HP Serviceguard Toolkits for Database Replication Solutions manual

Node2# ssh Node3 cat /.ssh/id_rsa.pub >> /.ssh/authorized_keys

Node2# ssh Node3 cat /.ssh/id_dsa.pub >> /.ssh/authorized_keys

Node2# scp /.ssh/authorized_keys Node3:.ssh/authorized_keys

NOTE: Provide root user’s password when asked.

Node2# exec /usr/bin/ssh-agent $SHELL

Node2# /usr/bin/ssh-add

Identity added: /.ssh/id_rsa (/.ssh/id_rsa)

Identity added: /.ssh/id_dsa (/.ssh/id_dsa)

Node2#	ssh Node2	ls /.ssh
Are you sure you		want	to add node Node2 to	the list of known hosts? yes
Note: It may not ask			the above question.	Give ‘root’ user’s password if asked.
Node2# ssh Node3		ls /.ssh
Are you sure you		want	to add node Node3 to	the list of known hosts? yes
Note: It may not ask			the above question.

On node Node3 (Once the setup on Node2 is complete)

Generate the “known hosts” entry by running the following commands:

Node3# ssh Node3 ls /.ssh

Are you sure you want to add node Node3 to the list of known hosts? yes

Node3# ssh Node2 ls /.ssh

Are you sure you want to add node Node2 to the list of known hosts? yes

The SSH connection without password setup is complete. Verify that the connection is proper and the system executes all the four commands without asking for password. For example:

On node Node3:

Node3# ssh Node3 ls /.ssh

Node3# ssh Node2 ls /.ssh

On node Node2:

Node2# ssh Node2 ls /.ssh

Node2# ssh Node3 ls /.ssh

To set SSH connection without password between multiple nodes for the same IP

After the SSH connection without password is configured between two IPs placed on different nodes, and if any IP is moved to another node, SSH communication displays the Man-in-middle attack error message. If the Standby package moves from Node3 to Node4, similar error occurs when Primary package attempts to write status file to Node4. To avoid this you must edit USER_HOME/.ssh/known_hosts file.

Perform the following steps to solve this issue:

NOTE: Corresponding to Node1 and Node2 in Figure 12 (page 36), consider that IP1 is used as Interconnect traffic IP. Similarly, IP2 is used as Interconnect traffic IP between Node3 and Node4.

1.Consider IP1 is assigned to Node2, and IP2 is assigned to Node3. To configure a SSH connection without password between IP1 and IP2, follow the procedure described in “ To configure SSH connection without password for root user between two nodes” (page 49)

2.After SSH connection without password is set successfully, move IP2 from Node3 to Node4. Now, SSH from IP1 to IP2 shows the following error:

@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@ WARNING: POSSIBLE DNS SPOOFING DETECTED!

@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@The RSA host key for foo-bar.net has changed, and the key for the corresponding IP address 127.0.0.1

is unchanged. This could either mean that

DNS SPOOFING is happening or the IP address for the host and its host key has changed at the same time.

50 To configure SSH connection without password for root user between two nodes