{"id":61237,"date":"2021-06-09T15:45:00","date_gmt":"2021-06-09T20:45:00","guid":{"rendered":"https:\/\/blog.cpanel.com\/?p=61237"},"modified":"2021-06-09T15:45:00","modified_gmt":"2021-06-09T20:45:00","slug":"secure-your-cpanel-server-with-ssh-keys-and-public-key-cryptography","status":"publish","type":"post","link":"https:\/\/devel.www.cpanel.net\/blog\/tips-and-tricks\/secure-your-cpanel-server-with-ssh-keys-and-public-key-cryptography\/","title":{"rendered":"Secure Your cPanel Server With SSH Keys And Public Key Cryptography"},"content":{"rendered":"\n<p>cPanel &amp; WHM is a complete server management solution, but you may occasionally need to log in to your server&#8217;s shell to run scripts or edit configuration options on the command line. The most secure way to remotely log in is with SSH. An SSH client on your local computer connects to a daemon on the server. SSH encrypts the commands you send to the server and the information it sends back.<\/p>\n\n\n\n<p>When you log in with SSH, you must supply authentication credentials. These are usually your cPanel account\u2019s username and password. However, password-based logins are not as secure as we might like. Users often choose easy-to-guess passwords. Even if they don\u2019t, malicious bots will bombard SSH with brute force and dictionary attacks, consuming the server\u2019s resources.<\/p>\n\n\n\n<p>SSH keys are an alternative way to authenticate using public-key cryptography and a pair of cryptographic keys\u2014one public and one private. SSH keys are more secure because they are not vulnerable to guessing attacks. We discussed SSH keys briefly in <a href=_-539.html>How To Use PuTTY SSH With cPanel<\/a>. In this article, we\u2019ll dig a little deeper into how public key cryptography works, show you how to generate public-private key pairs with cPanel, and how to use them to authenticate with SSH.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\"><strong>What is Public Key Cryptography?<\/strong><\/h2>\n\n\n\n<p>Cryptography is the science of secrecy. Cryptographers design secure communication systems, and encryption is their most important tool. Simply put, encryption scrambles messages so they can\u2019t be read. You start with a message called the plaintext and convert it to nonsense, which is called the ciphertext. Decrypting reverses the process, converting ciphertext back into readable plaintext.<\/p>\n\n\n\n<p>Symmetric encryption is the most familiar type. You need two things to encrypt a message: a key and an encryption algorithm. The key is a string of letters and numbers. The algorithm is a set of instructions for combining the key with the plaintext to create the ciphertext. To decrypt the message, you give the same key and the ciphertext to a related algorithm, and it spits out the plaintext. Only someone with the key can decrypt the message.<\/p>\n\n\n\n<p>For symmetric encryption to work, the sender and recipient have to share a secret, the key. But what if you want to encrypt a message where there is no shared secret? This is a common need on the internet. For example, I want to send a secret message to a friend. I can encrypt it, but how do I get the key to them? I can\u2019t just send it over the internet because someone spying on my connection could intercept it and decrypt the message too.<\/p>\n\n\n\n<p>The solution is public-key cryptography, which is also called asymmetric encryption. With public-key cryptography, we use two keys, a public key and a private key. Only the private key can decrypt messages encrypted with the public key. Only the public key can decrypt messages encrypted with the private key.<\/p>\n\n\n\n<p>When I want to send a secret message to my friend, I ask them to send me their public key. I use it to encrypt the message and send them the ciphertext. They use their private key to decrypt it. Provided they keep the private key secret, anyone with the public key can send a message only they can read.