How to configure SSH keys using cPanel

This article describes how to create and deploy SSH keys using cPanel. With SSH keys, you can automate logins to your A2 Hosting account, or use two-factor authentication for increased security.

This article describes how to configure SSH keys using cPanel. If your hosting account does not include cPanel, or if you want to use the command line to configure SSH keys, please see this article.

Using SSH keys

When you log in to your account interactively using an SSH client as described in this article, you must enter a password every time. But what if you want to run an automated process? Perhaps you want to automatically download a database backup at certain times to your local computer. In this scenario, you don't want to have to manually type your SSH password every time the backup process runs.

Or what if you want to allow multiple users to transfer files securely using SFTP, as described in this article? You would need to give them your cPanel password, which would give them complete access to your account.

You can solve these problems by using SSH keys to connect to your account. SSH keys enable your computer to log in to your A2 Hosting account automatically without you typing a password. To use SSH keys, you must first create a public key and private key (also known as a key pair). The client's private key stays on your local computer, while the public key resides on the A2 Hosting server.

Alternatively, you can also create SSH keys and protect them with a passphrase for two-factor authentication. Although this configuration does not enable automatic logins, it does provide an extra layer of security, because you must have the correct key file and know the correct passphrase to access the account.

Configuring SSH keys in cPanel

When you configure SSH keys in cPanel, you can create a new key pair, or import an existing key.

Option #1: Generating a new key

To generate a new SSH key pair for your account, follow these steps:

  1. Log in to cPanel.
    If you do not know how to log in to your cPanel account, please see this article.
  2. Open the SSH Access tool:
    • If you are using the Jupiter theme, on the Tools page, in the Security section, click SSH Access:

    • If you are using the Paper Lantern theme, in the Security section, click SSH Access:

      cPanel - Security - SSH Access icon

  3. On the SSH Access page, under Manage SSH Keys, click Manage SSH Keys.
  4. Click Generate a New Key.
  5. Confirm the Key Name is set to id_rsa.
  6. In the Key Password and Reenter Password text boxes, type a password for the key. Alternatively, you can click Password Generator and cPanel generates a strong password for you.
  7. Confirm the Key Type is set to RSA.
  8. Confirm the Key Size is set to 2048.
  9. Click Generate Key. cPanel generates the public and private keys and saves them in the /home/username/.ssh directory, where username represents your A2 Hosting account username.
  10. Click Go Back.
  11. Under Public Keys, locate the name of the key you just created. Under Actions, click Manage.
  12. Click Authorize, and then click Go Back. To connect to your account using the new key, read Connecting to your account using the SSH keys below.
Option #2: Importing an existing key

If you have already generated SSH keys for your account and want to re-use them, you can use cPanel to import them. To do this, follow these steps:

  1. Log in to cPanel.
    If you do not know how to log in to your cPanel account, please see this article.
  2. Open the SSH Access tool:
    • If you are using the Jupiter theme, on the Tools page, in the Security section, click SSH Access:

    • If you are using the Paper Lantern theme, in the Security section, click SSH Access:

      cPanel - Security - SSH Access icon

  3. On the SSH Access page, under Manage SSH Keys, click Manage SSH Keys.
  4. Click Import Key.
  5. In the Choose a name for this key (defaults to id_dsa) text box, type the name for the key.

    If your server runs OpenSSH version 7 or later, for security reasons you cannot use DSA keys. (To determine the OpenSSH version installed on your server, type ssh -V at the command prompt.) You should use RSA keys instead.
  6. Under Paste the public key into the following text box, paste the text of the public key into the text box.
  7. Click Import. cPanel imports the key.
  8. Click Back to Manage Keys.
  9. Under Public Keys, locate the name of the key you just imported. Under Actions, click Manage.
  10. Click Authorize, and then click Go Back. To connect to your account using the new key, read Connecting to your account using the SSH keys below.

Connecting to your account using the SSH keys

Use the appropriate procedure below for your computer's operating system.

