Configure SSH to restrict the Oracle user to member nodes in RAC (Doc ID 852350.1)

Last updated on NOVEMBER 03, 2015

Applies to:

Oracle Database - Enterprise Edition - Version 9.2.0.8 to 11.2.0.3 [Release 9.2 to 11.2]
Information in this document applies to any platform.
Information in this document applies to any platform.
Checked for relevance on 06-JUN-2013.

Goal

This note is a “best effort” to configure ssh to secure the Oracle software owner so its account cannot be accessed remotely outside the RAC nodes, yet still be available to apply patches. This note is not intended to be all encompassing and should not be used as an Oracle recommendation for any security design. The steps and configurations in this note should still be validated and verified for the security requirements of an Enterprise.

The Secure Shell (ssh) is used by Real Application Cluster during installation and in the application of patches. The Cluster does not need ssh during normal operations. There are many configuration combinations for ssh, but this note is written with the perspective of only one configuration. The intent is to make this configuration as clear as possible so the concepts presented can be applied to the other configuration combinations.

The design requirement this article focuses on involves the special user who owns the software installation. This user is typically called “oracle” and has as its primary OS group “oinstall”. This user must:

  1. Be able to use ssh in between the nodes of the Cluster
  2. Be restricted so it cannot have access any host not in the cluster
  3. Prevent this user from starting a session on the nodes in the Cluster from any host not in the Cluster. This constraint forces other users to switch (su or sudu) to the oracle user.  The OS normally logs this switching of user. The OS also logs any ssh session into the host. Outbound ssh sessions from a host are not logged. This auditing is part of the overall security of this design.
  4. Other accounts can ssh into any node in the Cluster. This is necessary in case a node in the Cluster is unavailable, the other nodes can be used for normal maintenance tasks.
  5. Another requirement will be to log the various events, such as an ssh session being established (see 3 above). This logging assists in the auditing of events.

Solution

Sign In with your My Oracle Support account

Don't have a My Oracle Support account? Click to get started

My Oracle Support provides customers with access to over a
Million Knowledge Articles and hundreds of Community platforms