This discussion is archived
1 2 Previous Next 16 Replies Latest reply: May 6, 2012 2:18 PM by onedbguru RSS

disbale password prompt for manual SSH setup in Centos 5.7

932792 Newbie
Currently Being Moderated
Hi,

I am trying to set up SSH Manually in Oarcle RAC 11.2 before I run the cluster installer.

I have created the authorizationkeys on RAC 1 and RAC2.
When I try to transfer the keys to a tmp directory in rac2 using scp command, it is asking for rac2s password.

That should not be the case right?

Can someone please tell me how to disable the password check while connecting from rac1 to rac2.

I tried changing sshd_config file but to no avail

However i am able to send the .tmp file sucessfully from rac2 to rac1. when doing that there is no prompt for password.

Could someone help me please?
  • 1. Re: disbale password prompt for manual SSH setup in Centos 5.7
    Levi-Pereira Guru
    Currently Being Moderated
    Hi,

    Follow this steps

    Execute on all nodes
    $ mkdir ~/.ssh
    $ chmod 700 ~/.ssh
    $ /usr/bin/ssh-keygen -t dsa
     
    $ /usr/bin/ssh-keygen -t rsa
     
    At the prompts, accept the default location for the key file (press Enter). 
     
    SSH with passphrase is not supported for Oracle Clusterware 11g release 2 and later releases.
     
    Enter passphrase (empty for no passphrase): [press enter]
    On node 1
    $ cd ~/.ssh
    $ cat id_dsa.pub >> authorized_keys
    $ cat id_rsa.pub >> authorized_keys
    $ ssh oracle@node2 cat ~/.ssh/id_rsa.pub  >> ~/.ssh/authorized_keys
    $ ssh oracle@node2 cat ~/.ssh/id_dsa.pub >> ~/.ssh/authorized_keys
    $ chmod 644 ~/.ssh/authorized_keys
    On node 2:
    $ ssh oracle@node1 cat ~/.ssh/authorized_keys >> ~/.ssh/authorized_key
    $ chmod 644 ~/.ssh/authorized_keys
    Test your configuration using all Hostnames.

    Hope this helps,
    Levi Pereira
  • 2. Re: disbale password prompt for manual SSH setup in Centos 5.7
    932792 Newbie
    Currently Being Moderated
    HI

    I tried as you had mentioned : but after the following step i am getting a prompt for passwd:

    [oracle@falcen6a .ssh]$ cat id_dsa.pub >> authorized_keys
    [oracle@falcen6a .ssh]$ cat id_rsa.pub >> authorized_keys
    [oracle@falcen6a .ssh]$ ssh oracle@rac2 cat ~/.ssh/id_rsa.pub >> ~/.ssh/authorized_keys
    The authenticity of host 'rac2 (192.168.100.219)' can't be established.
    RSA key fingerprint is 08:c1:93:43:34:d4:22:df:4e:47:7c:08:82:45:bb:14.
    Are you sure you want to continue connecting (yes/no)? yes
    Warning: Permanently added 'rac2,192.168.100.219' (RSA) to the list of known hosts.
    oracle@rac2's password:

    Please tell me what to do.
  • 3. Re: disbale password prompt for manual SSH setup in Centos 5.7
    Levi-Pereira Guru
    Currently Being Moderated
    Hi,

    Try remove dir ".ssh" from both nodes and make a clear setup.
    $ rm -rf ~/.ssh
    Levi Pereira
  • 4. Re: disbale password prompt for manual SSH setup in Centos 5.7
    onedbguru Pro
    Currently Being Moderated
    The 11gR2 installer has a button to SETUP the SSH. I think that the pre-req is that you execute ssh-keygen -t rsa on all nodes first. I have manually configured it and would have it working, but then Oracle installer would complain, so I would have it do the setup, then everything would start working.
  • 5. Re: disbale password prompt for manual SSH setup in Centos 5.7
    932792 Newbie
    Currently Being Moderated
    HI Levi Pereira,

    I deleted both the .ssh directory from both the nodes, but I think I messed up something in my settings while I was trying out various options, now it is not even allowing me to transfer the key files from rac2 to rac1.

    this is the output of var/log.

