HP Serviceguard Toolkits for Database Replication Solutions User Guide, March 2012

ManualsBrandsHP ManualsSoftwareHP Serviceguard Toolkits for Database Replication Solutions

Node2# ssh Node3 cat /.ssh/id_rsa.pub >> /.ssh/authorized_keys

Node2# ssh Node3 cat /.ssh/id_dsa.pub >> /.ssh/authorized_keys

Node2# scp /.ssh/authorized_keys Node3:.ssh/authorized_keys

NOTE: Provide root user’s password when asked.

Node2# exec /usr/bin/ssh-agent $SHELL

Node2# /usr/bin/ssh-add

Identity added: /.ssh/id_rsa (/.ssh/id_rsa)

Identity added: /.ssh/id_dsa (/.ssh/id_dsa)

Node2# ssh Node2 ls /.ssh

Are you sure you want to add node Node2 to the list of known hosts? yes

Note: It may not ask the above question. Give ‘root’ user’s password if asked.

Node2# ssh Node3 ls /.ssh

Are you sure you want to add node Node3 to the list of known hosts? yes

Note: It may not ask the above question.

On node Node3 (Once the setup on Node2 is complete)

Generate the “known hosts” entry by running the following commands:

Node3# ssh Node3 ls /.ssh

Are you sure you want to add node Node3 to the list of known hosts? yes

Node3# ssh Node2 ls /.ssh

Are you sure you want to add node Node2 to the list of known hosts? yes

The SSH connection without password setup is complete. Verify that the connection is proper and

the system executes all the four commands without asking for password. For example:

On node Node3:

Node3# ssh Node3 ls /.ssh

Node3# ssh Node2 ls /.ssh

On node Node2:

Node2# ssh Node2 ls /.ssh

Node2# ssh Node3 ls /.ssh

To set SSH connection without password between multiple nodes for the

same IP

After the SSH connection without password is configured between two IPs placed on different

nodes, and if any IP is moved to another node, SSH communication displays the Man-in-middle

attack error message. If the Standby package moves from Node3 to Node4, similar error occurs

when Primary package attempts to write status file to Node4. To avoid this you must edit

USER_HOME/.ssh/known_hosts file.

Perform the following steps to solve this issue:

NOTE: Corresponding to Node1 and Node2 in Figure 12 (page 36), consider that IP1 is used

as Interconnect traffic IP. Similarly, IP2 is used as Interconnect traffic IP between Node3 and Node4.

1. Consider IP1 is assigned to Node2, and IP2 is assigned to Node3. To configure a SSH

connection without password between IP1 and IP2, follow the procedure described in “ To

configure SSH connection without password for root user between two nodes” (page 56)

2. After SSH connection without password is set successfully, move IP2 from Node3 to Node4.

Now, SSH from IP1 to IP2 shows the following error:

@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@ WARNING: POSSIBLE DNS SPOOFING DETECTED!

@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@The RSA host key for foo-bar.net has changed,

and the key for the corresponding IP address 127.0.0.1

is unchanged. This could either mean that

DNS SPOOFING is happening or the IP address for the host

and its host key has changed at the same time.

To set SSH connection without password between multiple nodes for the same IP 57