When using Dbvisit Standby version 7.0 or 8.0 on Unix based systems, you can also configure the use of SSH instead of using Dbvnet.
Note: Using SSH on Unix based systems is 100% supported by Dbvisit Standby version 7 and version 8.
On Windows based systems Dbvnet is the only option when using Dbvisit Standby version 7.0 or 8.0 .
This document will describe the steps to switch from Dbvnet to SSH for network communication.
Steps Performed
The key requirement for using SSH is to ensure SSH user equivalence between the primary and standby servers. If using Oracle Linux 5 and above or RHEL 5 and above you can easily make use of the following commands:
To Generate the required keys:
ssh-keygen -t dsa
To Update the remote server's authorized keys file:
ssh-copy-id -i $HOME/.ssh/id_dsa.pub oracle@remote_server_name
For example, if you have two servers PrimaryNode and StandbyNode and are using the "oracle" Unix account you can follow these steps to enable SSH User Equivalence:
On PrimaryNode as the oracle Unix account:
-
Run the
ssh-keygen
command and press enter, accepting null values when asked for a pass-phrase (do not supply a pass-phrase). The required DSA keys will be created in the$HOME/.ssh/
directoryssh-keygen -t dsa
-
Run the
ssh-copy-id
command to update the local and remote authorized_keys files:ssh-copy-id -i $HOME/.ssh/id_dsa.pub oracle@PrimaryNode
ssh-copy-id -i $HOME/.ssh/id_dsa.pub oracle@StandbyNode
On StandbyNode as the oracle Unix account:
-
Run the
ssh-keygen
command and press enter. Accept null values when asked for a pass-phrase (do not supply a pass-phrase). The required DSA keys will be created in$HOME/.ssh/
directoryssh-keygen -t dsa
-
Run the
ssh-copy-id
command to update the local and remoteauthorized_keys
files:ssh-copy-id -i $HOME/.ssh/id_dsa.pub oracle@PrimaryNode
ssh-copy-id -i $HOME/.ssh/id_dsa.pub oracle@StandbyNode
Following the above steps, you should now be able to SSH between the primary and standby servers without being asked for a password. For example, running the following you should not be asked for any passwords and should just echo back the date from the remote server:
On PrimaryNode: ssh PrimaryNode "date"
On StandbyNode: ssh StandbyNode "date"
If you do not have the option to use the ssh-copy-id
command you can update the authorized_keys
file manually. Detailed steps to perform this are explained in the
Dbvisit Standby Version 7.0 User Guide here:
Dbvisit Standby Version 8.0 Link:
Dbvisit Standby Required Changes to Enable the Use of SSH
Once you have SSH user equivalence configured, you can now update the following values in the Dbvisit Standby DDC file on the primary server:
DBVNET_PORT=
SSH_PORT = 22
CP = /usr/bin/scp
RSH = /usr/bin/ssh
- Set the
DBVNET_PORT
to a null (empty) value. - Ensure that the
SSH_PORT
is specified (default is 22). - Set the CP variable to the full path of the
scp
command. In most cases this will be/usr/bin/scp
. - Set the RSH variable to the full path of the ssh command. In most cases this will be
/usr/bin/ssh
.
You should now be able to run Dbvisit Standby as normal and it will make use of SSH instead of Dbvnet.
Anton Els September 02, 2014 00:03
Comments