在AIX环境下构建主机信任关系首选rsh,但在构建Oracle 11g RAC时需要ssh支持,以下文档介绍如何在AIX6.1下构建ssh的信任关系。
默认aix没有安装ssh软件包,首先要安装ssh软件包:
1、下载、解压软件包
[root@aix209 ssh]#ls
OpenSSH_5.8.0.6102.tar.Z openssl-0.9.8.1802.tar.Z ssh.txt
解压后通过smit installs安装:
[root@aix209 ssh]#uncompress OpenSSH_5.8.0.6102.tar.Z
[root@aix209 ssh]#uncompress openssl-0.9.8.1802.tar.Z
[root@aix209 ssh]#ls
OpenSSH_5.8.0.6102.tar openssl-0.9.8.1802.tar ssh.txt
[root@aix209 ssh]#tar xvf OpenSSH_5.8.0.6102.tar
|
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
|
x openssh.base,
6310912
bytes,
12326
tape blocks
x openssh.license,
338944
bytes,
662
tape blocks
x openssh.man.en_US,
153600
bytes,
300
tape blocks
x openssh.msg.CA_ES,
20480
bytes,
40
tape blocks
x openssh.msg.CS_CZ,
20480
bytes,
40
tape blocks
x openssh.msg.DE_DE,
20480
bytes,
40
tape blocks
x openssh.msg.EN_US,
17408
bytes,
34
tape blocks
x openssh.msg.ES_ES,
19456
bytes,
38
tape blocks
x openssh.msg.FR_FR,
20480
bytes,
40
tape blocks
x openssh.msg.HU_HU,
21504
bytes,
42
tape blocks
x openssh.msg.IT_IT,
19456
bytes,
38
tape blocks
x openssh.msg.JA_JP,
24576
bytes,
48
tape blocks
x openssh.msg.Ja_JP,
26624
bytes,
52
tape blocks
x openssh.msg.KO_KR,
21504
bytes,
42
tape blocks
x openssh.msg.PL_PL,
20480
bytes,
40
tape blocks
x openssh.msg.PT_BR,
19456
bytes,
38
tape blocks
x openssh.msg.RU_RU,
25600
bytes,
50
tape blocks
x openssh.msg.SK_SK,
20480
bytes,
40
tape blocks
x openssh.msg.ZH_CN,
25600
bytes,
50
tape blocks
x openssh.msg.ZH_TW,
24576
bytes,
48
tape blocks
x openssh.msg.Zh_CN,
21504
bytes,
42
tape blocks
x openssh.msg.Zh_TW,
21504
bytes,
42
tape blocks
x openssh.msg.ca_ES,
19456
bytes,
38
tape blocks
x openssh.msg.cs_CZ,
19456
bytes,
38
tape blocks
x openssh.msg.de_DE,
20480
bytes,
40
tape blocks
x openssh.msg.en_US,
17408
bytes,
34
tape blocks
x openssh.msg.es_ES,
19456
bytes,
38
tape blocks
x openssh.msg.fr_FR,
20480
bytes,
40
tape blocks
x openssh.msg.hu_HU,
27648
bytes,
54
tape blocks
x openssh.msg.it_IT,
19456
bytes,
38
tape blocks
x openssh.msg.ja_JP,
26624
bytes,
52
tape blocks
x openssh.msg.ko_KR,
19456
bytes,
38
tape blocks
x openssh.msg.pl_PL,
27648
bytes,
54
tape blocks
x openssh.msg.pt_BR,
18432
bytes,
36
tape blocks
x openssh.msg.ru_RU,
27648
bytes,
54
tape blocks
x openssh.msg.sk_SK,
19456
bytes,
38
tape blocks
x openssh.msg.zh_CN,
21504
bytes,
42
tape blocks
x openssh.msg.zh_TW,
21504
bytes,
42
tape blocks
|
[root@aix209 ssh]#ls
|
1
2
3
4
5
6
7
8
9
10
11
|
OpenSSH_5
.8.0.
6102.
tar openssh.msg.IT_IT openssh.msg.Zh_TW openssh.msg.pl_PL
openssh.base openssh.msg.JA_JP openssh.msg.ca_ES openssh.msg.pt_BR
openssh.license openssh.msg.Ja_JP openssh.msg.cs_CZ openssh.msg.ru_RU
openssh.man.en_US openssh.msg.KO_KR openssh.msg.de_DE openssh.msg.sk_SK
openssh.msg.CA_ES openssh.msg.PL_PL openssh.msg.en_US openssh.msg.zh_CN
openssh.msg.CS_CZ openssh.msg.PT_BR openssh.msg.es_ES openssh.msg.zh_TW
openssh.msg.DE_DE openssh.msg.RU_RU openssh.msg.fr_FR openssl
-0.9.
