#ListenAddress ::
# HostKey for protocol version 1
#HostKey /etc/ssh/ssh_host_key
# HostKeys for protocol version 2
#HostKey /etc/ssh/ssh_host_rsa_key
#HostKey /etc/ssh/ssh_host_dsa_key
# Lifetime and size of ephemeral version 1 server key
#KeyRegenerationInterval 1h
Part II? 实际修改部分
1. 我们计划将端口修改为6001,首先我们需要确认这个端口是否被使用
[root@node211g ~]# lsof -i:22
COMMAND PID USER FD TYPE DEVICE SIZE NODE NAME
sshd 4543 root 3u IPv4 16317 TCP *:ssh (LISTEN)
sshd 16000 root 3r IPv4 57216374 TCP node211g:ssh->node111g:56437 (ESTABLISHED) <<<<<<<22端口呗ssh使用
sshd 16004 oracle 3u IPv4 57216374 TCP node211g:ssh->node111g:56437 (ESTABLISHED)
sshd 17907 root 3r IPv4 57462432 TCP node211g:ssh->node111g:59861 (ESTABLISHED)
sshd 17911 oracle 3u IPv4 57462432 TCP node211g:ssh->node111g:59861 (ESTABLISHED)
?
[root@node211g ~]# lsof -i:1521
COMMAND PID USER FD TYPE DEVICE SIZE NODE NAME
oracle 1437 oracle 14u IPv4 68052787 TCP node211g:20651->node-cluster-scan:ncube-lm (ESTABLISHED) <<<<<<1521端口被scan使用
oracle 14412 grid 15u IPv4 1313392 TCP node211g:34873->node-cluster-scan:ncube-lm (ESTABLISHED)
tnslsnr 14882 grid 16u IPv4 1332718 TCP node211g:ncube-lm (LISTEN)
tnslsnr 14882 grid 17u IPv4 1332719 TCP node211g-vip:ncube-lm (LISTEN)
[root@node211g ~]# lsof -i:6001
6001端口没有被使用
2. 同时在两个节点增加Port 6001 到SSH配置文件中
[root@node111g ~]# vi /etc/ssh/sshd_config
?
#Port 22
Port 6001
#Protocol 2,1
Protocol 2
3. 重启ssh服务,让端口生效
[root@node111g ~]# service sshd restart
Stopping sshd: [ OK ]
Starting sshd: [ OK ]
[root@node211g ~]# service sshd restart?
Stopping sshd: [ OK ]
Starting sshd: [ OK ]
4.查看端口,已经被SSH使用
[root@node111g ~]# lsof -i:6001
COMMAND PID USER FD TYPE DEVICE SIZE NODE NAME
sshd 28964 root 3u IPv4 111172702 TCP *:6001 (LISTEN)
[root@node211g ~]# lsof -i:6001
COMMAND PID USER FD TYPE DEVICE SIZE NODE NAME
sshd 18371 root 3u IPv4 70993328 TCP *:6001 (LISTEN)
[root@node211g ~]#
5. 检查和测试端口,端口22已经无法连接
[oracle@node111g archive_log]$ ssh node111g
ssh: connect to host node111g port 22: Connection refused
[oracle@node111g archive_log]$ ssh node211g
ssh: connect to host node211g port 22: Connection refused
Part III 测试对RAC的影响
1. 通过端口6001连接,一切正常,RAC等价性也没有受到影响,这里说明SSH等价性是不会受端口的影响的。
这里可以简单理解为,node1和node2彼此有对方的访问秘钥的,只要对方有秘钥就行,不会关心从什么端口访问过来的
[oracle@node111g archive_log]$ ssh -p 6001 node211g
Last login: Fri Dec 19 10:19:05 2014 from node111g
[oracle@node211g ~]$ hostname
node211g
[oracle@node211g ~]$ exit
logout
Connection to node211g closed.
2. 端口已经修改成功,检查crs状态,一切正常
[grid@node111g ~]$ crsctl status res -t
--------------------------------------------------------------------------------
NAME TARGET STATE SERVER STATE_DETAILS
--------------------------------------------------------------------------------
Local Resources
--------------------------------------------------------------------------------
ora.DATA.dg
? ? ? ? ? ? ? ONLINE ONLINE node111g
? ? ? ? ? ? ? ONLINE ONLINE node211g
ora.DGROUP_01.dg
? ? ? ? ? ? ? ONLINE ONLINE node111g
? ? ? ? ? ? ? OFFLINE OFFLINE node211g
ora.FRA.dg
? ? ? ? ? ? ? ONLINE ONLINE node111g
? ? ? ? ? ? ? ONLINE ONLINE node211g
ora.LISTENER.lsnr
? ? ? ? ? ? ? ONLINE ONLINE node111g
? ? ? ? ? ? ? ONLINE ONLINE node211g
ora.LISTENER_TEST.lsnr
? ? ? ? ? ? ? ONLINE ONLINE node111g
? ? ? ? ? ? ? ONLINE ONLINE node211g
ora.OCR.dg
? ? ? ? ? ? ? ONLINE ONLINE node111g
? ? ? ? ? ? ? ONLINE ONLINE node211g
ora.VOTE3D.dg
? ? ? ? ? ? ? ONLINE ONLINE node111g
? ? ? ? ? ? ? OFFLINE OFFLINE node211g
ora.asm
? ? ? ? ? ? ? ONLINE ONLINE node111g Started
? ? ? ? ? ? ? ONLINE ONLINE node21