Exadata_setup password less ssh to all compute nodes and storage cells and Switches

Exadata: setup password less ssh to all compute nodes and storage cells and Switches

 

 

[root@dm01db01 software]# cd /opt/oracle.SupportTools/

[root@dm01db01 oracle.SupportTools]# ls -ltrah

total 424K

-rwxr-x---   1 root root 1.5K Nov 17 11:59 setup_ssh_eq.sh

-rwxr-x---   1 root root  901 Nov 17 11:59 harden_passwords_reset_root_ssh

-rwxr-x---   1 root root  43K Nov 17 11:59 imageLogger

-rwxr-x---   1 root root 8.0K Nov 17 11:59 check_pkey_config.sh

-rwxr-x---   1 root root  21K Nov 17 11:59 check_fix_cell_metadata.sh

-rwxr-x---   1 root root  54K Nov 17 11:59 resourcecontrol

-rwxr-x---   1 root root 1.1K Nov 17 11:59 ocrvothostd

-rwxr-x---   1 root root  23K Nov 17 11:59 cell_config_snapshot.sh

-rwxr-x--x   1 root root    0 Nov 17 11:59 CheckHWnFWProfile

-rwxr-x---   1 root root 5.8K Nov 17 11:59 set_flash_compression.sh

-rwxr-x---   1 root root 202K Nov 17 11:59 reclaimdisks.sh

-rwxr-x---   1 root root  448 Nov 17 11:59 flush_cache.sh

-rwxr-x---   1 root root  10K Nov 17 11:59 sys_dirs.tar

-rwxr-x---   1 root root    0 Nov 17 11:59 make_cellboot_usb

-rwxr-x---   1 root root  642 Nov 17 11:59 parted_interactive.exp

drwxr-x---   3 root root 4.0K Nov 17 11:59 secureeraser

-rwxr-x---   1 root root  501 Nov 17 11:59 CheckSWProfile.sh

drwxr-xr-x   2 root root 4.0K Nov 17 12:08 firstconf

lrwxrwxrwx   1 root root   27 Nov 17 12:08 diagnostics.iso -> /opt/oracle.cellos/diag.iso

drwxr-x---   5 root root 4.0K Nov 17 12:08 .

drwxr-xr-x   4 root root 4.0K Nov 17 12:08 ibdiagtools

drwxr-xr-x. 15 root root 4.0K Nov 17 15:21 ..

[root@ec117 oracle.SupportTools]#

 

[root@dm01db01 oracle.SupportTools]# ls -ltr setup_ssh_eq.sh

-r-xr-x— 1 root root 1518 Apr 17 15:03 setup_ssh_eq.sh

 

[root@dm01db01 oracle.SupportTools]# ./setup_ssh_eq.sh /root/all_group root redhat

 

 

 

 

[root@dm01db01 oracle.SupportTools]# dcli -g /root/all_group -l root ‘uptime’

dm01cel01: 09:11:46 up 5 days, 21:30,  0 users,  load average: 1.54, 1.21, 1.05

dm01cel02: 09:11:46 up 5 days, 21:30,  0 users,  load average: 1.22, 1.54, 1.60

dm01cel03: 09:11:46 up 5 days, 21:30,  0 users,  load average: 1.50, 1.23, 1.60

dm01cel04: 09:11:46 up 5 days, 21:30,  0 users,  load average: 1.78, 1.95, 1.71

dm01cel05: 09:11:46 up 5 days, 21:30,  0 users,  load average: 3.83, 1.54, 1.05

dm01cel06: 09:11:46 up 5 days, 21:30,  0 users,  load average: 0.82, 1.50, 1.68

dm01cel07: 09:11:46 up 5 days, 21:30,  0 users,  load average: 1.55, 1.67, 1.71

dm01cel08: 09:11:46 up 5 days, 21:30,  0 users,  load average: 1.44, 1.51, 1.05

dm01cel09: 09:11:46 up 5 days, 21:30,  0 users,  load average: 1.51, 1.74, 1.97

dm01cel10: 09:11:46 up 5 days, 21:30,  0 users,  load average: 1.97, 1.67, 1.60

dm01cel11: 09:11:46 up 5 days, 21:30,  0 users,  load average: 1.78, 1.95, 1.71

dm01cel12: 09:11:46 up 5 days, 21:30,  0 users,  load average: 3.83, 1.54, 1.05

dm01cel13: 09:11:46 up 5 days, 21:30,  0 users,  load average: 0.82, 1.50, 1.68

dm01cel14: 09:11:46 up 5 days, 21:30,  0 users,  load average: 1.55, 1.63, 1.81

 

