directory, you should see the id_dsa.pub public key that was created and the blank file authorized_keys.
From sunil, use SCP (Secure Copy) or SFTP (Secure FTP) to copy the public key (~/.ssh/id_dsa.pub) from all nodes to the authorized key file just created (~/.ssh/authorized_keys). Again, this will be done from sunil. You will be prompted for the oracle OS user account password for each node.
[oracle@sunil ~]$ ssh sunil cat ~/.ssh/id_dsa.pub >> ~/.ssh/authorized_keys
The authenticity of host 'sunil (XXX.XXX.1.XXX)' can't be established.
RSA key fingerprint is df:8d:4c:69:53:02:d8:a0:5e:08:be:a9:48:22:5d:dd.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added 'sunil,XXX.XXX.1.XXX' (RSA) to the list of known hosts.
oracle@sunil's password: xxxxx
[oracle@sunil ~]$ ssh kumar cat ~/.ssh/id_dsa.pub >> ~/.ssh/authorized_keys
The authenticity of host 'kumar (XXX.168.1.162)' can't be established.
RSA key fingerprint is 19:43:15:79:ae:ef:88:16:ea:77:03:1e:3f:e8:33:b7.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added 'kumar,XXX.XXX.1.XXX' (RSA) to the list of known hosts.
oracle@kumar's password: xxxxx
The first time you use SSH to connect to a node from a particular system, you will see a message similar to the following:
The authenticity of host 'sunil (XXX.XXX.1.XXX)' can't be established.
RSA key fingerprint is df:8d:4c:69:53:02:d8:a0:5e:08:be:a9:48:22:5d:dd.
Are you sure you want to continue connecting (yes/no)? yes
Enter yes at the prompt to continue. The public hostname will then be added to the known_hosts file in the ~/.ssh directory and you will not see this message again when you connect from this system to the same node.
At this point, we have the DSA public key from every node in the authorized key file (~/.ssh/authorized_keys) on sunil.
[oracle@sunil ~]$ ls -l ~/.ssh
total 16
-rw-r--r-- 1 oracle oinstall 1246 Jan 2 15:13 authorized_keys
-rw------- 1 oracle oinstall 668 Jan 2 14:57 id_dsa
-rw-r--r-- 1 oracle oinstall 623 Jan 2 14:57 id_dsa.pub
-rw-r--r-- 1 oracle oinstall 808 Jan 2 15:13 known_hosts
We now need to copy the authorized key file to the remaining nodes. In this example, the only remaining node is kumar. Use the scp command to copy the authorized key file to all remaining nodes.
[oracle@sunil ~]$ scp ~/.ssh/authorized_keys kumar:.ssh/authorized_keys
oracle@kumar's password: xxxxx
authorized_keys 100% 1246 1.2KB/s 00:00
Change the permission of the authorized key file for each node as follows.
[oracle@sunil ~]$ chmod 600 ~/.ssh/authorized_keys
[oracle@kumar ~]$ chmod 600 ~/.ssh/authorized_keys
Enable SSH User Equivalency
After you have copied the authorized_keys file that contains all public keys to each node, complete the steps in this section to ensure passwordless SSH connectivity between all nodes is configured correctly.
Log in as the oracle OS user account.
[root@sunil ~]# su - oracle
If SSH is configured correctly, you will be able to use the ssh and scp commands without being prompted for a password or pass phrase from the terminal session.
[oracle@sunil ~]$ ssh sunil "date;hostname"
Thu Jan 2 15:26:57 EST 2012
sunil.agniisback.com
[oracle@sunil ~]$ ssh kumar "date;hostname"
Thu Jan 2 15:27:13 EST 2012
kumar.agniisback.com
Perform the same actions above from any remaining nodes (kumar) to ensure they too can access all other nodes without being prompted for a password or pass phrase and get added to the known_hosts file.
[root@kumar ~]# su - oracle
[oracle@kumar ~]$ ssh sunil "date;hostname"
The authenticity of host 'sunil (XXXXXXXXXXXX)' can't be established.
RSA key fingerprint is df:8d:4c:69:53:02:d8:a0:5e:08:be:a9:48:22:5d:dd.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added 'sunil,XXXXXXXXXXXX' (RSA) to the list of known hosts.
Thu Jan 2 15:35:45 EST 2012
sunil.agniisback.com
[oracle@kumar ~]$ ssh sunil "date;hostname"
Thu Jan 2 15:35:56 EST 2012
sunil.agniisback.com
--------------------------------------------------------------------------
[oracle@kumar ~]$ ssh kumar "date;hostname"
The authenticity of host 'kumar (XXXXXXXXXX)' can't be established.
RSA key fingerprint is 19:43:15:79:ae:ef:88:16:ea:77:03:1e:3f:e8:33:b7.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added 'kumar,XXXXXXXXXXXXX' (RSA) to the list of known hosts.
Thu Jan 2 15:37:03 EST 2012
kumar.agniisback.com
[oracle@kumar ~]$ ssh kumar "date;hostname"
Thu Jan 2 15:37:04 EST 2012
kumar.agniisback.com
Disclaimer: If you feel this content related to your content please feel to contact me to remove this information. I am sharing the knowledge with people whoever in the need which is learning daily basis.
No comments:
Post a Comment