8.10 Setting up SSH Equivalence

Before updating software on your Oracle Exadata Database Machine, you must configure SSH equivalence.

You can run the Exadata update utilities for Oracle Exadata Database Server, Oracle Exadata Storage Server, and the RDMA Network Fabric switch as either root or as a non-root user from any server running Oracle Linux. The utility can perform precheck, update, and rollback actions on any Exadata server as long as SSH equivalence is set up for the root user for the target Exadata server.

1. Prepare a file named cell_group or dbs_group that has one storage server or database server host name or IP address per line for each storage server or database server you want to update.
2. Check for existing SSH equivalence.
   The following command should require no password prompts and no interaction. It should return the list of host names in the cell_group file.

   [oracle@nonExadataHost ]# ./dcli -g cell_group -l root 'hostname -i'

3. Set up SSH equivalence if not already done so from the launch server.
   Do not do this step if you already have root SSH equivalence.
   Generate SSH keys using the following command:

   [oracle@nonExadataHost ]# ssh-keygen [-t rsa]

   You can use the -t option to specify the key type, such as RSA or DSA. If you do not include the -t option, then RSA is configured by default.

   Accept the defaults so that the SSH keys are created for the root user.

4. Push the SSH keys to set up SSH equivalence.
   Enter the root password when prompted.

   [oracle@nonExadataHost ]# dcli -g cell_group -l root –k

Note:

Customers in secure environments may have chosen to disable SSH access to Oracle Exadata Storage Server. During normal operations, Oracle Exadata Storage Server does not require SSH access. However, administrative utilities such as the update utility require SSH access. See the subsection "Unlocking a Cell Temporarily" in the topic Disabling SSH on Storage Servers for information on unlocking storage servers.