执行过程:
su - grid
cd $ORACLE_HOME/oui/prov/resources/scripts
./sshUserSetup.sh -user oracle -hosts rac2 rac1 -advanced -exverify -confirm
The output of this script is also logged into /tmp/sshUserSetup_2023-12-10-11-34-02.log
Hosts are rac2
user is oracle
Platform:- Linux
Checking if the remote hosts are reachable
PING rac2 (192.168.1.66) 56(84) bytes of data.
64 bytes from rac2 (192.168.1.66): icmp_seq=1 ttl=64 time=2.87 ms
64 bytes from rac2 (192.168.1.66): icmp_seq=2 ttl=64 time=0.845 ms
64 bytes from rac2 (192.168.1.66): icmp_seq=3 ttl=64 time=1.01 ms
64 bytes from rac2 (192.168.1.66): icmp_seq=4 ttl=64 time=1.06 ms
64 bytes from rac2 (192.168.1.66): icmp_seq=5 ttl=64 time=1.15 ms
(这里显示证明两个节点直接可以通讯)
--- rac2 ping statistics ---
5 packets transmitted, 5 received, 0% packet loss, time 4002ms
rtt min/avg/max/mdev = 0.845/1.389/2.872/0.748 ms
Remote host reachability check succeeded.
The following hosts are reachable: rac2.
The following hosts are not reachable: .
All hosts are reachable. Proceeding further...
firsthost rac2
numhosts 1
The script will setup SSH connectivity from the host rac1 to all
the remote hosts. After the script is executed, the user can use SSH to run
commands on the remote hosts or copy files between this host rac1
and the remote hosts without being prompted for passwords or confirmations.
NOTE 1:
As part of the setup procedure, this script will use ssh and scp to copy
files between the local host and the remote hosts. Since the script does not
store passwords, you may be prompted for the passwords during the execution of
the script whenever ssh or scp is invoked.
NOTE 2:
AS PER SSH REQUIREMENTS, THIS SCRIPT WILL SECURE THE USER HOME DIRECTORY
AND THE .ssh DIRECTORY BY REVOKING GROUP AND WORLD WRITE PRIVILEDGES TO THESE
directories.
Do you want to continue and let the script make the above mentioned changes (yes/no)?
Confirmation provided on the command line
The user chose yes
Please specify if you want to specify a passphrase for the private key this script will create for the local host. Passphrase is used to encrypt the private key and makes SSH much more secure. Type 'yes' or 'no' and then press enter. In case you press 'yes', you would need to enter the passphrase whenever the script executes ssh or scp.
The estimated number of times the user would be prompted for a passphrase is 2. In addition, if the private-public files are also newly created, the user would have to specify the passphrase on one additional occasion.
Enter 'yes' or 'no'.
这里如果选择“yes”的话,会让你创建密码,这样,在以后每次进行ssh通讯的时候都要执行密码,那配置的意义也就不存在了。
(请指定是否要为此脚本为本地主机创建的私钥指定密码。 密码用于加密私钥,使SSH更安全。 键入“yes”或“no”,然后按Enter键。 如果你按“是”,你将需要在脚本执行ssh或scp时输入密码。
用户将被提示输入密码短语的估计次数是2.此外,如果私人 - 公共文件也是新创建的,用户将必须在一个附加场合指定密码短语。
输入“是”或“否”。)
no
The user chose no
The files containing the client public and private keys already exist on the local host. The current private key may have a passphrase associated with it. In case you find using passphrase inconvenient(although it is more secure), you can change to it empty through this script. Press 'change' if you want the script to change the passphrase for you. Press 'no' if you want to use your old passphrase, if you had one.
如果你修改了密码,就确认选择“yes”,这里应该都可以。
yes
The user chose yes
Creating .ssh directory on local host, if not present already
Creating authorized_keys file on local host
Changing permissions on authorized_keys to 644 on local host
Creating known_hosts file on local host
Changing permissions on known_hosts to 644 on local host
Creating config file on local host
If a config file exists already at /home/oracle/.ssh/config, it would be backed up to /home/oracle/.ssh/config.backup.
Removing old private/public keys on local host
Running SSH keygen on local host
Enter passphrase (empty for no passphrase): 回车
Enter same passphrase again: 回车
Generating public/private rsa key pair.
Your identification has been saved in /home/oracle/.ssh/id_rsa.
Your public key has been saved in /home/oracle/.ssh/id_rsa.pub.
The key fingerprint is:
b7:61:9d:9c:ee:07:dc:fb:36:2b:62:65:cf:bf:c9:73 oracle@rac1
Creating .ssh directory and setting permissions on remote host rac2
THE SCRIPT WOULD ALSO BE REVOKING WRITE PERMISSIONS FOR group AND others ON THE HOME DIRECTORY FOR oracle. THIS IS AN SSH REQUIREMENT.
The script would create ~oracle/.ssh/config file on remote host rac2. If a config file exists already at ~oracle/.ssh/config, it would be backed up to ~oracle/.ssh/config.backup.
The user may be prompted for a password here since the script would be running SSH on host rac2.
Warning: Permanently added 'rac2,192.168.1.66' (RSA) to the list of known hosts.
oracle@rac2's password: (输入rac2的密码)
Done with creating .ssh directory and setting permissions on remote host rac2.
Copying local host public key to the remote host rac2
The user may be prompted for a password or passphrase here since the script would be using SCP for host rac2.
oracle@rac2's password: (再次输入rac2的密码)
Done copying local host public key to the remote host rac2
Creating keys on remote host rac2 if they do not exist already. This is required to setup SSH on host rac2.
Updating authorized_keys file on remote host rac2
Updating known_hosts file on remote host rac2
SSH setup is complete.
|