SSH Public Key Access in cPanel

Configuring SSH public key access in cPanel allows for a more secure way of logging into a web server than using a password.

Using password authentication can eventually lead to the password to be cracked with a brute force attack. SSH keys are nearly impossible to decipher by brute force alone, because the public key resides on the server (the remote location), and the private key resides locally on your computer/server.

When you attempt to login to a server, both the public and private key are compared. If they ‘match’, then you will be allowed to login to the server location.

To use SSH public key authentication to login to the web server, within cPanel, head to the relevant account to provide SSH access for within WebHost Manager (WHM) under List Accounts.

Then click on SSH Access under the Security section.

SSH Public Key Access in cPanel

Within this area, click on Manage SSH Keys and then Import Key.

You will then be presented with a screen with fields allowing you to paste in a private and public key.

SSH Public Key Access in cPanel

As the note suggests at the bottom of the form, usually adding one of the keys will be enough. If you’re attempting to access the server from your local machine, you should add in your public key into the form.

To access your public key, you can open terminal and use the following commands.

$ cat ~/.ssh/id_rsa.pub
$ cat ~/.ssh/id_dsa.pub

If you don’t have these files created, you will need to generate a key pair using the ssh-keygen command.

Paste the contents of the public key into the form and save the key.

SSH Public Key Access in cPanel

By default, the keys added into cPanel are not authorised, therefore click on Manage and authorise the key.

You should then be able to SSH into your server without being prompted for a password using ssh [username]@[hostname].

If you don’t have access to cPanel (or don’t have it installed), you can use the ssh-copy-id command to copy the public key over to the remote host.

ssh-copy-id can be used installing homebrew.

brew install ssh-copy-id

And then used as per the below.

ssh-copy-id [username]@[hostname]