<\/p>\n\n\n\n<p>Public key cryptography has two significant consequences. The first is that there are no shared secrets. The second is that the person with the private key can prove who they are by decrypting a message. If I encrypt a message that says \u201chello\u201d with a person\u2019s public key, and they tell me, \u201cYou said hello, \u201d I can be certain they have the private key. It might not be obvious why that matters yet, but it\u2019s the foundation of online security, including HTTPS encryption and SSH keys.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\"><strong>SSH Keys: SSH Authentication with Public Key Cryptography<\/strong><\/h2>\n\n\n\n<p>SSH key authentication uses the mechanism we just described to verify your identity when you want to log in to your server.<\/p>\n\n\n\n<p>It works like this:<\/p>\n\n\n\n<ul class=\"wp-block-list\"><li>You create a pair of keys, one public and one private. You upload the public key to the server, and you keep the private key secret on your local computer.<\/li><li>When you connect to the server with SSH, the client on your computer tells the SSH daemon which public key is yours.<\/li><li>The server creates a random string of letters and numbers, which it encrypts with your public key and sends to the client.<\/li><li>The client decrypts the message using the private key. Remember, only your private key can decrypt messages encrypted with your public key.<\/li><li>The client takes the decrypted message, hashes it, and sends the hash back to the server. A hash is a sort of one-way cryptographic function. The same string always produces the same hash.&nbsp;<\/li><li>The server now hashes the original message and compares it to the hash sent by the client. If they match, it proves you have the private key and you are authenticated.<\/li><\/ul>\n\n\n\n<p>Provided you keep the private key secret, this method of authentication is reliable and secure. It isn\u2019t vulnerable to brute-force and dictionary attacks. It also helps avoid the problems that arise when users think \u201cpa55word\u201d is an ingenious solution to their password management problems. Of course, all bets are off if the private key is stolen, but that\u2019s a limitation of all authentication mechanisms.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\"><strong>How to Generate Public and Private Keys with cPanel<\/strong><\/h2>\n\n\n\n<p>To use SSH keys, you need a key pair. There are several ways to create key pairs, but one of the easiest is cPanel\u2019s <em>SSH Access<\/em> tool, which you\u2019ll find in the <em>Security<\/em> section of cPanel\u2019s main menu.<\/p>\n\n\n\n<ol class=\"wp-block-list\"><li>Open <em>SSH Access<\/em> and click <em>Manage SSH Keys<\/em>.<\/li><li>Click <em>Generate New Key<\/em>.<\/li><li>Enter a name for your keys, or you can create a key pair with the default name \u201cid_rsa.\u201d<\/li><li>Enter a password for an additional layer of security. Be sure to copy the password and store it safely. It won\u2019t be displayed again, and it can\u2019t be recovered.<\/li><li>Click <em>Generate Key<\/em> at the bottom of the page.<\/li><\/ol>\n\n\n\n<figure class=\"wp-block-image size-large\"><img decoding=\"async\" src=_-540.html alt=\"\" class=\"wp-image-61265\"\/><\/figure>\n\n\n\n<p>The next step is authorizing the public key so you can use it for SSH authentication.<\/p>\n\n\n\n<ol class=\"wp-block-list\"><li>Return to the <em>Manage SSH Keys<\/em> interface, as described above.<\/li><li>Find the key you just created under <em>Public Keys<\/em>.<\/li><li>Click <em>Manage<\/em> and then <em>Authorize<\/em> on the next page.<\/li><\/ol>\n\n\n\n<figure class=\"wp-block-image size-large\"><img decoding=\"async\" src=_-541.html alt=\"\" class=\"wp-image-61273\"\/><\/figure>\n\n\n\n<p>Finally, we have to download the private key to our local machine (see below for Microsoft Windows<sup>\u00ae<\/sup> and PuTTY instructions).<\/p>\n\n\n\n<ol class=\"wp-block-list\"><li>Once again, go to the <em>Manage SSH Keys<\/em> tool.<\/li><li>Scroll to the bottom of the page, where you\u2019ll find your <em>Private Keys.<\/em><\/li><li>Click <em>View\/Download<\/em> next to the new private key.<\/li><li>Click the <em>Download Key<\/em> beneath the text box that displays the key.