    I googled and tried a number of solutions for " gssapi-with-mic" error. but none seems to be working.


    [oracle@falcen6b .ssh]$ ssh -v rac1
    OpenSSH_4.3p2, OpenSSL 0.9.8e-fips-rhel5 01 Jul 2008
    debug1: Reading configuration data /etc/ssh/ssh_config
    debug1: Applying options for *
    debug1: Connecting to rac1 [192.168.100.218] port 22.
    debug1: Connection established.
    debug1: identity file /home/oracle/.ssh/identity type -1
    debug1: identity file /home/oracle/.ssh/id_rsa type 1
    debug1: identity file /home/oracle/.ssh/id_dsa type 2
    debug1: loaded 3 keys
    debug1: Remote protocol version 2.0, remote software version OpenSSH_4.3
    debug1: match: OpenSSH_4.3 pat OpenSSH*
    debug1: Enabling compatibility mode for protocol 2.0
    debug1: Local version string SSH-2.0-OpenSSH_4.3
    debug1: SSH2_MSG_KEXINIT sent
    debug1: SSH2_MSG_KEXINIT received
    debug1: kex: server->client aes128-ctr hmac-md5 none
    debug1: kex: client->server aes128-ctr hmac-md5 none
    debug1: SSH2_MSG_KEX_DH_GEX_REQUEST(1024<1024<8192) sent
    debug1: expecting SSH2_MSG_KEX_DH_GEX_GROUP
    debug1: SSH2_MSG_KEX_DH_GEX_INIT sent
    debug1: expecting SSH2_MSG_KEX_DH_GEX_REPLY
    debug1: Host 'rac1' is known and matches the RSA host key.
    debug1: Found key in /home/oracle/.ssh/known_hosts:2
    debug1: ssh_rsa_verify: signature correct
    debug1: SSH2_MSG_NEWKEYS sent
    debug1: expecting SSH2_MSG_NEWKEYS
    debug1: SSH2_MSG_NEWKEYS received
    debug1: SSH2_MSG_SERVICE_REQUEST sent
    debug1: SSH2_MSG_SERVICE_ACCEPT received
    debug1: Authentications that can continue: publickey,gssapi-with-mic
    debug1: Next authentication method: gssapi-with-mic
    debug1: Unspecified GSS failure. Minor code may provide more information
    No credentials cache found

    debug1: Unspecified GSS failure. Minor code may provide more information
    No credentials cache found

    debug1: Unspecified GSS failure. Minor code may provide more information
    No credentials cache found

    debug1: Next authentication method: publickey
    debug1: Trying private key: /home/oracle/.ssh/identity
    debug1: Offering public key: /home/oracle/.ssh/id_rsa
    debug1: Authentications that can continue: publickey,gssapi-with-mic
    debug1: Offering public key: /home/oracle/.ssh/id_dsa
    debug1: Authentications that can continue: publickey,gssapi-with-mic
    debug1: No more authentication methods to try.
    Permission denied (publickey,gssapi-with-mic).
    [oracle@falcen6b .ssh]$
    [oracle@falcen6b .ssh]$

    Could you please tell me what I should do next?
  • 6. Re: disbale password prompt for manual SSH setup in Centos 5.7
    932792 Newbie
    Currently Being Moderated
    Hi onedbguru,

    So it is enough if I both the nodes have both the set of keys?

    But now I am not even able to transfer the keys.

    I have posted my error. any sggestions?

    PS - this is the first time I am setting up Oracle RAC and I have no previous experience in Linux.

    I apologise if my questions are too elementary.
  • 7. Re: disbale password prompt for manual SSH setup in Centos 5.7
    onedbguru Pro
    Currently Being Moderated
    The first time you transfer the keys, you will need to provide the password.

    Make sure the directory permissions are correct.

