SOLVED! Re: Latest findings -- Re: slightly OT: passwordless ssh and Clusterware
From: Lyall Barbour <lyallbarbour_at_sanfranmail.com>
Date: Fri, 26 Jul 2013 09:34:44 -0400
Message-ID: <20130726133444.290180_at_gmx.com>
I found a Blog by Leighton Nelson here: http://blogs.griddba.com/2011/03/grid-infrastructure-11202-hands-on.html that said to use -advanced if you want it to work from the remote host(s) too. And, that now works! Thanks for everyone's help.
Lyall Barbour
----- Original Message -----
From: Lyall Barbour
Sent: 07/26/13 09:13 AM
To: oracle-l
Subject: Latest findings -- Re: slightly OT: passwordless ssh and Clusterware Thanks to Fernando for pointing me to the sshSetup.sh script in the 11gR2 zip Grid directory. Here's the latest quirk. If i run sshSetup.sh -user <username> -hosts "node1 node2" -noPromptPassphrase ......... from node1, everything works except connecting node2 to node1. Node1 to node1 works, node1 to node2 works, node2 to node2 works... node2 to node1 does not work. THEN! <copy and paste above sentence> <replace ............ from node1> <with ........... from node2> and the exact same thing happens only backwards. Node2 to node2 works, node2 to node1 works, node1 to node1 works....... node1 to node2 does NOT work! What the heck.... Anyone? Lyall Barbour ----- Original Message ----- From: Lyall Barbour Sent: 07/26/13 08:36 AM To: oracle-l Subject: Re: slightly OT: passwordless ssh and Clusterware Thanks Jared, et al, I've been wanting that to be the fix since yesterday morning. Last night i played some more. When i do a diff between authorized_keys and id_rsa.pub, i can only s ee the other server's entry in authorized_keys. How it should be, i'd think. devdb01: more authorized_keys ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEAm5z9G2R/OzRdGvkyKI2ai4VAow8DTEMZsEZtNR6YYkvp6KThJ8n8bbVfLZxQ3CnHoi4 0uM3ca02PKbk4IEmv5TVARv1Ya9djZORczYfqpNDGsLDSojZzJJZYeUHYDeVxnp9vO9Ua7SU5M3QGaOpsIQNWosi3CXpzinhURt5Ekc ta84WQUsb2tfhk698dQ8CCzVzYuNqSupMaeFo/U6UUc8c1lDgxL3azXmeCYmx4bfXUG57kAxgxQ0/DJSyPWVHpOoDhVh0yfXelE13is 0osWT9A27Se4jWxKrr+CcxsMWMlFz1uqtzoYbBfZyUtkexsFXhp9tLHOoa6X4qPyLfqnw== oly_db_admin_at_devdb01 ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEA060/VClzimwpiRAjx7KWl584A44i6ImdDWb4kaGJddn0AF9M27YgQW+GQPJhul8f5Ji Z2O+uW0tlH1ytO6I6RHSDTZK7//lc+Cf5AO7LYKDVUSVyaj11wKTLDTEMmYT9kFqZmb352ix6aY3xtujLIu8VTCOnleboWHV4IoxLRQ tf23/C+vr7SciJ9cq1+uj32BPzHG3pBhVXKPTfek2T5QxQf1+XjrKL6i6IRNzyMO+3eC+91g5pugIdt9K2ONaEo OGA5lvpWC6Pu+vjE G4tesbeM5+P3DIFnHPbeifRh4sKMkoxWD7Pu514Y48nlkTObJE4+K1+WiFMOeRFulk7hw== oly_db_admin_at_devdb02 devdb01: more id_rsa.pub ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEAm5z9G2R/Oz RdGvkyKI2ai4VAow8DTEMZsEZtNR6YYkvp6KThJ8n8bbVfLZxQ3CnHoi4 0uM3ca02PKbk4IEmv5TVARv1Ya9djZORczYfqpNDGsLDSojZzJJZYeUHYDeVxnp9vO9Ua7SU5M3QGaOpsIQNWosi3CXpzinhURt5Ekc ta84WQUsb2tfhk698dQ8CCzVzYuNqSupMaeFo/U6UUc8c1lDgxL3azXmeCYmx4bfXUG57kAxgxQ0/DJSyPWVHpOoDhVh0yfXelE13is 0osWT9A27Se4jWxKrr+CcxsMWMlFz1uqtzoYbBfZyUtkexsFXhp9tLHOoa6X4qPyLfqnw== oly_db_admin_at_devdb01 devdb01: diff authorized_keys id_rsa.pub 2d1 < ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEA060/VClzimwpiRAjx7KWl584A44i6ImdDWb4kaGJddn0AF9M27YgQW+GQPJhul8f5JiZ2O+uW0tlH1ytO6I6RHSDTZK7//lc+Cf5AO7LYKDVUSVyaj11wKTLDTEMmYT9kFqZmb352ix6aY3xtujLIu8VTCOnleboWHV4IoxLRQtf23/C+vr7SciJ9cq1+uj32BPzHG3pBhVXKPTfek2T5QxQf1+XjrKL6i6IRNzyMO+3eC+91g5pugIdt9K2ONaEoOGA5lvpWC6Pu+vjEG4tesbeM5+P3DIFnHPbeifRh4sKMkoxWD7Pu514Y48nlkTObJE4+K1+WiFMOeRFulk7hw== oly_db_admin_at_devdb02 devdb01: ssh devdb01 date oly_db_admin_at_devdb01's password: devdb01: Here's another hook to this craziness. I