<\/li><\/ol>\n\n\n\n<figure class=\"wp-block-image size-large\"><img decoding=\"async\" src=_-542.html alt=\"\" class=\"wp-image-61277\"\/><\/figure>\n\n\n\n<p>The private key is downloaded to your browser\u2019s default download folder. You should move it from there to a safe location. If you would like to make it the default key for your local computer\u2019s user, move the file to the following directory on Mac and Linux, replacing \u201cusername\u201d with your local computer\u2019s username.<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>\/home\/username\/.ssh<\/code><\/pre>\n\n\n\n<p>If you use PuTTY on Windows, you must first convert the private key to PuTTY\u2019s native PPK format.<\/p>\n\n\n\n<ol class=\"wp-block-list\"><li>Navigate to your private keys in cPanel as described above and scroll to the bottom of the page.<\/li><li>Enter the passphrase associated with your key.<\/li><li>Click the <em>Convert<\/em> button, and then <em>Download Key<\/em>.<\/li><li>You can now select the PPK file when connecting to your server with PuTTY, as we outlined in <a href=_-539.html>How To Use PuTTY SSH With cPanel<\/a>.<\/li><\/ol>\n\n\n\n<h2 class=\"wp-block-heading\"><strong>Log in To cPanel Servers with SSH Keys<\/strong><\/h2>\n\n\n\n<p>If you have followed the walkthrough, you now have an authorized public key in place on your server. The private key is stored on your local machine. To use the keys, you simply tell SSH where to find the private key when you open a connection.<\/p>\n\n\n\n<p>On Linux and Mac, the terminal command to initiate an SSH connection is:<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>ssh -i path_to_private_key username@example.com<\/code><\/pre>\n\n\n\n<p>Replace \u201cpath_to_private_key\u201d with the location of your new private key. You could omit this option if you stored the key file in the .ssh folder as your default.<\/p>\n\n\n\n<p>SSH keys make your server more secure. They prevent poor password choices from exposing your server and its users to unnecessary risk. To further enhance security, server administrators may want to prevent users from logging in with passwords altogether with the <a href=_-543.html><em>SSH Password Authorization Tweak<\/em><\/a> in WHM\u2019s <em>Security Center<\/em>.<\/p>\n\n\n\n<p>As always, if you have any feedback or comments, please let us know. We are here to help in the best ways we can. You\u2019ll find us on <a href=_-38.html>Discord<\/a>, the <a href=_-40.html>cPanel forums<\/a>, and <a href=_-39.html>Reddit<\/a>. Be sure to also follow us on\u00a0<a href=_-292.html>Facebook<\/a>,\u00a0<a href=_-293.html>Instagram<\/a>, and\u00a0<a href=_-294.html>Twitter<\/a>.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>cPanel &amp; WHM is a complete server management solution, but you may occasionally need to log in to your server&#8217;s shell to run scripts or edit configuration options on the command line. The most secure way to remotely log in is with SSH. An SSH client on your local computer connects to a daemon on [&hellip;]<\/p>\n","protected":false},"author":77,"featured_media":65785,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"inline_featured_image":false,"footnotes":""},"categories":[289,61],"tags":[],"class_list":["post-61237","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-general-knowledge","category-tips-and-tricks"],"acf":[],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v21.6 - https:\/\/yoast.com\/wordpress\/plugins\/seo\/ -->\n<title>Secure Your cPanel Server With SSH Keys And Public Key Cryptography | cPanel<\/title>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=_-544.html \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Secure Your cPanel Server With SSH Keys And Public Key Cryptography | cPanel\" \/>\n<meta property=\"og:description\" content=\"cPanel &amp; WHM is a complete server management solution, but you may occasionally need to log in to your server&#8217;s shell to run scripts or edit configuration options on the command line. The most secure way to remotely log in is with SSH. An SSH client on your local computer connects to a daemon on [&hellip;]\" \/>\n<meta property=\"og:url\" content=\"https:\/\/devel.www.cpanel.net\/blog\/tips-and-tricks\/secure-your-cpanel-server-with-ssh-keys-and-public-key-cryptography\/\" \/>\n<meta