How To Configure User Equivalence

BACKGROUND

User equivalence allows a user to use commands on and copy files to remote systems by logging in to an equivalent account without entering a password.

Of particular relevence to Oracle DBAs, this is required for installing RAC, although its benefits and uses extend far beyond this.

STEP-BY-STEP GUIDE

  • In the examples below, replace (A) and (B) with the real host names respectively.
  • On Both servers
      cd $HOME
      mkdir .ssh
      chmod 700 .ssh
      ssh-keygen -t rsa   (no passphrase)
      ssh-keygen -t dsa   (no passphrase)
  • On host A only
      cd .ssh
      >authorized_keys
      chmod 600 authorized_keys
      ssh (A) cat $HOME/.ssh/id_rsa.pub >> authorized_keys
      ssh (A) cat $HOME/.ssh/id_dsa.pub >> authorized_keys
      ssh (B) cat $HOME/.ssh/id_rsa.pub >> authorized_keys
      ssh (B) cat $HOME/.ssh/id_dsa.pub >> authorized_keys
      scp authorized_keys (B):$HOME/.ssh
      ssh (B) date
  • On host B only
      ssh (A) date

OPTIONAL STEPS

In addition to the basic setup, it is possible to change the behaviour of the relationship between the two hosts by adding entries to the $HOME/.ssh/config file. The example below suppresses the Log On Banner and prevents X11 messages from being forwarded.

  • On Both servers
      cd $HOME/.ssh 
      vi config 
      Add line ---> LogLevel quiet 
      Add line ---> ForwardX11 no
  • A full list of options available for the $HOME/.ssh/config file can be found here.
© copyright 2001-2014 ABCdba.com | all rights reserved