Windows operating systems

For computers running Microsoft Windows, you can use the PuTTY program to connect to your A2 Hosting account with SSH keys. Alternatively, Windows 10 includes a native SSH client that you can use, without the need to install and configure an additional program.

Using PuTTY

Before you can connect to your account, you must deploy the private key to your local computer (unless you imported a public key into cPanel, in which case you presumably already have the private key on your computer). To do this, follow these steps:

  1. Log in to cPanel.
    If you do not know how to log in to your cPanel account, please see this article.
  2. Open the SSH Access tool:
    • If you are using the Jupiter theme, on the Tools page, in the Security section, click SSH Access:

    • If you are using the Paper Lantern theme, in the Security section, click SSH Access:

      cPanel - Security - SSH Access icon

  3. On the SSH Access page, under Manage SSH Keys, click Manage SSH Keys.
  4. On the SSH Access page, under Private Keys, locate the name of the key you created, and then click View/Download.
  5. Under Convert the “id_rsa” key to PPK format, click Convert. cPanel converts the key.
  6. Click Download Key, and then save the id_rsa.ppk file on your local computer. Make sure you note where the file is saved on your computer.

At this point, you have created the SSH key pair and deployed the private key to your local computer. You are now ready to configure the PuTTY client to connect to your SSH account using the private key.

The following procedure assumes that you have already downloaded and installed the PuTTY client. If you have not already done this, follow the PuTTY setup procedures in this article before proceeding.

To configure PuTTY to use your private key, follow these steps:

  1. Start PuTTY.
  2. In the Category pane, expand SSH, and then click Auth.
  3. Under Authentication Parameters, click Browse.
  4. Locate the id_rsa.ppk file that you created in the previous procedure.
  5. In the Category pane, click Session.
  6. In the Host Name (or IP address) text box, type username@example.com. Replace username with your A2 Hosting username, and replace example.com with your site's domain name.
  7. In the Port text box, type 7822.
    The default port for SSH is 22. However, A2 Hosting uses a different port for security reasons.
  8. Confirm that the Connection type radio button is set to SSH.
  9. In the Saved Sessions text box, type a name for the connection. For example, type A2 account.
  10. Click Save.
  11. To connect to your SSH account, double-click the connection name in the list. PuTTY should connect without asking you to type your account password. If you set a passphrase for the key, however, you must type the key passphrase.

Using the native Windows SSH client

To use the built-in Windows 10 SSH client to connect to your account using a key, follow these steps:

  1. Log in to cPanel.
    If you do not know how to log in to your cPanel account, please see this article.
  2. Open the SSH Access tool:
    • If you are using the Jupiter theme, on the Tools page, in the Security section, click SSH Access:

    • If you are using the Paper Lantern theme, in the Security section, click SSH Access:

      cPanel - Security - SSH Access icon

  3. On the SSH Access page, under Manage SSH Keys, click Manage SSH Keys.
  4. On the SSH Access page, under Private Keys, locate the name of the key you created, and then click View/Download.
  5. Click Download Key, and then save the id_rsa file on your local computer. You are now ready to start the SSH client and use the key.

    Make sure you note where you save the file on your computer. To make the key file the default key file for SSH connections, save it in the \Users\username\.ssh directory, where username represents your Windows username.
  6. To open the Run dialog box, type Windows key + r.
  7. In the Run dialog box, type cmd and then click OK to open a command prompt window.
  8. At the command prompt, type the following command. Replace username with your A2 Hosting username, and replace example.com with your site's domain name:

    ssh -p 7822 username@example.com

    If you did not save the key file in the \Users\username\.ssh directory in step 5, you must also specify the key file location. To do this, type the following command instead. Replace path with the path where you saved the key file in step 5:

    ssh -p 7822 -i path username@example.com
  9. If this is the first time you are connecting to the server, you receive a message about the key fingerprint. Type yes and then press Enter.