property=\"og:site_name\" content=\"cPanel\" \/>\n<meta property=\"article:publisher\" content=\"https:\/\/www.facebook.com\/cpanel\/\" \/>\n<meta property=\"article:published_time\" content=\"2021-06-09T20:45:00+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/devel.www.cpanel.net\/wp-content\/uploads\/2021\/05\/SSH-Keys.png\" \/>\n\t<meta property=\"og:image:width\" content=\"1200\" \/>\n\t<meta property=\"og:image:height\" content=\"475\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/png\" \/>\n<meta name=\"author\" content=\"cPanel Community\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:creator\" content=\"@cPanel\" \/>\n<meta name=\"twitter:site\" content=\"@cPanel\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"cPanel Community\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"7 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"WebPage\",\"@id\":\"https:\/\/devel.www.cpanel.net\/blog\/tips-and-tricks\/secure-your-cpanel-server-with-ssh-keys-and-public-key-cryptography\/\",\"url\":\"https:\/\/devel.www.cpanel.net\/blog\/tips-and-tricks\/secure-your-cpanel-server-with-ssh-keys-and-public-key-cryptography\/\",\"name\":\"Secure Your cPanel Server With SSH Keys And Public Key Cryptography | cPanel\",\"isPartOf\":{\"@id\":\"https:\/\/devel.www.cpanel.net\/#website\"},\"datePublished\":\"2021-06-09T20:45:00+00:00\",\"dateModified\":\"2021-06-09T20:45:00+00:00\",\"author\":{\"@id\":\"https:\/\/devel.www.cpanel.net\/#\/schema\/person\/8cf97408aad4fb70cf55d11a1d4f57f8\"},\"breadcrumb\":{\"@id\":\"https:\/\/devel.www.cpanel.net\/blog\/tips-and-tricks\/secure-your-cpanel-server-with-ssh-keys-and-public-key-cryptography\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/devel.www.cpanel.net\/blog\/tips-and-tricks\/secure-your-cpanel-server-with-ssh-keys-and-public-key-cryptography\/\"]}]},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/devel.www.cpanel.net\/blog\/tips-and-tricks\/secure-your-cpanel-server-with-ssh-keys-and-public-key-cryptography\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\/\/devel.www.cpanel.net\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Secure Your cPanel Server With SSH Keys And Public Key Cryptography\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/devel.www.cpanel.net\/#website\",\"url\":\"https:\/\/devel.www.cpanel.net\/\",\"name\":\"cPanel\",\"description\":\"Hosting Platform of Choices\",\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/devel.www.cpanel.net\/?s={search_term_string}\"},\"query-input\":\"required name=search_term_string\"}],\"inLanguage\":\"en-US\"},{\"@type\":\"Person\",\"@id\":\"https:\/\/devel.www.cpanel.net\/#\/schema\/person\/8cf97408aad4fb70cf55d11a1d4f57f8\",\"name\":\"cPanel Community\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/devel.www.cpanel.net\/#\/schema\/person\/image\/\",\"url\":\"https:\/\/secure.gravatar.com\/avatar\/e1949945083b5526bb95711bd3d616b3?s=96&d=mm&r=g\",\"contentUrl\":\"https:\/\/secure.gravatar.com\/avatar\/e1949945083b5526bb95711bd3d616b3?s=96&d=mm&r=g\",\"caption\":\"cPanel Community\"},\"description\":\"The web hosting industry's most reliable management solution since 1997. With our first-class support and rich feature set, it's easy to see why our customers and partners make cPanel &amp; WHM their hosting platform of choice. For more information, visit cPanel.net.\",\"sameAs\":[\"https:\/\/cpanel.net\"],\"url\":\"https:\/\/devel.www.cpanel.net\/blog\/author\/cpadmin\/\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Secure Your cPanel Server With SSH Keys And Public Key Cryptography | cPanel","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/devel.www.cpanel.net\/blog\/tips-and-tricks\/secure-your-cpanel-server-with-ssh-keys-and-public-key-cryptography\/","og_locale":"en_US","og_type":"article","og_title":"Secure Your cPanel Server With SSH Keys And Public Key Cryptography | cPanel","og_description":"cPanel &amp; WHM is a complete server management solution, but you may occasionally need to log in to your server&#8217;s shell to run scripts or edit configuration options on the command line. The most secure way to remotely log in is with SSH. An SSH