8.1802.
tar
openssh.msg.EN_US openssh.msg.SK_SK openssh.msg.hu_HU ssh.txt
openssh.msg.ES_ES openssh.msg.ZH_CN openssh.msg.it_IT
openssh.msg.FR_FR openssh.msg.ZH_TW openssh.msg.ja_JP
openssh.msg.HU_HU openssh.msg.Zh_CN openssh.msg.ko_KR
|
[root@aix209 ssh]#tar xvf OpenSSH_5.8.0.6102.tar
|
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
|
x openssh.base,
6310912
bytes,
12326
tape blocks
x openssh.license,
338944
bytes,
662
tape blocks
x openssh.man.en_US,
153600
bytes,
300
tape blocks
x openssh.msg.CA_ES,
20480
bytes,
40
tape blocks
x openssh.msg.CS_CZ,
20480
bytes,
40
tape blocks
x openssh.msg.DE_DE,
20480
bytes,
40
tape blocks
x openssh.msg.EN_US,
17408
bytes,
34
tape blocks
x openssh.msg.ES_ES,
19456
bytes,
38
tape blocks
x openssh.msg.FR_FR,
20480
bytes,
40
tape blocks
x openssh.msg.HU_HU,
21504
bytes,
42
tape blocks
x openssh.msg.IT_IT,
19456
bytes,
38
tape blocks
x openssh.msg.JA_JP,
24576
bytes,
48
tape blocks
x openssh.msg.Ja_JP,
26624
bytes,
52
tape blocks
x openssh.msg.KO_KR,
21504
bytes,
42
tape blocks
x openssh.msg.PL_PL,
20480
bytes,
40
tape blocks
x openssh.msg.PT_BR,
19456
bytes,
38
tape blocks
x openssh.msg.RU_RU,
25600
bytes,
50
tape blocks
x openssh.msg.SK_SK,
20480
bytes,
40
tape blocks
x openssh.msg.ZH_CN,
25600
bytes,
50
tape blocks
x openssh.msg.ZH_TW,
24576
bytes,
48
tape blocks
x openssh.msg.Zh_CN,
21504
bytes,
42
tape blocks
x openssh.msg.Zh_TW,
21504
bytes,
42
tape blocks
x openssh.msg.ca_ES,
19456
bytes,
38
tape blocks
x openssh.msg.cs_CZ,
19456
bytes,
38
tape blocks
x openssh.msg.de_DE,
20480
bytes,
40
tape blocks
x openssh.msg.en_US,
17408
bytes,
34
tape blocks
x openssh.msg.es_ES,
19456
bytes,
38
tape blocks
x openssh.msg.fr_FR,
20480
bytes,
40
tape blocks
x openssh.msg.hu_HU,
27648
bytes,
54
tape blocks
x openssh.msg.it_IT,
19456
bytes,
38
tape blocks
x openssh.msg.ja_JP,
26624
bytes,
52
tape blocks
x openssh.msg.ko_KR,
19456
bytes,
38
tape blocks
x openssh.msg.pl_PL,
27648
bytes,
54
tape blocks
x openssh.msg.pt_BR,
18432
bytes,
36
tape blocks
x openssh.msg.ru_RU,
27648
bytes,
54
tape blocks
x openssh.msg.sk_SK,
19456
bytes,
38
tape blocks
x openssh.msg.zh_CN,
21504
bytes,
42
tape blocks
x openssh.msg.zh_TW,
21504
bytes,
42
tape blocks
|
2、通过smit installs安装:
[root@aix209 ssh]#smit installs
3、安装成功后,系统自动启动ssh service:
[root@aix209 ssh]#lssrc -a |grep ssh
sshd ssh 6029368 active
4、配置信任关系(通过建立公钥和私钥)
[grid@aix209 grid]$ssh-keygen -t rsa
|
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
|
Generating
public
/
private
rsa key pair.
Enter file
in
which to save the key (/home/grid/.ssh/id_rsa):
Created directory
'/home/grid/.ssh'
.
Enter passphrase (empty
for
no passphrase):
Enter same passphrase again:
Your identification has been saved
in
/home/grid/.ssh/id_rsa.
Your
public
key has been saved
in
/home/grid/.ssh/id_rsa.pub.
The key fingerprint is:
46
:8c:ac:aa:
82
:
62
:b1:5e:e2:ba:ed:d5:
02
:5e:f5:
62
grid@aix209
The key's randomart image is:
+--[ RSA
2048
]----+
| |
| . o |
| + o |
| o o |
| . o E S |
| o + o o |
|..=.o . |
|==o. . |
|X=o |
+-----------------+
|
[grid@aix209 grid]$ssh-keygen -t dsa
|
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
|
Generating
public
/
private
dsa key pair.
Enter file
in
which to save the key (/home/grid/.ssh/id_dsa):
Enter passphrase (empty
for
no passphrase):
Enter same passphrase again:
Your identification has been saved
in
/home/grid/.ssh/id_dsa.
