Knowledge Base

How to configure SSH keys using cPanel

This article describes how to create and deploy SSH keys using cPanel. With SSH keys, you can automate logins to your A2 Hosting account, or use two-factor authentication for increased security.

This article describes how to configure SSH keys using cPanel. If your hosting account does not include cPanel, or if you want to use the command line to configure SSH keys, please see this article.

Using SSH keys

When you log in to your account interactively using an SSH client as described in this article, you must enter a password every time. But what if you want to run an automated process? Perhaps you want to automatically download a database backup at certain times to your local computer. In this scenario, you don't want to have to manually type your SSH password every time the backup process runs.

Or what if you want to allow multiple users to transfer files securely using SFTP, as described in this article? You don't want to give them your password, which would give them complete access to your account, including cPanel.

You can solve these problems by using SSH keys to connect to your account. SSH keys enable your computer to log in to your A2 Hosting account automatically without you typing a password. To use SSH keys, you must first create a public key and private key (also known as a key pair). The client's private key stays on your local computer, while the public key resides on the A2 Hosting server.

Alternatively, you can also create SSH keys and protect them with a passphrase for two-factor authentication. Although this configuration does not enable automatic logins, it does provide an extra layer of security, because you must have the correct key file and know the correct passphrase to access the account.

Configuring SSH keys in cPanel

When you configure SSH keys in cPanel, you can create a new key pair, or import an existing key.

Option #1: Generating a new key

To generate a new SSH key pair for your account, follow these steps:

  1. Log in to cPanel.
    If you do not know how to log in to your cPanel account, please see this article.
  2. In the SECURITY section of the cPanel home screen, click SSH Access:

    cPanel - Security - SSH Access icon

  3. On the SSH Access page, under Manage SSH Keys, click Manage SSH Keys.
  4. Click Generate a New Key.
  5. Confirm the Key Name is set to id_rsa.
  6. In the Key Password and Reenter Password text boxes, type a password for the key. Alternatively, you can click Password Generator and cPanel generates a strong password for you.

    cPanel only allows you to create SSH keys that have a password. If you need a password-less SSH key (such as for an automated script), you must generate it from the command line as described in this article.
  7. Confirm the Key Type is set to RSA.
  8. Confirm the Key Size is set to 2048.
  9. Click Generate Key. cPanel generates the public and private keys and saves them in the /home/username/.ssh directory, where username represents your A2 Hosting account username.
  10. Click Go Back.
  11. Under Public Keys, locate the name of the key you just created. Under Actions, click Manage.
  12. Click Authorize, and then click Go Back. To connect to your account using the new key, read Connecting to your account using the SSH keys below.
Option #2: Importing an existing key

If you have already generated SSH keys for your account and want to re-use them, you can use cPanel to import them. To do this, follow these steps:

  1. Log in to cPanel.
    If you do not know how to log in to your cPanel account, please see this article.
  2. In the SECURITY section of the cPanel home screen, click SSH Access:

    cPanel - Security - SSH Access icon

  3. On the SSH Access page, under Manage SSH Keys, click Manage SSH Keys.
  4. Click Import Key.
  5. In the Choose a name for this key (defaults to id_dsa) text box, type the name for the key.
  6. Under Paste the public key into the following text box, paste the text of the public key into the text box.
  7. Click Import. cPanel imports the key.
  8. Click Back to Manage Keys.
  9. Under Public Keys, locate the name of the key you just imported. Under Actions, click Manage.
  10. Click Authorize, and then click Go Back. To connect to your account using the new key, read Connecting to your account using the SSH keys below.

Connecting to your account using the SSH keys

Use the appropriate procedure below for your computer's operating system.

Windows operating systems

For computers running Microsoft Windows, you can use the PuTTY program to connect to your A2 Hosting account with SSH keys.

