Help Center/ SAP Cloud/ Best Practices/ SAP S/4HANA (1809) HA Deployment Best Practice/ Resource Creation/ Configuring SSH Switching Permissions
Updated on 2023-10-17 GMT+08:00
View PDF
Share

Configuring SSH Switching Permissions

To allow switching between active and standby SAP HANA ECSs as well as between active and standby SAP S/4HANA ECSs using SSH, you must configure the ECSs to be trusty. The following procedure applies to the scenario where password is used for login.

Procedure

  1. Log in to the active SAP HANA ECS, generate a key pair, and write the public key information to the authorized_keys file.

    The command is in the following format:

    ssh-keygen -t rsa

    Press Enter for three consecutive times to generate a key pair.

  2. Configure the generated key pair on the standby SAP HANA ECS.

    The command is in the following format:

    ssh-copy-id -i /root/.ssh/id_rsa.pub root@IP address of the standby SAP HANA ECS

    Enter the password of the standby ECS.

    For example, if the IP address of the standby ECS is 10.0.3.31, run the following command:

    ssh-copy-id -i /root/.ssh/id_rsa.pub root@10.0.3.31

  3. Run the following command to log in to the standby ECS without a password:

    ssh root@IP address of the standby ECS

    For example, if the IP address of the standby ECS is 10.0.3.31, run the following command:

    ssh root@10.0.3.31

  4. Run the following command to generate a key pair for the standby ECS:

    ssh-keygen -t rsa

    Press Enter for three consecutive times to generate a key pair.

  5. Run the following command to configure the generated key pair on the active SAP HANA ECS:

    ssh-copy-id -i /root/.ssh/id_rsa.pub root@IP address of the active SAP HANA ECS

    Enter the password of the active ECS.

    For example, if the IP address of the active ECS is 10.0.3.30, run the following command:

    ssh-copy-id -i /root/.ssh/id_rsa.pub root@10.0.3.30

  6. Run the following command to log in to the active ECS without a password:

    ssh root@IP address of the active ECS

    For example, if the IP address of the standby ECS is 10.0.3.30, run the following command:

    ssh root@10.0.3.30

    The trust relationship between the active and standby SAP HANA ECSs has been configured.

  7. Repeat the preceding steps to configure the trust relationship between the active and standby SAP S/4HANA ECSs.

    After the switching, you must switch back to the NAT server. Then, verify the switching from the NAT server to other nodes.

    During the first switching, the system displays the fingerprint as well as the message "Are you sure you want to continue connecting (yes/no)?". Enter yes and continue the switching.

Parent topic: Resource Creation