We're here to help!

Using SSH as Primary Communication Layer for Dbvisit Standby

Follow
Problem Description

When using Dbvisit Standby version 7.0 or 8.0 on Unix based systems, you can also configure the use of SSH instead of using Dbvnet. On Windows based systems Dbvnet is the only option when using Dbvisit Standby version 7.0 or 8.0 .

Steps Performed

The key requirement for using SSH is to ensure SSH user equivalence between the primary and standby servers. If using Oracle Linux 5 and above or RHEL 5 and above you can easily make use of the following commands:

To Generate the required keys:

ssh-keygen -t dsa

To Update the remote server's authorized keys file:

ssh-copy-id -i $HOME/.ssh/id_dsa.pub oracle@remote_server_name

For example, if you have two servers PrimaryNode and StandbyNode and are using the "oracle" Unix account you can follow these steps to enable SSH User Equivalence:

On PrimaryNode as the oracle Unix account:

  • Run the ssh-keygen command and press enter, accepting null values when asked for a pass-phrase (do not supply a pass-phrase). The required DSA keys will be created in the $HOME/.ssh/ directory

    ssh-keygen -t dsa
  • Run the ssh-copy-id command to update the local and remote authorized_keys files:

    ssh-copy-id -i $HOME/.ssh/id_dsa.pub oracle@PrimaryNode
    ssh-copy-id -i $HOME/.ssh/id_dsa.pub oracle@StandbyNode

On StandbyNode as the oracle Unix account:

  • Run the ssh-keygen command and press enter. Accept null values when asked for a pass-phrase (do not supply a pass-phrase). The required DSA keys will be created in $HOME/.ssh/ directory

    ssh-keygen -t dsa
  • Run the ssh-copy-id command to update the local and remote authorized_keys files:

    ssh-copy-id -i $HOME/.ssh/id_dsa.pub oracle@PrimaryNode
    ssh-copy-id -i $HOME/.ssh/id_dsa.pub oracle@StandbyNode

Following the above steps, you should now be able to SSH between the primary and standby servers without being asked for a password. For example, running the following you should not be asked for any passwords and should just echo back the date from the remote server:

On PrimaryNode: ssh PrimaryNode "date"

On StandbyNode: ssh StandbyNode "date"

If you do not have the option to use the ssh-copy-id command you can update the authorized_keys file manually. Detailed steps to perform this are explained in the

Dbvisit Standby Version 7.0 User Guide here:

https://dbvisit.atlassian.net/wiki/display/UGDS7/Appendix+E%3A+Configure+Secure+Shell+%28SSH%29+Equivalence

Dbvisit Standby Version 8.0 Link:

https://dbvisit.atlassian.net/wiki/display/DS8QSG/Dbvisit+Standby+Networking+-+Dbvnet#DbvisitStandbyNetworking-Dbvnet-9.UsingSSH(UNIXOnly)

 

Dbvisit Standby Required Changes to Enable the Use of SSH

Once you have SSH user equivalence configured, you can now update the following values in the Dbvisit Standby DDC file on the primary server:

DBVNET_PORT=
SSH_PORT = 22
CP = /usr/bin/scp
RSH = /usr/bin/ssh
Summary
  • Set the DBVNET_PORT to a null (empty) value.
  • Ensure that the SSH_PORT is specified (default is 22).
  • Set the CP variable to the full path of the scp command. In most cases this will be /usr/bin/scp.
  • Set the RSH variable to the full path of the ssh command. In most cases this will be /usr/bin/ssh.

You should now be able to run Dbvisit Standby as normal and it will make use of SSH instead of Dbvnet.

Anton Els September 02, 2014 00:03

Have more questions? Submit a request

Comments