can, since i started this, usually, ssh from node1 to node2 ... and from node2 to node2, no problem. The problem is going to node1. Is there some parameter file that i need to look at? The ssh versions are the same between these servers. What else do i need to look at, other then ssh-keygen and ssh-copy-id, anybody? Maybe something doesn't link up between how the two servers are configured? Lyall Barbour ----- Original Message ----- From: Jared Still Sent: 07/25/13 08:12 PM To: lyallbarbour_at_sanfranmail.com Subject: Re: slightly OT: passwordless ssh and Clusterware On Thu, Jul 25, 2013 at 1:23 PM, Lyall Barbour <lyallbarbour_at_sanfranmail.com > wrote: > ssh from node1 to node2 works good, going from node2 to node1 works good. > But ssh from node1 to node1 or node2 to node2 doesn't work. Apparently 10g > didn't truely care about this, but 11g OUI definitely needs it. anyb ody > know how to really set this up? I've been Googling and ready Oracle docs > all days. Delete .ssh directories, running ssh-keygen and running > ssh-copy-id, sometimes i get on e server to work fine, sometimes the other > server works, sometimes both do not work. Is there an order? Compare the public keys between nodes, they are probably different .( only 1 node is up on my RAC right now so cannot check) Here is one simple method to fix it. node1: append to the end of ~/.ssh/authorized_keys the value of the public key from the same directory this will be a file called either id_rsa.pub or id_dsa.pub, but probably an RSA key. node2: do the same as on node 1 Jared Still C ertifiable Oracle DBA and Part Time Perl Evangelist Oracle Blog: http://jkstill.blogspot.com Home Page: http://jaredstill.com -- http://www.freelists.org/webpage/oracle-l -- http://www.freelists.org/webpage/oracle-l -- http://www.freelists.org/webpage/oracle-l
Date: Fri, 26 Jul 2013 09:34:44 -0400
Message-ID: <20130726133444.290180_at_gmx.com>
I found a Blog by Leighton Nelson here: http://blogs.griddba.com/2011/03/grid-infrastructure-11202-hands-on.html that said to use -advanced if you want it to work from the remote host(s) too. And, that now works! Thanks for everyone's help.
Lyall Barbour
----- Original Message -----
From: Lyall Barbour
Sent: 07/26/13 09:13 AM
To: oracle-l
Subject: Latest findings -- Re: slightly OT: passwordless ssh and Clusterware Thanks to Fernando for pointing me to the sshSetup.sh script in the 11gR2 zip Grid directory. Here's the latest quirk. If i run sshSetup.sh -user <username> -hosts "node1 node2" -noPromptPassphrase ......... from node1, everything works except connecting node2 to node1. Node1 to node1 works, node1 to node2 works, node2 to node2 works... node2 to node1 does not work. THEN! <copy and paste above sentence> <replace ............ from node1> <with ........... from node2> and the exact same thing happens only backwards. Node2 to node2 works, node2 to node1 works, node1 to node1 works....... node1 to node2 does NOT work! What the heck.... Anyone? Lyall Barbour ----- Original Message ----- From: Lyall Barbour Sent: 07/26/13 08:36 AM To: oracle-l Subject: Re: slightly OT: passwordless ssh and Clusterware Thanks Jared, et al, I've been wanting that to be the fix since yesterday morning. Last night i played some more. When i do a diff between authorized_keys and id_rsa.pub, i can only s ee the other server's entry in authorized_keys. How it should be, i'd think. devdb01: more authorized_keys ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEAm5z9G2R/OzRdGvkyKI2ai4VAow8DTEMZsEZtNR6YYkvp6KThJ8n8bbVfLZxQ3CnHoi4 0uM3ca02PKbk4IEmv5TVARv1Ya9djZORczYfqpNDGsLDSojZzJJZYeUHYDeVxnp9vO9Ua7SU5M3QGaOpsIQNWosi3CXpzinhURt5Ekc