Categories
cPanel Mac OS X  SSH Keygen

SSH Keygen in cPanel and Mac OS X

SSH stands for “secure shell” and is a secure way to log in from a Mac to your web host’s server. You can create keys on your Mac OS X or in a web host control panel like cPanel.

There are a couple of things to point out about Unix based systems like MacOS X and Linux Servers before we start.

For a brief history of how Linux-based servers came to dominate, I recommend reading Linux vs Unix: What’s the difference? Here’s the main thing from that article:

“Many tools and scripts meant for a Linux system work easily within the macOS terminal. Many open-source software components available on Linux are easily available through tools like Homebrew.”

Phil Estes, “Linux vs Unix: What’s the difference?” Opensource.com

In short, the commands you would use with Mac OS are applicable to the commands you will use when logged in to a Linux server.

The (Unix) file permissions we assign our SSH keys in macOS will have equivalent values to the permissions granted on the Linux servers. The folder structure of your macOS will have the SSH keys in the equivalent folder as the Linux server. They both use the change mode terminal command (chmod) to assign the key’s Unix values.

See Unix File Permssions Calculator

So for example, the ssh keys for your cPanel account are stored in the same location on a Linux server as they are on a macOS.

By default, these are hidden folders with a dot (.ssh) in front of them. You can navigate to them by changing the directory (cd) and then list the files (ls) in that directory. You can modify this directive by asking for a long list of files and directories (ls -l) which will show read-write permissions with their accompanying Unix values next to the files.

cd ~/.ssh/ 
ls -l

Within the .ssh folder, you should now see file permissions. On the far left column are the alphabetic values:

  • r” if reading the file is permitted [Unix Value: 4], “-” if it is not. [Unix Value: 0]
  • w” if writing on the file is permitted [Unix Value: 2], “-” if it is not. [Unix Value: 0]
  • x” if the execution is permitted [Unix Value: 1], “-” if it is not. [Unix Value: 0]

The second column identifies the user, the third column identifies the user’s group, and the fourth column the Unix permission values for the file within the operating system.

In the Unix file permission system there 4 columns left to right: Special, User, Group, and Others. The values are assigned to a file based on the permissions granted. So for example to the right of the id_rsa, in your .ssh folder you may see “1766”.

1 indicates it is a sticky bit: a permission bit which is set on a file or folder, thereby permitting only the owner or root user of the file or folder to modify, rename or delete the concerned directory or file.

7 in the user column (indicates the user can read (4) write (2) and execute (1) the file.

6 in the group column indicates the group to which the user belongs and read the file and write on the file.

6 in the others column indicates others with access to the .ssh folder can read the file and write on the file.

For a more detailed breakdown of how these values come about see this wiki from ArchLinux.

SSH Keygen in cPanel

This is the easier method of the two, and is done by using the interface to create keys and then download them to your local computer.

SSH Access is located under Security in cPanel

First locate the SSH Access app in cPanel.

Open SSH Access to Manage SSH Keys. From here you will generate a new key.

From here you will be prompted to generate either an RSA or DSA key. RSA is the stronger algorithm. DSA is actually not recommended for use anymore by SSH.com

How to use ssh-keygen to Generate a New SSH-Key on SSH.Com

In cPanel they ask you to generate a password. This is actually the passphrase. I would recommend putting in a passphrase (i.e., a sentence), rather than a password.

RSA stands for the Rivest-Shamir-Adleman public-key algorithm (RSA) is the most widely used asymmetric cipher. RSA can be used for both encryption and digital signatures. 

Once the key is generated you can then download both the private and public keys to your local computer.

However, before it will work you need to authorize the public key. To do so click on the manage link next to the public key, and then authorize it.

After downloading the keys you still have to place them in your SSH keys folder which by default is hidden on macOS. The article below will show you how to show hidden files.

See Related Article: Hiding Folders in Mac OS on DougState.com

Then from your terminal, you may need to use the change mode (chmod) command in macOS to change the key’s Unix values to 600. This will allow only the user logged in to your macOS to read or write values for the id_rsa file on your computer.

chmod 600 ~/.ssh/id_rsa

Then you will log in to port 22 using your cPanel username and IP address:

ssh -p 22 cpanel-username@111.22.33.444

SSH Keygen in Mac OS X

To begin the process you will need to generate keys. If you are using cPanel you will need to use the account’s cPanel username and web address for the keys to work correctly.

ssh-keygen -t rsa -C "cpanel-username@111.22.33.444"

You will then be prompted to create a passphrase. These are unlike passwords in that they can have spaces. Feel free to use lyrics, mottos, poems, or quotes.

The key generated is located in the user’s .ssh folder on macOS. You can navigate to that folder in Terminal with this command:

ls/Users/Doug/.ssh/

Then, add yourself to the keys:

ssh-add/Users/Doug/.ssh/id_rsa

Finally, make sure the RSA key has read and write permissions. You can do this by using the change mode (chmod) command in macOS to change the key’s Unix values to 600. See Unix Permssions Calculator

chmod 600 ~/.ssh/id_rsa

Finally, you will import the RSA key to cPanel. This is found on your cPanel dashboard under Security > SSH Access > Manage Keys > Import Key.

From here you will give paste the private key (id_rsa), the public key (id_rsa.pub), and enter your passphrase.

Next, in cPanel you will need to authorize the keys in Security > SSH Access > Manage Keys.

Now you can log in from a terminal using your SSH keys. Typically we access port 22. If you are using cPanel you will have to use your account’s username to log in. The IP address of your server will serve as the web address:

ssh -p 22 cpanel-username@111.22.33.444

You will then be prompted to enter your passphrase. You will not see visual confirmation that you are typing your passphrase in, but it is. Once you hit enter the passphrase is confirmed and you will be logged in via secure shell (SSH).

Leave a Reply