dm01db01: 09:11:46 up 5 days, 21:37,  1 users,  load average: 0.63, 0.48, 0.59

dm01db02: 09:11:46 up 5 days, 21:36,  0 users,  load average: 0.23, 0.59, 0.54

dm01db03: 09:11:46 up 5 days, 21:36,  0 users,  load average: 0.41, 0.52, 0.54

dm01db04: 09:11:46 up 5 days, 21:36,  0 users,  load average: 0.19, 0.52, 0.29

dm01db05: 09:11:46 up 5 days, 21:37,  1 users,  load average: 0.63, 0.48, 0.59

dm01db06: 09:11:46 up 5 days, 21:36,  0 users,  load average: 0.23, 0.59, 0.54

dm01db07: 09:11:46 up 5 days, 21:36,  0 users,  load average: 0.41, 0.52, 0.54

dm01db08: 09:11:46 up 5 days, 21:36,  0 users,  load average: 0.19, 0.52, 0.29

 

 

 

 

 

LAB:

 

 

[root@ec117 oracle.SupportTools]# ./setup_ssh_eq.sh /root/all_group root redhat

/root/.ssh/id_dsa already exists.

Overwrite (y/n)? y

/root/.ssh/id_rsa already exists.

Overwrite (y/n)? y

spawn dcli -c ec117 -l root -k

root@ec117's password:

ec117: ssh key added

spawn dcli -c rac131 -l root -k

The authenticity of host 'rac131 (191.168.0.131)' can't be established.

RSA key fingerprint is 9e:94:7e:e5:90:6c:64:50:a1:5d:c6:8a:42:ca:57:75.

Are you sure you want to continue connecting (yes/no)? yes

root@rac131's password:

rac131: ssh key added

 

[root@ec117 oracle.SupportTools]# ssh ec117

Last login: Wed Apr 17 15:24:57 2024 from rac-scan1.ora.com

[root@ec117 ~]# exit

logout

Connection to ec117 closed.

 

[root@ec117 oracle.SupportTools]# ssh rac131

Last login: Wed Aug  9 22:37:46 2023 from rac-scan1.ora.com

[root@rac131 ~]#

[root@rac131 ~]#

[root@rac131 ~]# logout

Connection to rac131 closed.

 

 

 

 

 

[root@ec117 oracle.SupportTools]# dcli -g /root/all_group -l root 'uptime;date'

ec117: 15:33:09 up 30 min,  3 users,  load average: 6.86, 7.07, 4.23

ec117: Wed Apr 17 15:33:09 IST 2024

rac131: 15:33:09 up 30 min,  1 user,  load average: 0.03, 0.03, 0.06

rac131: Wed Apr 17 15:33:09 IST 2024

[root@ec117 oracle.SupportTools]#

[root@ec117 oracle.SupportTools]#

 

 

Manual Approach (DB Node1 To Any IB Switch)

Case: Password Less ssh From DB Node1 To Any IB Switch still prompting for password

Using the following procedure to configure passwordless ssh from a node to the Infiniband switch, ssh is still prompting for a password:

1. Ensure the node you want to ssh from has public keys in the ~root/.ssh directory.

Logged in as root:

node# cd root/.ssh
node#ls
If the id_rsa.pub exists, your done with this step.

 

If it doesn't already exist, generate keys as follows only on the nodes you want to be able to loging from passwordless:

IMPORTANT: DON'T use a Passphrase for passwordless ssh!!!!

node# cd /root/.ssh

node# pwd
/root/.ssh

node# ssh-keygen -t rsa

 

2. Copy the Public Keys to the switch

Node# cat /root/.ssh/id_rsa.pub | ssh root@{IP_ADDR_switch} 'cat >> .ssh/authorized_keys'

 

CHANGES

 The following link on the switch was broken:

# pwd
/root/.ssh

authorized_keys -> /config/conf/ssh/authorized_keys/root

 

CAUSE

 The IB switch passwordless logins may fail due to missing soft link. 

SOLUTION

 

Ensure the /config/conf/ssh/authorized_keys/root file exists

 

switch# ls -l /config/conf/ssh/authorized_keys/root
-rw-r--r-- 1 root root 2074 2021-04-28 12:41 /config/conf/ssh/authorized_keys/root

 

Remove the /root/.ssh/authorized_keys file if it exists and re-create the link:

switch# cd /root/.ssh
switch# rm authorized_keys

switch# ln -s /config/conf/ssh/authorized_keys/root /root/.ssh/authorized_keys

Copy the Public Keys to the switch again:

Node# cat /root/.ssh/id_rsa.pub | ssh root@{IP_ADDR_switch} 'cat >> .ssh/authorized_keys'