Passwordless SSH Configuration for Oracle RAC
Passwordless SSH Configuration for Oracle RAC-
Step-by-Step guide
Why Passwordless SSH?
During a RAC installation, the Grid Infrastructure (GI) software must be installed on all nodes. Instead of you logging into each server manually, the installer uses scp (secure copy) and ssh (secure shell) to push binaries and run configuration scripts. If SSH asks for a password, the installation will fail.
Prerequisites
Before starting, ensure the following are true for all nodes (e.g., racnode1 and racnode2):
-
The
oracleandgridusers are created. -
The
/home/oracleand/home/griddirectories exist and have correct permissions. -
Hostnames are resolvable via
/etc/hostsor DNS.
Step 1: Generate RSA Keys
Log in as the grid user (or oracle user, depending on which software you are configuring). You must repeat these steps for both users.
On both nodes, run the following command. When prompted for a passphrase, leave it empty by pressing Enter.
mkdir -p ~/.ssh
chmod 700 ~/.ssh
ssh-keygen -t rsa
This generates two files in ~/.ssh/:
-
id_rsa(Private Key) -
id_rsa.pub(Public Key)
Step 2: Create the Authorized Keys File
The goal is to consolidate the public keys from all nodes into a single file called authorized_keys.
On Node 1:
Copy the public key of Node 1 into a new authorized_keys file:
cat ~/.ssh/id_rsa.pub >> ~/.ssh/authorized_keys
On Node 2:
Send Node 2’s public key to Node 1:
scp ~/.ssh/id_rsa.pub grid@racnode1:~/.ssh/id_rsa_node2.pub
Back on Node 1:
Append Node 2’s key to the authorized list and send the complete file back to Node 2:
cat ~/.ssh/id_rsa_node2.pub >> ~/.ssh/authorized_keys
scp ~/.ssh/authorized_keys grid@racnode2:~/.ssh/
Step 3: Set Permissions
SSH is very strict about file permissions. If the permissions are too “open,” SSH will ignore the keys for security reasons. Run these on all nodes:
chmod 600 ~/.ssh/authorized_keys
Step 4: Establish First-Time Connectivity
You must manually SSH into every node (including the node itself) at least once to add the host signatures to the known_hosts file.
On Node 1, run:
ssh racnode1 date
ssh racnode1-priv date
ssh racnode2 date
ssh racnode2-priv date
On Node 2, run:
ssh racnode1 date
ssh racnode1-priv date
ssh racnode2 date
ssh racnode2-priv date
Note: If you are prompted “Are you sure you want to continue connecting (yes/no)?”, type yes. After this, the date command should return the system time without asking for a password.
Step 5: Verification (The Easy Way)
Oracle provides a utility called cluvfy (Cluster Verification Utility) bundled with the installation media. This is the gold standard for checking your work.
Navigate to your Grid installation media directory and run:
./runcluvfy.sh comp nodecon -n racnode1,racnode2 -verbose
If the check for “User equivalence” passes, your passwordless SSH is correctly configured.
Key Troubleshooting Tips
-
Permissions: Ensure the home directory is not writable by “group” or “others” (
chmod 700 ~). -
SELinux: Sometimes SELinux can block SSH key access. If you face issues, check
/var/log/audit/audit.log. -
StrictModes: In
/etc/ssh/sshd_config, ifStrictModesis set toyes, ensure file ownership is correct.
Explore more with Learnomate Technologies!
Want to see how we teach?
Head over to our YouTube channel for insights, tutorials, and tech breakdowns:
 www.youtube.com/@learnomate
To know more about our courses, offerings, and team:
Visit our official website:Â www.learnomate.org
Interested in mastering Oracle Database Administration?
Check out our comprehensive Oracle DBA Training program here: https://learnomate.org/oracle-dba-training/
Want to explore more tech topics?
Check out our detailed blog posts here:Â https://learnomate.org/blogs/
And hey, I’d love to stay connected with you personally!
 Let’s connect on LinkedIn: Ankush Thavali
Happy learning!
Ankush😎