ta84WQUsb2tfhk698dQ8CCzVzYuNqSupMaeFo/U6UUc8c1lDgxL3azXmeCYmx4bfXUG57kAxgxQ0/DJSyPWVHpOoDhVh0yfXelE13is 0osWT9A27Se4jWxKrr+CcxsMWMlFz1uqtzoYbBfZyUtkexsFXhp9tLHOoa6X4qPyLfqnw== oly_db_admin_at_devdb01 ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEA060/VClzimwpiRAjx7KWl584A44i6ImdDWb4kaGJddn0AF9M27YgQW+GQPJhul8f5Ji Z2O+uW0tlH1ytO6I6RHSDTZK7//lc+Cf5AO7LYKDVUSVyaj11wKTLDTEMmYT9kFqZmb352ix6aY3xtujLIu8VTCOnleboWHV4IoxLRQ tf23/C+vr7SciJ9cq1+uj32BPzHG3pBhVXKPTfek2T5QxQf1+XjrKL6i6IRNzyMO+3eC+91g5pugIdt9K2ONaEo OGA5lvpWC6Pu+vjE G4tesbeM5+P3DIFnHPbeifRh4sKMkoxWD7Pu514Y48nlkTObJE4+K1+WiFMOeRFulk7hw== oly_db_admin_at_devdb02 devdb01: more id_rsa.pub ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEAm5z9G2R/Oz RdGvkyKI2ai4VAow8DTEMZsEZtNR6YYkvp6KThJ8n8bbVfLZxQ3CnHoi4 0uM3ca02PKbk4IEmv5TVARv1Ya9djZORczYfqpNDGsLDSojZzJJZYeUHYDeVxnp9vO9Ua7SU5M3QGaOpsIQNWosi3CXpzinhURt5Ekc ta84WQUsb2tfhk698dQ8CCzVzYuNqSupMaeFo/U6UUc8c1lDgxL3azXmeCYmx4bfXUG57kAxgxQ0/DJSyPWVHpOoDhVh0yfXelE13is 0osWT9A27Se4jWxKrr+CcxsMWMlFz1uqtzoYbBfZyUtkexsFXhp9tLHOoa6X4qPyLfqnw== oly_db_admin_at_devdb01 devdb01: diff authorized_keys id_rsa.pub 2d1 < ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEA060/VClzimwpiRAjx7KWl584A44i6ImdDWb4kaGJddn0AF9M27YgQW+GQPJhul8f5JiZ2O+uW0tlH1ytO6I6RHSDTZK7//lc+Cf5AO7LYKDVUSVyaj11wKTLDTEMmYT9kFqZmb352ix6aY3xtujLIu8VTCOnleboWHV4IoxLRQtf23/C+vr7SciJ9cq1+uj32BPzHG3pBhVXKPTfek2T5QxQf1+XjrKL6i6IRNzyMO+3eC+91g5pugIdt9K2ONaEoOGA5lvpWC6Pu+vjEG4tesbeM5+P3DIFnHPbeifRh4sKMkoxWD7Pu514Y48nlkTObJE4+K1+WiFMOeRFulk7hw== oly_db_admin_at_devdb02 devdb01: ssh devdb01 date oly_db_admin_at_devdb01's password: devdb01: Here's another hook to this craziness. I can, since i started this, usually, ssh from node1 to node2 ... and from node2 to node2, no problem. The problem is going to node1. Is there some parameter file that i need to look at? The ssh versions are the same between these servers. What else do i need to look at, other then ssh-keygen and ssh-copy-id, anybody? Maybe something doesn't link up between how the two servers are configured? Lyall Barbour ----- Original Message ----- From: Jared Still Sent: 07/25/13 08:12 PM To: lyallbarbour_at_sanfranmail.com Subject: Re: slightly OT: passwordless ssh and Clusterware On Thu, Jul 25, 2013 at 1:23 PM, Lyall Barbour <lyallbarbour_at_sanfranmail.com > wrote: > ssh from node1 to node2 works good, going from node2 to node1 works good. > But ssh from node1 to node1 or node2 to node2 doesn't work. Apparently 10g > didn't truely care about this, but 11g OUI definitely needs it. anyb ody > know how to really set this up? I've been Googling and ready Oracle docs > all days. Delete .ssh directories, running ssh-keygen and running > ssh-copy-id, sometimes i get on e server to work fine, sometimes the other > server works, sometimes both do not work. Is there an order? Compare the public keys between nodes, they are probably different .( only 1 node is up on my RAC right now so cannot check) Here is one simple method to fix it. node1: append to the end of ~/.ssh/authorized_keys the value of the public key from the same directory this will be a file called either id_rsa.pub or id_dsa.pub, but probably an RSA key. node2: do the same as on node 1 Jared Still C ertifiable Oracle DBA and Part Time Perl Evangelist Oracle Blog: http://jkstill.blogspot.com Home Page: http://jaredstill.com -- http://www.freelists.org/webpage/oracle-l -- http://www.freelists.org/webpage/oracle-l -- http://www.freelists.org/webpage/oracle-l
--
http://www.freelists.org/webpage/oracle-l
Received on Fri Jul 26 2013 - 15:34:44 CEST