cPanel, SSH, SCP, and SFTP access
Table of Contents
- Introduction and Access Methods
- Web-based Terminal
- Password Authentication (NetID-named Accounts Only)
- Key-Based Authentication (Required for non-NetID-named Accounts)
- Command Line
- OpenSSH
- PuTTY (Windows only)
- Graphical Clients
- Setting File Permissions
Introduction and Access Methods
SSH tools can be used to log in to run commands, install software, and manage your files.
Your location makes a difference:
- You can use the web-based terminal (below) to connect from anywhere, on or off campus.
- If you are connecting from on campus, you should be able to use any of the methods described below without the VPN.
- If you are connecting from off campus, you'll need to use the campus VPN with the Tunnel All or Tunnel All DUO profiles to make the connection work. See VPN, Cisco AnyConnect, Cisco Secure Client, About VPN Profiles for more information.
Web-based Terminal
The cPanel dashboard now provides a web-based Terminal feature. When using the Terminal you do not need to enter credentials or use a key since you have already authenticated. To access the web-based Terminal, log in to your cPanel dashboard and choose Terminal from the Advancedsection.
Password Authentication (NetID-named Accounts Only)
You can use your NetID and NetID password to log in via SSH tools if the cPanel account name is the same as your NetID. Password authentication is only supported for accounts named after a NetID. Accounts with non-NetID names must use key-based authentication with SSH tools.
It is against campus policy to share your NetID password with others. If you need to allow others to use SSH tools with your account then you will need to configure key-based authentication for them.
Key-Based Authentication (Required for non-NetID-named Accounts)
For cPanel accounts that are not NetID-named, such as "someprojectsite.web.illinois.edu", you must use key-based authentication with SSH tools. When using key-based authentication, your ssh login name is your cPanel account name, not your netID.
You can also use key-based authentication to access your NetID-named account, or to allow others to access your NetID-named account. In this case, the login name is still the cPanel account name which happens to match the netID of the account owner (not necessarily the person who is logging in).
External partners: If you are an external partner without a NetID of your own, you will need to use the key method to use SSH to connect to any site, whether it is named for a NetID or not.
Importing Keys
If you already have an SSH key you use for other systems then you can import that public key into cPanel.
- Click "SSH Access" from your cPanel Dashboard.
- Click "Manage SSH Keys".
- Click "Import Key" and fill in these form fields.
- Key Name: each key in an account must have a unique name and should identify the person who will use it. Names can only be letters, numbers, a hyphen ("-"), and underscores ("_").
- Private Key & Passphrase: leave blank. It is not recommended to upload your private key to cPanel.
- Public Key: paste the public part of your key into this box. The public key will being with "ssh-rsa" or "ssh-dsa", followed by a long string of characters, and ending with an optional comment.
- Click "Import".
- If it says "The key named (key name) was imported" then click "Go Back" to return to the "Manage SSH Keys" page.
- Find the key you imported in the list of "Public Keys" and click "Manage".
- Click "Authorize" to allow the key to be used for SSH authentication.
- If it says "The key (key name) has been authorized" then you can click "Go Back" to return to the "Manage SSH Keys" page.
Creating Keys
cPanel has a built-in mechanism for generating SSH keys. Please use a different key for each user of your cPanel account.
- Click "SSH Access" from your cPanel Dashboard.
- Click "Manage SSH keys".
- Click "Generate new key" and fill in the form.
- Key Name: each key in an account must have a unique name and should identify the person who will use it. Names can only be letters, numbers, a hyphen ("-"), and underscores ("_").
- Key Password: this password is used to encrypt the private part of the key. Keep it secure because you will need it later to use the key to authenticate.
- Key Type: the default of "RSA" is fine unless you have a specific reason to use a "DSA" key.
- Key Size: for RSA keys this should be at least 2048 for adequate security.
- Click "Generate Key".
- If it says "Key Generation Complete" then click "Go Back" to return to the "Manage SSH Keys" page.
- Find the key you created in the list of "Public Keys" and click "Manage".
- Click "Authorize" to allow the key to be used for SSH authentication.
- If it says "The key (key name) has been authorized" then you can click "Go Back" to return to the "Manage SSH Keys" page.
- Find the key you created in the list of "Private Keys" and click "View/Download".
- Download your key and store it in the proper way for the SSH/SCP software you plan to use.
- Click "Go Back".
- Continue to the section on using your key with client programs. Once you've verified that the key works you can delete the private key from cPanel by finding it in the "Private Keys" section and clicking "Delete".
Converting Keys
Many graphical SCP applications use the PPK format for keys. You can easily convert your existing keys to PPK format using the key mananger.
- Click "SSH Access" from your cPanel Dashboard.
- Click "Manage SSH Keys".
- Find the key you want to convert in the list of "Private Keys" and click "View/Download".
- Enter the passphrase for the key where instructed and click "Convert".
- The next page displays the text of the converted key.
- Click "Download Key" to download the keyfile.
Command Line
The command line is a low level way to use SSH to connect to your cPanel account. It does not offer any "point and click" interfaces but many guides and experienced users expect a command line to be available.
OpenSSH
Windows does not come with OpenSSH pre-installed. If you want to use OpenSSH on Windows you will need to download and install software to do so. Cygwin or Windows Subsystem for Linux can be installed for a fully featured Linux shell, similar to what you would find on Linux or Unix systems.
If you are using macOS, Linux, or Unix like system then you can use a terminal (such as Terminal or GNOME Terminal) to SSH, SCP, and SFTP to your cPanel account. Save your private keyfile (typically into the .ssh directory inside your home directory) and specify that keyfile during your command, for example:
If your key has a passcode then you will be prompted to enter it. Some operating systems might allow you to store your passcode so you do not have to enter it each time.
- macOS: KeyChain can be configured to save your passphrase.
- GNOME: Gnome Keyring includes an SSH agent.
- Other Linux/Unix: check your operating system for instructions on using ssh-agent.
The first time you connect, you may also receive a message asking you whether you trust the authenticity of the host. Enter "Y" to continue with your connection.
PuTTY (Windows only)
You can use PuTTY to create a terminal to your cPanel account that gives you command line access. When you launch PuTTY you will be presented with a dialog for creating a new connection.
- Session:
- Host Name (or IP address):
web.illinois.edu
- Port: 22
- Connection type: SSH
- Host Name (or IP address):
- Connection, SSH, Auth:
- Private key file for authentication: select your private PPK file. Use the instructions on converting if you do not have it in this format.
- Click "Open". You should be asked for a username (use your cPanel account name) and be connected.
Optional: if you want to save these settings then under "Session", "Saved Sessions" give it a name and click "Save". It will then appear in the list of saved sessions and you can double click it to quickly load the settings again.
If you add the PuTTY install directory to your PATH then you also have access to several command line tools from the Windows command prompt or PowerShell. Save your private keyfile.ppk and specify that keyfile.ppk during your command, for example:
PuTTY also includes an SSH key agent called Pageant. Configuring and launching pageant will simplify using SSH keys for multiple accounts and hosts.
Graphical Clients
There are some tools available that allow users to move files between their local machines and remote hosts using a graphical user interface, much like move files between directories on your own local machine. Any GUI SCP tool that allows key-based authentication should work. The products listed below have been tested and are known to work with cPanel. To download, install, and configure these products please see the documentation for the specific software package.
Setting File Permissions
The default permissions assigned by SCP clients may or may not be the correct permissions each file and folder needs in order to run securely. We recommend reading the documentation for any software you upload.
For more information: