What is the problem?
I'm constantly logging into sites installed on my server. For every account I use a different, complex password. I use Splash Id to save my passwords. But I'm constantly copying and pasting passwords. Tiresome.
Username/password is NOT the only authentication scheme that SSH uses
SSH also uses another scheme called, public key cryptography.
I had heard about it, that it was a more secure way of connecting AND you didn't need a password. And if it was more secure, why not?
My experience trying to find already-written tutorials about how-to use SSH keys on a local Mac hooking into a Cpanel controled server yielded two types of posts:
- Tutorials entirely done from the command line, ingnoring Cpanel's GUI that makes things easier. I would have been fine even doing it all from the command line, but there were commands that simply weren't working on my Cpanel-enabled server.
- Tutorials specifically geared toward Cpanel that I couldn't figure out because they really don't tell you what to do on the client (the computer from which you are trying to access your server).
If you have a Mac (I happen to be running Snow Leopard, but should work with other Mac flavors as well) and you have a Cpanel server account that allows you SSH access, then this is for you.
This is meant as a tutorial for command line beginners. Don't be put off by the fact there are 28 steps. It's that long because I don't make assumptions about what you know. I'm holding your hand all the way through.
Key for Tutorial
- Texts displayed in plain text text courier font are strings you will type
- Italicized courrier texts are texts you will see, but not type.
List of strings specific to the tutorial that will either look different on your screen or that you will have to replace with different strings specific to your situation if you need to enter them:
- Open up the Terminal application, usually stored at: Applications/Utilities/Terminal.app
- Make an ".ssh" directory (if you don't already have one). Go to: /Users/Joe (where "Joe" is the name of your home directory).
mkdir .ssh. Check that it is there:
- Next you generate a public/private key pair:
joe-computer:~ Joe$ ssh-keygen -t rsa
Generating public/private rsa key pair.
Enter file in which to save the key (/Users/Joe/.ssh/id_rsa):
- Hit "Enter" now. You don't need to list a file name because the default that ssh-keygen is providing, "/Users/Joe/.ssh/id_rsa", is exactly what you want.
- Now you'll see a prompt for a password. A bit of explanation is needed here. It's really important that you use a long and secure passphrase here. What is confusing is that one of the main reasons for using SSH keys instead of username/pw is that you can log into your Cpanel accounts via SSH without using a password. So you might think this is a spot to skip on the password. NO. After creating the password here. you'll only have to enter the password one more time. MacOS' Keychain Access ap will save it for you, thus delivering the goods of a passwordless SSH access. Note that you can change your password with:
Enter passphrase (empty for no passphrase):
Enter passphrase now.
Enter same passphrase again:
Enter passphrase again.
- Now you will see:
Your identification has been saved in /Users/Joe/.ssh/id_rsa.
Your public key has been saved in /Users/Joe/.ssh/id_rsa.pub.
- Secure those files by navigating to /Users/Joe/.ssh and changing file permissions
joe-computer:~ .ssh$ chmod 700 id_rsa id_rsa.pub
- Log into your Cpanel account that has SSH access, find the security section and click on "SSH/Shell Access"
- Click on "Manage SSH Keys"
- Click on "Import Key"
- In the field, "Choose a name for this key (defaults to id_dsa)", type in:
- Leave the field, "Paste the Private Key in this box:" empty.
- On your local computer, open the file,
- Copy the contents of that file onto your clipboard.
- Return to Cpanel's import key page where you have been working. Find the field, "Paste the Public Key in this box:" and paste the contents of your clipboard there.
- Click "Import."
- You will then see, "The key named id_rsa.pub was imported." Click on "Back to Manage Keys."
- You are on the Manage SSH Keys page now. Look for the table in the "Public Keys" section and find the "Actions" column. Click on "Manage Authorization."
- Click on "Authorize"
- Now you'll see, "id_rsa.pub has been Authorized." Click on "Go back" to verify that the key has been authorized.
- You are done with Cpanel.
- Now go back to Terminal.app. and try to log in to the Cpanel account on which you just installed the public key. You begin the usual way where
usernameis the cPanel username for the account:
joe-computer:~ Joe$ ssh firstname.lastname@example.org
At this point, you should be prompted for a password, but NOT at the command line, one will popup on the screen that says "supply password for id_rsa". Type in the passphrase you used when you set up the key, NOT your account password for the Cpanel account. Check the box that says, "Save to Keychain"
- You should then be logged in to your remote Cpanel account. Log out. (If you got a "password:" prompt at the command line without the local password popup opening, then there is something wrong with your installation. Did you authorize the key? For troubleshooting, add "-v" (verbose) to your ssh command making it,
joe-computer:~ Joe$ ssh -v email@example.com)
- Now log in again, using the normal method where
usernameis the cPanel username
joe-computer:~ Joe$ ssh firstname.lastname@example.orgThis time you should be logged right in, without having to type your password.
- Scream for joy
- Repeat from step 10. You can use the same key to log in to as many Cpanel accounts as you want. Don't create another key.