Your
public
key has been saved
in
/home/grid/.ssh/id_dsa.pub.
The key fingerprint is:
4a:6d:
60
:
35
:ee:1c:fe:7d:
62
:
54
:f6:
31
:5c:7b:4a:
54
grid@aix209
The key's randomart image is:
+--[ DSA
1024
]----+
| o ..E|
| o . .. o|
| o o +=.|
| . * . + o+|
| . S . . .|
| . o . o |
| . . + . |
| . o |
| |
+-----------------+
|
[grid@aix209 ~]$cd .ssh
[grid@aix209 .ssh]$ls
id_dsa id_dsa.pub id_rsa id_rsa.pub
[grid@aix209 .ssh]$cd ..
在另一个node(aix210)同样方式建立密钥对:
[grid@aix210 grid]$ssh-keygen -t rsa
[grid@aix210 grid]$ssh-keygen -t dsa
[grid@aix209 ~]$cat .ssh/id_rsa.pub >>.ssh/authorized_keys
[grid@aix209 ~]$cat .ssh/id_dsa.pub >>.ssh/authorized_keys
[grid@aix209 ~]$ssh aix210 cat .ssh/id_rsa.pub >>.ssh/authorized_keys
The authenticity of host 'aix210 (192.168.8.210)' can't be established.
RSA key fingerprint is 65:25:9b:46:05:a4:84:73:76:d2:ba:d2:c8:a2:91:0e.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added 'aix210,192.168.8.210' (RSA) to the list of known hosts.
grid@aix210's password:
[grid@aix209 ~]$ssh aix210 cat .ssh/id_dsa.pub >>.ssh/authorized_keys
grid@aix210's password:
将公钥authorized_keys上传到对方主机:
[grid@aix209 ~]$scp .ssh/authorized_keys aix210:~/.ssh
grid@aix210's password:
authorized_keys 100% 1988 1.9KB/s 00:00
验证:
[grid@aix209 ~]$ssh aix210 date
Mon Jan 5 22:24:19 CST 1970
[grid@aix209 ~]$ssh aix210-priv date
The authenticity of host 'aix210-priv (10.10.10.210)' can't be established.
RSA key fingerprint is 65:25:9b:46:05:a4:84:73:76:d2:ba:d2:c8:a2:91:0e.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added 'aix210-priv,10.10.10.210' (RSA) to the list of known hosts.
Mon Jan 5 22:24:27 CST 1970
[grid@aix209 ~]$ssh aix209-priv date
The authenticity of host 'aix209-priv (10.10.10.209)' can't be established.
RSA key fingerprint is 8f:54:98:0e:1b:c1:81:10:36:88:62:e2:20:61:16:91.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added 'aix209-priv,10.10.10.209' (RSA) to the list of known hosts.
Mon Mar 28 18:39:55 CDT 2016
[grid@aix209 ~]$ssh aix209 date
The authenticity of host 'aix209 (192.168.8.209)' can't be established.
RSA key fingerprint is 8f:54:98:0e:1b:c1:81:10:36:88:62:e2:20:61:16:91.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added 'aix209,192.168.8.209' (RSA) to the list of known hosts.
Mon Mar 28 18:40:02 CDT 2016
[grid@aix210 ~]$ssh aix209 date
The authenticity of host 'aix209 (192.168.8.209)' can't be established.
RSA key fingerprint is 8f:54:98:0e:1b:c1:81:10:36:88:62:e2:20:61:16:91.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added 'aix209,192.168.8.209' (RSA) to the list of known hosts.
Mon Mar 28 18:40:30 CDT 2016
[grid@aix210 ~]$ssh aix209-priv date
The authenticity of host 'aix209-priv (10.10.10.209)' can't be established.
RSA key fingerprint is 8f:54:98:0e:1b:c1:81:10:36:88:62:e2:20:61:16:91.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added 'aix209-priv,10.10.10.209' (RSA) to the list of known hosts.
Mon Mar 28 18:40:36 CDT 2016
[grid@aix210 ~]$ssh aix210-priv date
The authenticity of host 'aix210-priv (10.10.10.210)' can't be established.
RSA key fingerprint is 65:25:9b:46:05:a4:84:73:76:d2:ba:d2:c8:a2:91:0e.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added 'aix210-priv,10.10.10.210' (RSA) to the list of known hosts.
Mon Jan 5 22:25:26 CST 1970
[grid@aix210 ~]$ssh aix210 date
The authenticity of host 'aix210 (192.168.8.210)' can't be established.
RSA key fingerprint is 65:25:9b:46:05:a4:84:73:76:d2:ba:d2:c8:a2:91:0e.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added 'aix210,192.168.8.210' (RSA) to the list of known hosts.
Mon Jan 5 22:25:31 CST 1970
。。。验证通过,信任关系建立成功!
------ 在构建Oracle RAC时,需要Oracle用户也要建立信任关系 。。。