    You do not receive this message on subsequent connection attempts.
  10. When you are connected, the remote server's command line prompt appears:

    username@hostname [~]#
  11. You can now run commands on the remote server. For example, to see a listing of the current directory, type ls and then press Enter.
  12. To close the SSH connection when you are done, type exit and then press Enter.
  13. To close the command prompt window, type exit and then press Enter.
Mac OS X and Linux operating systems

Before you can connect to your account, you must deploy the private key to your local computer (unless you imported a public key into cPanel, in which case you presumably already have the private key on your computer). To do this, follow these steps:

  1. Log in to cPanel.
    If you do not know how to log in to your cPanel account, please see this article.
  2. Open the SSH Access tool:
    • If you are using the Jupiter theme, on the Tools page, in the Security section, click SSH Access:

    • If you are using the Paper Lantern theme, in the Security section, click SSH Access:

      cPanel - Security - SSH Access icon

  3. On the SSH Access page, under Manage SSH Keys, click Manage SSH Keys.
  4. On the SSH Access page, under Private Keys, locate the name of the key you created, and then click View/Download.
  5. Click Download Key, and then save the id_rsa file on your local computer in the /home/username/.ssh directory. Replace username with your own username.

At this point, you have created the SSH key pair and deployed the private key to your local computer. You are now ready to connect to your SSH account using the keys.

To connect to your SSH account using the keys, follow these steps:

  1. Open a terminal window. The procedure to do this depends on the operating system and desktop environment.
    • On Mac OS X, click Applications, click Utilities, and then click Terminal.
  2. At the command prompt, type the following command. Replace username with your A2 Hosting username, and replace example.com with your site's domain name:
    ssh -p 7822 username@example.com
    In this command, we explicitly specify the port number, the username, and the hostname. However, you can also define the settings for a remote host in your ~/.ssh/config file as follows:
    Host example
        Hostname example.com
        Port 7822
        User username
    
    The Host value can be any name you want; it is simply a label for the other settings. The Hostname value is the remote host you want to access, the port number is 7822, and the User value specifies your A2 Hosting account username. With this configuration defined, you can connect to the account by simply using the Host value. You do not have to type the port number, username, and hostname each time. The following command demonstrates how to do this:
    ssh example
  3. The SSH client should connect without asking you to type your account password. If you set a passphrase for the key, however, you must type the key passphrase.
    If you are using a passphrase, you may not want to have to re-type it every time you connect to the remote server. If your computer has OpenSSH version 7.2 or later, you can automatically store the passphrase in the SSH authentication agent. (To determine the OpenSSH version installed on your computer, type ssh -V at the command prompt.) Then when you connect to the remote server, you must type the passphrase the first time, but not for any subsequent connections.
    To do this, add the following lines to your ~/.ssh/config file:
    Host *
        AddKeysToAgent yes
    If you are using Mac OS X, add the following line as well:
        UseKeychain yes
    Alternatively, if you have an older version of OpenSSH installed on your computer, you can type the ssh-add command to manually store the passphrase in the SSH authentication agent for the duration of your login session.
    If your computer has OpenSSH version 8.8 or later, you may be unable to connect to the server. (To determine the OpenSSH version installed on your computer, type ssh -V at the command prompt.) This is because by default, OpenSSH 8.8 and later versions disable RSA signatures using the SHA-1 hash algorithm.
    To enable RSA signatures with SHA-1 hashes so you can connect to the server, add the following lines to your ~/.ssh/config file:
    HostKeyAlgorithms +ssh-rsa,ssh-dss
    PubkeyAcceptedAlgorithms +ssh-rsa,ssh-dss

Did you find this article helpful? Then you'll love our support. Experience the A2 Hosting difference today and get a pre-secured, pre-optimized website. Check out our web hosting plans today.

We use cookies to personalize the website for you and to analyze the use of our website. You consent to this by clicking on "I consent" or by continuing your use of this website. Further information about cookies can be found in our Privacy Policy.