原文发布时间:三月 20, 2013 | POSTED IN AIX, LINUX | NO COMMENTS
原文发布地址:“Database Logic”(现已失效)

今天,在做AIX的RAC部署的时候,有很多的地方是和在Linux上的部署决然不同的,但是主要卡住进度的地方则是在:SSH等效性的建立以及通过Display环境变量抓取服务器的GUI的两个步骤。
比如,
在Linux中,如果要实现RAC安装前的准备工作中的SSH等效性建立,将会非常容易。
只需要两条命令即可完成:“ssh-keygen”、“ssh-copy-id”。
如下:
这里操作的对象是两台节点主机中的操作系统账户:dblogic。

首先,使用“ssh-keygen”在各个节点各自生成私钥与公钥文件。
节点一:

[dblogic@em1 ~]$ hostname
em1
[dblogic@em1 ~]$ whoami
dblogic
[dblogic@em1 ~]$ ssh-keygen -t rsa
Generating public/private rsa key pair.
Enter file in which to save the key (/home/dblogic/.ssh/id_rsa):
Created directory ‘/home/dblogic/.ssh’.
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /home/dblogic/.ssh/id_rsa.
Your public key has been saved in /home/dblogic/.ssh/id_rsa.pub.
The key fingerprint is:
41:76:9e:96:b4:a3:b5:b2:0b:bd:c6:01:89:68:0e:df dblogic@em1
[dblogic@em1 ~]$
[dblogic@em1 ~]$

节点二:

[dblogic@em2 ~]$ hostname
em2
[dblogic@em2 ~]$ whoami
dblogic
[dblogic@em2 ~]$ ssh-keygen -t rsa
Generating public/private rsa key pair.
Enter file in which to save the key (/home/dblogic/.ssh/id_rsa):
Created directory ‘/home/dblogic/.ssh’.
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /home/dblogic/.ssh/id_rsa.
Your public key has been saved in /home/dblogic/.ssh/id_rsa.pub.
The key fingerprint is:
f5:88:ad:92:18:62:15:1d:7e:7e:8f:2c:32:2c:a6:c2 dblogic@em2
[dblogic@em2 ~]$

然后,先测试下没有配置SSH等效时候的状态:
节点一:

[root@em1 ~]# su – dblogic
[dblogic@em1 ~]$ ssh em2 date
dblogic@em2’s password:
Sun Mar 17 23:27:26 CST 2013
[dblogic@em1 ~]$

节点二:

[root@em2 ~]# su – dblogic
[dblogic@em2 ~]$ ssh em1 date
The authenticity of host ’em1 (192.168.81.132)’ can’t be established.
RSA key fingerprint is 74:bc:1f:77:96:01:e7:9c:ff:9b:54:ab:9c:56:c7:b2.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added ’em1,192.168.81.132′ (RSA) to the list of known hosts.
dblogic@em1’s password:
Sun Mar 17 23:27:34 CST 2013
[dblogic@em2 ~]$

将“ssh-keygen”生成的公钥通过“ssh-copy-id”传送给对方主机的“dblogic”。
节点一:

[dblogic@em1 ~]$ whoami
dblogic
[dblogic@em1 ~]$ pwd
/home/dblogic
[dblogic@em1 ~]$ ls
[dblogic@em1 ~]$ ls -a
. .. .bash_history .bash_logout .bash_profile .bashrc .emacs .kde .mozilla .ssh .zshrc
[dblogic@em1 ~]$ ls .ssh
authorized_keys id_rsa id_rsa.pub known_hosts
[dblogic@em1 ~]$ ssh-copy-id -i .ssh/id_rsa.pub em2
15
dblogic@em2’s password:
Now try logging into the machine, with “ssh ’em2′”, and check in:

.ssh/authorized_keys

to make sure we haven’t added extra keys that you weren’t expecting.

