How to Configure Passwordless SSH Authentication Between Oracle
RAC Nodes
During Oracle RAC installation (especially Grid
Infrastructure), the installer and tools need to execute commands across all
RAC nodes automatically, without human intervention.
Password less SSH is needed because:
|
During
Installation Step |
Why
Passwordless SSH is Needed |
|
Grid
Infrastructure (GI) Installation |
The
Oracle Universal Installer (runInstaller) copies files, runs scripts, sets up
ASM, Clusterware, CRS services across all nodes. |
|
Cluster
Verification (cluvfy) |
Verifies
shared storage, network config, user equivalence by connecting across nodes. |
|
Running
root.sh automatically |
Installer
needs to trigger root scripts remotely on all nodes. |
|
Configuration
of SCAN, VIPs |
RAC
configures network resources which requires access to all nodes without
asking password each time. |
|
opatchauto
(patching GI or RAC) |
OPatchAuto
automatically connects to all nodes, stops CRS, applies patches, restarts — needs
SSH access. |
|
Database
installation |
Same for
database binaries if installing with RAC options. |
📋 As per Oracle Official
Documentation :
"You must configure secure shell (SSH) for both the
Oracle Grid Infrastructure software owner (grid) and the Oracle Database
software owner (oracle) to enable passwordless SSH user equivalence across all
cluster nodes. This is required for Oracle Universal Installer to copy and
run scripts on all cluster nodes during installation."
Assumptions
- Your
RAC nodes: Atleast 2 node rac
- You
are configuring passwordless SSH for the following users:
- grid
user (for Grid Infrastructure)
- oracle
user (for RDBMS software)
(If you use only one user for both, steps are same.)
On node1(Hostname :testrac1) (as grid user):
|
[grid@testrac1
~]$ ssh-keygen -t rsa Generating
public/private rsa key pair. Enter file in
which to save the key (/home/grid/.ssh/id_rsa): Enter
passphrase (empty for no passphrase): Enter same
passphrase again: Your
identification has been saved in /home/grid/.ssh/id_rsa. Your public
key has been saved in /home/grid/.ssh/id_rsa.pub. The key
fingerprint is: SHA256:bLXitTwHBHpFSE88BWI8pA0Bwq3Z0ifj4hb+tGvXrV4
grid@testrac1 The key's
randomart image is: +---[RSA
3072]----+ |
.....o=*+=o. | | ...
*+*o | | = o
o.+. | | + = .o o . | | o +
S + | | o .
o + o | | o o. ...E .
| | +.... ...o | | . o+o
.o. | +----[SHA256]-----+ [grid@testrac1
~]$ cd ~/.ssh [grid@testrac1
.ssh]$ cat id_rsa.pub >> authorized_keys |
On node2(Hostname : testrac2) (as grid user):
|
grid@testrac2
~]$ ssh-keygen -t rsa Generating
public/private rsa key pair. Enter file in
which to save the key (/home/grid/.ssh/id_rsa): Enter
passphrase (empty for no passphrase): Enter same
passphrase again: Your
identification has been saved in /home/grid/.ssh/id_rsa. Your public
key has been saved in /home/grid/.ssh/id_rsa.pub. The key
fingerprint is: SHA256:BBrZIK8m2dhCjaH4jkPNwl9itHsx4QKVBM5PN754Hf8
grid@testrac2 The key's
randomart image is: +---[RSA
3072]----+ | o+o++. | |=
=+.o.. | |o* +o+ .
| |o*B.=
o. | |=+*O *
.S | |.*+ * =
o | |o .+ + .
. | | . o
. | | E | +----[SHA256]-----+ [grid@testrac2
~]$ cat ~/.ssh/id_rsa.pub > ~/.ssh/authorized_keys |
Exchange Public Keys
From testrac1:
|
[grid@testrac1
.ssh]$ scp ~/.ssh/id_rsa.pub testrac2:/tmp/testrac1_id_rsa.pub |
From testrac2:
|
[grid@testrac2
.ssh]$ scp ~/.ssh/id_rsa.pub testrac1:/tmp/testrac2_id_rsa.pub |
Merge the keys into authorized_keys on both nodes
On testrac1:-
|
[grid@testrac1
.ssh]$ cat /tmp/testrac2_id_rsa.pub >> ~/.ssh/authorized_keys |
On testrac2:-
|
[grid@testrac2
.ssh]$ cat /tmp/testrac1_id_rsa.pub >> ~/.ssh/authorized_keys |
Perform same steps as above for oracle user if you are
using oracle as RDBMS user
Test Password less authentication From Both server:-
From testrac1
|
[grid@testrac2
~]$ ssh testrac1 date Mon Apr 28
20:07:19 IST 2025 [grid@testrac2
~]$ ssh testrac2 date Mon Apr 28
20:07:24 IST 2025 |
From testrac2
|
[grid@testrac1
~]$ ssh testrac1 date Mon Apr 28
20:08:19 IST 2025 [grid@testrac1~]$
ssh testrac2 date Mon Apr 28
20:08:29 IST 2025 |
No comments:
Post a Comment