client on your local computer connects to a daemon on [&hellip;]","og_url":"https:\/\/devel.www.cpanel.net\/blog\/tips-and-tricks\/secure-your-cpanel-server-with-ssh-keys-and-public-key-cryptography\/","og_site_name":"cPanel","article_publisher":"https:\/\/www.facebook.com\/cpanel\/","article_published_time":"2021-06-09T20:45:00+00:00","og_image":[{"width":1200,"height":475,"url":"https:\/\/devel.www.cpanel.net\/wp-content\/uploads\/2021\/05\/SSH-Keys.png","type":"image\/png"}],"author":"cPanel Community","twitter_card":"summary_large_image","twitter_creator":"@cPanel","twitter_site":"@cPanel","twitter_misc":{"Written by":"cPanel Community","Est. reading time":"7 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"WebPage","@id":"https:\/\/devel.www.cpanel.net\/blog\/tips-and-tricks\/secure-your-cpanel-server-with-ssh-keys-and-public-key-cryptography\/","url":"https:\/\/devel.www.cpanel.net\/blog\/tips-and-tricks\/secure-your-cpanel-server-with-ssh-keys-and-public-key-cryptography\/","name":"Secure Your cPanel Server With SSH Keys And Public Key Cryptography | cPanel","isPartOf":{"@id":"https:\/\/devel.www.cpanel.net\/#website"},"datePublished":"2021-06-09T20:45:00+00:00","dateModified":"2021-06-09T20:45:00+00:00","author":{"@id":"https:\/\/devel.www.cpanel.net\/#\/schema\/person\/8cf97408aad4fb70cf55d11a1d4f57f8"},"breadcrumb":{"@id":"https:\/\/devel.www.cpanel.net\/blog\/tips-and-tricks\/secure-your-cpanel-server-with-ssh-keys-and-public-key-cryptography\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/devel.www.cpanel.net\/blog\/tips-and-tricks\/secure-your-cpanel-server-with-ssh-keys-and-public-key-cryptography\/"]}]},{"@type":"BreadcrumbList","@id":"https:\/\/devel.www.cpanel.net\/blog\/tips-and-tricks\/secure-your-cpanel-server-with-ssh-keys-and-public-key-cryptography\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/devel.www.cpanel.net\/"},{"@type":"ListItem","position":2,"name":"Secure Your cPanel Server With SSH Keys And Public Key Cryptography"}]},{"@type":"WebSite","@id":"https:\/\/devel.www.cpanel.net\/#website","url":"https:\/\/devel.www.cpanel.net\/","name":"cPanel","description":"Hosting Platform of Choices","potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/devel.www.cpanel.net\/?s={search_term_string}"},"query-input":"required name=search_term_string"}],"inLanguage":"en-US"},{"@type":"Person","@id":"https:\/\/devel.www.cpanel.net\/#\/schema\/person\/8cf97408aad4fb70cf55d11a1d4f57f8","name":"cPanel Community","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/devel.www.cpanel.net\/#\/schema\/person\/image\/","url":"https:\/\/secure.gravatar.com\/avatar\/e1949945083b5526bb95711bd3d616b3?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/e1949945083b5526bb95711bd3d616b3?s=96&d=mm&r=g","caption":"cPanel Community"},"description":"The web hosting industry's most reliable management solution since 1997. With our first-class support and rich feature set, it's easy to see why our customers and partners make cPanel &amp; WHM their hosting platform of choice. For more information, visit cPanel.net.","sameAs":["https:\/\/cpanel.net"],"url":"https:\/\/devel.www.cpanel.net\/blog\/author\/cpadmin\/"}]}},"_links":{"self":[{"href":"https:\/\/devel.www.cpanel.net\/wp-json\/wp\/v2\/posts\/61237"}],"collection":[{"href":"https:\/\/devel.www.cpanel.net\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/devel.www.cpanel.net\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/devel.www.cpanel.net\/wp-json\/wp\/v2\/users\/77"}],"replies":[{"embeddable":true,"href":"https:\/\/devel.www.cpanel.net\/wp-json\/wp\/v2\/comments?post=61237"}],"version-history":[{"count":0,"href":"https:\/\/devel.www.cpanel.net\/wp-json\/wp\/v2\/posts\/61237\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/devel.www.cpanel.net\/wp-json\/wp\/v2\/media\/65785"}],"wp:attachment":[{"href":"https:\/\/devel.www.cpanel.net\/wp-json\/wp\/v2\/media?parent=61237"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/devel.www.cpanel.net\/wp-json\/wp\/v2\/categories?post=61237"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/devel.www.cpanel.net\/wp-json\/wp\/v2\/tags?post=61237"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}