ssh User equivalence

Oracle RAC

[[email protected] grid]$ ./runcluvfy.sh stage -pre crsinst -n RACG1,RACG2 -r 11gR2 -fixup -verbose

Performing pre-checks for cluster services setup

Checking node reachability…
Check: Node reachability from node “RACG1”

  Destination Node                      Reachable?
  ————————————  ————————
  RACG1                                 yes
  RACG2                                 yes
Result: Node reachability check passed from node “RACG1”

Checking user equivalence…
Check: User equivalence for user “oracle”

  Node Name                             Comment
  ————————————  ————————
  RACG1                                 failed
  RACG2                                 failed
Result: PRVF-4007 : User equivalence check failed for user “oracle”

ERROR:

User equivalence unavailable on all the specified nodes
Verification cannot proceed

Pre-check for cluster services setup was unsuccessful on all the nodes.

 

— TO AVOID 

PRVF-4007 : User equivalence check failed for user “oracle 
 

Setup ssh User equivalence in 11gR2

 

In new 11GR2 ssh User equivalence can be setup as below. 

total 40
drwxrwxrwx  9 oracle oinstall 4096 Apr  1 08:11 doc
drwxrwxrwx  4 oracle oinstall 4096 Apr  1 08:11 install
drwxrwxrwx  2 oracle oinstall 4096 Apr  1 08:11 response
drwxrwxrwx  2 oracle oinstall 4096 Apr  1 08:11 rpm
-rwxrwxrwx  1 oracle oinstall 3795 Apr  1 08:11 runcluvfy.sh
-rwxrwxrwx  1 oracle oinstall 3227 Apr  1 08:11 runInstaller
drwxrwxrwx  2 oracle oinstall 4096 Apr  1 09:05 sshsetup
drwxrwxrwx 14 oracle oinstall 4096 Apr  1 08:11 stage
-rwxrwxrwx  1 oracle oinstall 4228 Apr  1 08:11 welcome.html

 

cd sshsetup
./sshUserSetup.sh -user oracle -hosts NODE1,NODE2 -advanced -exverify -confirm

Below is method to setup ssh Manually step-by-step. 

 

ON NODE-1

[email protected]:/home/oracle : $mkdir -p ~/.ssh
[email protected]:/home/oracle : $chmod 700 ~/.ssh
[email protected]:/home/oracle : $/usr/bin/ssh-keygen -t rsa
Generating public/private rsa key pair.
Enter file in which to save the key (/home/oracle/.ssh/id_rsa):
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /home/oracle/.ssh/id_rsa.
Your public key has been saved in /home/oracle/.ssh/id_rsa.pub.
The key fingerprint is:
4a:3b:fe:ea:03:d3:cf:6f:d3:06:fb:1a:ed:1e:b0:6b [email protected]
[email protected]:/home/oracle : $/usr/bin/ssh-keygen -t dsa
Generating public/private dsa key pair.
Enter file in which to save the key (/home/oracle/.ssh/id_dsa):
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /home/oracle/.ssh/id_dsa.
Your public key has been saved in /home/oracle/.ssh/id_dsa.pub.
The key fingerprint is:
5e:cb:46:cc:d8:f1:01:44:3e:7a:20:eb:ce:5d:d4:15 [email protected]

ON NODE-2

[email protected]:/home/oracle : $mkdir -p ~/.ssh
[email protected]:/home/oracle : $chmod 700 ~/.ssh
[email protected]:/home/oracle : $/usr/bin/ssh-keygen -t rsa
Generating public/private rsa key pair.
Enter file in which to save the key (/home/oracle/.ssh/id_rsa):
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /home/oracle/.ssh/id_rsa.
Your public key has been saved in /home/oracle/.ssh/id_rsa.pub.
The key fingerprint is:
dc:4e:e7:c3:ee:71:84:e7:2e:72:99:3d:b0:0a:2b:f9 [email protected]
[email protected]:/home/oracle : $/usr/bin/ssh-keygen -t dsa
Generating public/private dsa key pair.
Enter file in which to save the key (/home/oracle/.ssh/id_dsa):
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /home/oracle/.ssh/id_dsa.
Your public key has been saved in /home/oracle/.ssh/id_dsa.pub.
The key fingerprint is:
5a:49:d4:e2:b9:5d:e9:f8:f5:bb:ce:7c:4b:f4:dd:6c [email protected]

ON NODE-1

[email protected]:/home/oracle : $ssh TESTP1 cat ~/.ssh/id_rsa.pub >> ~/.ssh/authorized_keys
The authenticity of host ‘testp1 (192.168.100.181)’ can’t be established.
RSA key fingerprint is 27:ac:4b:9a:e3:d2:ae:6d:2b:71:99:8d:b9:c0:b1:a7.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added ‘testp1,192.168.100.181’ (RSA) to the list of known hosts.
[email protected]’s password:
[email protected]:/home/oracle : $ssh TESTP1 cat ~/.ssh/id_dsa.pub >> ~/.ssh/authorized_keys
[email protected]:/home/oracle : $scp /home/oracle/.ssh/authorized_keys [email protected]:~/.ssh/
[email protected]’s password:
authorized_keys                                                                                                          100% 1030     1.0KB/s   00:00

ON NODE-2

[email protected]:/home/oracle/.ssh : $ssh TESTP2 cat ~/.ssh/id_rsa.pub >> ~/.ssh/authorized_keys
The authenticity of host ‘testp2 (192.168.100.182)’ can’t be established.
RSA key fingerprint is 27:ac:4b:9a:e3:d2:ae:6d:2b:71:99:8d:b9:c0:b1:a7.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added ‘testp2,192.168.100.182’ (RSA) to the list of known hosts.
[email protected]’s password:
[email protected]:/home/oracle/.ssh : $ssh TESTP2 cat ~/.ssh/id_dsa.pub >> ~/.ssh/authorized_keys
[email protected]:/home/oracle/.ssh : $scp /home/oracle/.ssh/authorized_keys [email protected]:~/.ssh/
The authenticity of host ‘testp1 (192.168.100.181)’ can’t be established.
RSA key fingerprint is 27:ac:4b:9a:e3:d2:ae:6d:2b:71:99:8d:b9:c0:b1:a7.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added ‘testp1,192.168.100.181’ (RSA) to the list of known hosts.
[email protected]’s password:
authorized_keys                                                                                                          100% 2060     2.0KB/s   00:00

–Confirm ssh on both Nodes. 

[email protected]:/home/oracle : $ssh TESTP2 date
Mon Aug  6 09:20:48 EDT 2012
[email protected]:/home/oracle : $ssh TESTP1 date
Mon Aug  6 09:20:43 EDT 2012

[email protected]:/home/oracle/.ssh : $ssh TESTP2 date
Mon Aug  6 09:20:37 EDT 2012
[email protected]:/home/oracle/.ssh : $ssh TESTP1 date
Mon Aug  6 09:20:31 EDT 2012

 
It should Ask for password only first time.  if it ask ,,,Do as below temporary
——perform below step on BOTH NODE.
exec /usr/bin/ssh-agent $SHELL
/usr/bin/ssh-add
Identity added: /home/oracle/.ssh/id_rsa (/home/oracle/.ssh/id_rsa)
  • login as root
  • vi /etc/sshd_config
  • mark no instead of yes at line
passwordauthentication no 
(Note that user equivalence is established for the current session only. If you switch to a different session or log out and back in, you will have to run ssh-agent and ssh-add again to re-establish user equivalence.)