    /home/oracle 770
    /home/oracle/.ssh 600
    /home/oracle/.ssh/authorized_keys 644


    If you are having that many problems, start with a clean slate. On BOTH nodes, mv /home/oracle/.ssh /home/oracle/.ssh.old (preserve the current directory)

    on node1
    ssh-keygen -t rsa
    ssh-keygen -t dsa
    (no it does not hurt to have both types of keys!)

    on node2
    ssh-keygen -t rsa
    ssh-keygen -t dsa
    (no it does not hurt to have both types of keys!)
    cd .ssh
    cat *.pub >> authorized_keys

    on node1
    cd .ssh
    ssh-copy-id -i id_rsa.pub oracle@node2
    password
    ssh-copy-id -i id_dsa.pub oracle@node2
    [should not require password]
    scp oracle@node2:.ssh/authorized_keys $HOME/.ssh


    Once that is complete, for the PUBLIC, SCAN and INTERCONNECT you want to do the following:

    on node1
    ssh <ip-public-address-node1> date
    ssh <hostname-node1> date
    ssh <FQN-hostname-node1> date
    ssh <ip-private-address-node1> date
    ssh <hostname-private-node1> date
    Repeat for node 2 addresses - from node1 - answer yes for each unknown hosts

    copy node1 known hosts to other node

    Edited by: onedbguru on Apr 28, 2012 7:52 PM
  • 8. Re: disbale password prompt for manual SSH setup in Centos 5.7
    932792 Newbie
    Currently Being Moderated
    HI,

    Should this be done while logged in as root or oracle?
  • 9. Re: disbale password prompt for manual SSH setup in Centos 5.7
    932792 Newbie
    Currently Being Moderated
    Hi,

    While logged in as a oracle user, after creating the keys i am getting a permission denied error when I try to change the permission for the .ssh directory.

    I am able to chnge the permission only when i change to root user using the su-root command.

    Is this the right way ?
  • 10. Re: disbale password prompt for manual SSH setup in Centos 5.7
    932792 Newbie
    Currently Being Moderated
    Now my error is :

    open home/oracle/.ssh/id_rsa failed: Permission denied
  • 11. Re: disbale password prompt for manual SSH setup in Centos 5.7
    932792 Newbie
    Currently Being Moderated
    Hi,

    rac1 is not able to access the authorized_keys folder of rac2.

    bash: .ssh/authorized_keys : Permission denied.

    I have set the permission as required.

    Anything else I need to do?
  • 12. Re: disbale password prompt for manual SSH setup in Centos 5.7
    932792 Newbie
    Currently Being Moderated
    Hi onedbguru,

    Now after I enter the password for the first time, I am being prompted for the password the second time also.

    Please could you tell me what I should check?
  • 13. Re: disbale password prompt for manual SSH setup in Centos 5.7
    932792 Newbie
    Currently Being Moderated
    Hi onedbguru,

    I installed a new VM from scratch and followed your steps:

    on node1
    cd .ssh
    ssh-copy-id -i id_rsa.pub oracle@node2
    password
    ssh-copy-id -i id_dsa.pub oracle@node2
    [should not require password]

    If i am getting prompted for the password the second time, is there any config file setting I should change?
    This is what I am getting:

    ssh-copy-id -i id_dsa.pub oracle@rac2
    10
    oracle@rac2`password :
  • 14. Re: disbale password prompt for manual SSH setup in Centos 5.7
    onedbguru Pro
    Currently Being Moderated
    The permissions on the .ssh directories should be:

    700 oracle:dba /home/oracle (oracle user home as defined in /etc/passwd)
    700 oracle:dba /home/oracle/.ssh


    If you mis-configured them, only root can fix them.

    My instructions were to be executed as the oracle user.

    If you can't get it corrected - run the runInstaller - on the page of configuring the hostnames there is a "SETUP SSH" button. Use it.
1 2 Previous Next

Legend

  • Correct Answers - 10 points
  • Helpful Answers - 5 points