[dblogic@em1 ~]$

节点二:

[dblogic@em2 ~]$ whoami
dblogic
[dblogic@em2 ~]$ pwd
/home/dblogic
[dblogic@em2 ~]$ ls
[dblogic@em2 ~]$ ls -a
. .. .bash_history .bash_logout .bash_profile .bashrc .emacs .kde .mozilla .ssh .zshrc
[dblogic@em2 ~]$ ls .ssh
id_rsa id_rsa.pub known_hosts
[dblogic@em2 ~]$ ssh-copy-id -i .ssh/id_rsa.pub em1
15
dblogic@em1’s password:
Now try logging into the machine, with “ssh ’em1′”, and check in:

.ssh/authorized_keys

to make sure we haven’t added extra keys that you weren’t expecting.

[dblogic@em2 ~]$

测试:
节点一:

[dblogic@em1 ~]$ ssh em2 date
Sun Mar 17 23:32:01 CST 2013
[dblogic@em1 ~]$

节点二:

[dblogic@em2 ~]$ ssh em1 date
Sun Mar 17 23:31:57 CST 2013
[dblogic@em2 ~]$

但是,在AIX中仅仅只有“ssh-keygen”这条命令,而“ssh-copy-id”命令所实现的操作需要手动完成。
SSH是通过一对私钥和公钥完成验证的。
需要访问哪一台主机不输入口令,则需要将那台主机中由“ssh-keygen”生成的一对私钥和公钥中的公钥的内容传到本地机器中。
“ssh-copy-id”实际上做的便是这么一回事。
默认,对方主机的公钥是存放在本地系统用户家目录的.ssh/的authorized_keys文本文件中的。
具体操作如下:
“ssh-keygen”
节点一:

[me@em1 ~]$ ssh-keygen -t rsa
Generating public/private rsa key pair.
Enter file in which to save the key (/home/me/.ssh/id_rsa):
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /home/me/.ssh/id_rsa.
Your public key has been saved in /home/me/.ssh/id_rsa.pub.
The key fingerprint is:
20:e1:0a:68:e7:da:d4:0d:79:e0:54:70:18:5c:77:e2 me@em1
[me@em1 ~]$

节点二:

[me@em2 ~]$ ssh-keygen -t rsa
Generating public/private rsa key pair.
Enter file in which to save the key (/home/me/.ssh/id_rsa):
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /home/me/.ssh/id_rsa.
Your public key has been saved in /home/me/.ssh/id_rsa.pub.
The key fingerprint is:
48:17:57:41:f3:7c:93:f3:2b:fd:1a:47:1f:48:b4:c2 me@em2
[me@em2 ~]$

传公钥。
节点一:

[me@em1 ~]$ ssh em2 cat ~/.ssh/id_rsa.pub > ~/.ssh/authorized_keys
me@em2’s password:
[me@em1 ~]$ ssh em2 date
Sun Mar 17 23:55:18 CST 2013
[me@em1 ~]$

节点二:

[me@em2 ~]$ ssh em1 cat ~/.ssh/id_rsa.pub >> ~/.ssh/authorized_keys
The authenticity of host ’em1 (192.168.81.132)’ can’t be established.
RSA key fingerprint is 74:bc:1f:77:96:01:e7:9c:ff:9b:54:ab:9c:56:c7:b2.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added ’em1,192.168.81.132′ (RSA) to the list of known hosts.
me@em1’s password:
[me@em2 ~]$ cat ~/.ssh/authorized_keys
ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEAtNPiegrTw35e80j0LhpBVtysIgTK9l00VVJTMZv12zOzYJHqatifUp/jrOt3doVd6VVjgHyjU1ycTr61LKOs4dN5SU7WmxOlPo3Xk56RwMFsQSjO/u8M6kiGskZwQxYnyk15zAF9ivyngwpmpjU5lHdyrcbxkcXUKz5vgHsh4E0z1wwcykxKWiYVSzkw4uEaPIVhtq9aJF+wbi8UcEk4lLxIkqrYhbq7I6JmLBB9fMlPb5CcYs+M3qEqkwUIvj+Wc93OyfC6/PYnGu8UP5Xo47mQJlGqcPU328ZH7QFLeQZB6tFWgBz/211lNp6lSqeC6kHv+vQb5M5pp9/9tJyBSQ== me@em1
[me@em2 ~]$
[me@em2 ~]$ ssh em1 date
Sun Mar 17 23:51:44 CST 2013
[me@em2 ~]$

——
To be continue.

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.

隐藏
变装