Prepared by Ajay Pulijala

Configure SSH for User Equivalence

Using the metalink doc : Note 300548.1 How To Configure SSH for a RAC
Installation
When you run ssh-keygen, you will be prompted for a location to save the keys. Just
press Enter when prompted to accept the default.
You will then be prompted for a passphrase. Keep it blank.
When you have completed the steps below, you will have four files in the ~/.ssh
directory: id_rsa, id_rsa.pub, id_dsa, and id_dsa.pub. The id_rsa and id_dsa files are
your private keys and must not be shared with anyone. The id_rsa.pub and
id_dsa.pub files are your public keys and must be copied to each of the other nodes
in the cluster.

From each node, logged in as oracle:

$ mkdir ~/.ssh
$ chmod 755 ~/.ssh
$ /usr/bin/ssh-keygen -t rsa
Generating public/private rsa key pair.
Enter file in which to save the key (/home/oracle/.ssh/id_rsa):
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /home/oracle/.ssh/id_rsa.
Your public key has been saved in /home/oracle/.ssh/id_rsa.pub.
The key fingerprint is:
4b:df:76:77:72:ba:31:cd:c4:e2:0c:e6:ef:30:fc:37 oracle@node1

$ /usr/bin/ssh-keygen -t dsa
Generating public/private dsa key pair.
Enter file in which to save the key (/home/oracle/.ssh/id_dsa):
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /home/oracle/.ssh/id_dsa.
Your public key has been saved in /home/oracle/.ssh/id_dsa.pub.
The key fingerprint is:
af:37:ca:69:3c:a0:08:97:cb:9c:0b:b0:20:70:e3:4a oracle@node1

Now the contents of the public key files id_rsa.pub and id_dsa.pub on each node
must be copied to the ~/.ssh/authorized_keys file on every other node. Use ssh to
copy the contents of each file to the ~/.ssh/authorized_keys file. Note that the first
time you access a remote node with ssh its RSA key will be unknown and you will be
prompted to confirm that you wish to connect to the node. SSH will record the RSA
key for the remote nodes and will not prompt for this on subsequent connections to
that node.

From node 1 only, perform the following:

$ cat ~/.ssh/id_rsa.pub >> ~/.ssh/authorized_keys
$ cat ~/.ssh/id_dsa.pub >> ~/.ssh/authorized_keys
$ ssh oracle@node2 cat ~/.ssh/id_rsa.pub >> ~/.ssh/authorized_keys
The authenticity of host 'ds2 (192.168.200.52)' can't be established.
RSA key fingerprint is d1:23:a7:df:c5:fc:4e:10:d2:83:60:49:25:e8:eb:11.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added 'ds2,192.168.200.52' (RSA) to the list of known hosts.
oracle@node2's password:
$ ssh oracle@node2 cat ~/.ssh/id_dsa.pub >> ~/.ssh/authorized_keys
oracle@node2's password:
$ chmod 644 ~/.ssh/authorized_keys

Now do the same for all other nodes:

$ cat ~/.ssh/id_rsa.pub >> ~/.ssh/authorized_keys

$ cat ~/.ssh/id_dsa.pub >> ~/.ssh/authorized_keys
$ ssh oracle@node1 cat ~/.ssh/id_rsa.pub >> ~/.ssh/authorized_keys
The authenticity of host 'ds1 (192.168.200.51)' can't be established.
RSA key fingerprint is bd:0e:39:2a:23:2d:ca:f9:ea:71:f5:3d:d3:dd:3b:65.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added 'ds1,192.168.200.51' (RSA) to the list of known hosts.
Enter passphrase for key '/home/oracle/.ssh/id_rsa':
$ ssh oracle@node1 cat ~/.ssh/id_dsa.pub >> ~/.ssh/authorized_keys
Enter passphrase for key '/home/oracle/.ssh/id_rsa':
$ chmod 644 ~/.ssh/authorized_keys