Using PuTTY

Before you can connect to your account, you must deploy the private key to your local computer (unless you imported a public key into cPanel, in which case you presumably already have the private key on your computer). To do this, follow these steps:

  1. Log in to cPanel.
    If you do not know how to log in to your cPanel account, please see this article.
  2. In the SECURITY section of the cPanel home screen, click SSH Access:

    cPanel - Security - SSH Access icon

  3. On the SSH Access page, under Manage SSH Keys, click Manage SSH Keys.
  4. On the SSH Access page, under Private Keys, locate the name of the key you created, and then click View/Download.
  5. Under Convert the “id_rsa” key to PPK format, click Convert. cPanel converts the key.
  6. Click Download Key, and then save the id_rsa.ppk file on your local computer. Make sure you note where the file is saved on your computer.

At this point, you have created the SSH key pair and deployed the private key to your local computer. You are now ready to configure the PuTTY client to connect to your SSH account using the private key.

The following procedure assumes that you have already downloaded and installed the PuTTY client. If you have not already done this, follow the PuTTY setup procedures in this article before proceeding.

To configure PuTTY to use your private key, follow these steps:

  1. Start PuTTY.
  2. In the Category pane, expand SSH, and then click Auth.
  3. Under Authentication Parameters, click Browse.
  4. Locate the id_rsa.ppk file that you created in the previous procedure.
  5. In the Category pane, click Session.
  6. In the Host Name (or IP address) text box, type username@example.com. Replace username with your A2 Hosting username, and replace example.com with your site's domain name.
  7. In the Port text box, type 7822.
    The default port for SSH is 22. However, A2 Hosting uses a different port for security reasons.
  8. Confirm that the Connection type radio button is set to SSH.
  9. In the Saved Sessions text box, type a name for the connection. For example, type A2 account.
  10. Click Save.
  11. To connect to your SSH account, double-click the connection name in the list. PuTTY should connect without asking you to type your account password. If you set a passphrase for the key, however, you must type the key passphrase.

 

Mac OS X and Linux operating systems

Before you can connect to your account, you must deploy the private key to your local computer (unless you imported a public key into cPanel, in which case you presumably already have the private key on your computer). To do this, follow these steps:

  1. Log in to cPanel.
    If you do not know how to log in to your cPanel account, please see this article.
  2. In the SECURITY section of the cPanel home screen, click SSH Access:

    cPanel - Security - SSH Access icon

  3. On the SSH Access page, under Manage SSH Keys, click Manage SSH Keys.
  4. On the SSH Access page, under Private Keys, locate the name of the key you created, and then click View/Download.
  5. Click Download Key, and then save the id_rsa file on your local computer in the /home/username/.ssh directory. Replace username with your own username.

At this point, you have created the SSH key pair and deployed the private key to your local computer. You are now ready to connect to your SSH account using the keys.

To connect to your SSH account using the keys, follow these steps:

  1. Open a terminal window. The procedure to do this depends on the operating system and desktop environment .
    • On Mac OS X, click Applications, click Utilities, and then click Terminal.
  2. At the command prompt, type the following command. Replace username with your A2 Hosting username, and replace example.com with your site's domain name:
    ssh -p 7822 username@example.com
    In this command, we explicitly specify the port number, the username, and the hostname. However, you can also define the settings for a remote host in your ~/.ssh/config file as follows:
    Host example
        Hostname example.com
        Port 7822
        User username
    
    The Host value can be any name you want; it is simply a label for the other settings. The Hostname value is the remote host you want to access, the port number is 7822, and the User value specifies your A2 Hosting account username. With this configuration defined, you can connect to the account by simply using the Host value. You do not have to type the port number, username, and hostname each time. The following command demonstrates how to do this:
    ssh example
  3. The SSH client should connect without asking you to type your account password. If you set a passphrase for the key, however, you must type the key passphrase.
    If you are using a passphrase, you may not want to have to re-type it every time you connect to the remote server. If your computer has OpenSSH version 7.2 or later, you can automatically store the passphrase in the SSH authentication agent. (To determine the OpenSSH version installed on your computer, type ssh -V at the command prompt.) Then when you connect to the remote server, you must type the passphrase the first time, but not for any subsequent connections.
    To do this, add the following lines to your ~/.ssh/config file:
    Host *
        AddKeysToAgent yes
    If you are using Mac OS X, add the following line as well:
        UseKeychain yes
    Alternatively, if you have an older version of OpenSSH installed on your computer, you can type the ssh-add command to manually store the passphrase in the SSH authentication agent for the duration of your login session.