: SSH Putty How To Use PuTTY SSH With cPanel

Rise Company
09-12-2021, 03:42
SSH Putty How To Use PuTTY SSH With cPanel
Secure Your cPanel Server With SSH Keys And Public Key Cryptography
ssh cpanel - putty
SSH Access - Manage SSH Keys - Public Keys - Private Keys - View or Download SSH Keys
Authorization - Convert the id_rsa key to PPK format


How To Use PuTTY SSH With cPanel

cPanel & WHMs intuitive web interfaces make it easy to manage servers and web hosting accounts. However, its occasionally useful to work on a servers command line instead. The PuTTY SSH (Secure Shell) client allows you to log in to a servers command line interface shell over an encrypted connection so that sensitive data isnt exposed on the internet.
Once logged in, you can access the full suite of Linux command-line tools, interact with the cPanel & WHM API utilities (https://blog.cpanel.com/getting-started-with-the-cpanel-api/), and create scripts that automate admin tasks. In this article, well show you how to log in via SSH with PuTTY SSH, including two ways to authenticate with the server: a username/password combination and the more secure SSH keys.
What is the PuTTY SSH Client?

The PuTTY SSH client is a collection of GUI tools for managing and interacting with SSH sessions. Its main components are an SSH session manager and a terminal emulator. It also includes a set of helper tools, including an SSH key generator, which well look at later in this article.
PuTTY is compatible with several operating systems, although it is primarily used on Microsoft Windows because, until recently, Windows did not have a built-in SSH client.
Accessing cPanel Servers via SSH with PuTTY

To follow the walkthrough in this article, you will need to install PuTTY (https://www.chiark.greenend.org.uk/~sgtatham/putty/latest.html) on your local computer. You also need access to a server or hosting account that allows SSH connections, as well as your cPanel accounts username and password.
Logging in to your hosting account with a username and password is straightforward. Once PuTTY is installed, open it from the Start menu.
https://www.rise.company/forum/images/imported/2021/12/16.png The interface looks complicated, but at the moment were only interested in the Hostname and Port fields. In Hostname, enter your servers domain name or IP address. You can find the IP address in the General Information section of the cPanel sidebar.
Unless you or your hosting provider changed the servers SSH port (https://blog.cpanel.com/linux-security-enhancement-with-cpanel-whm/), leave the Port entry on the default 22.
Click Open at the bottom of the window and PuTTY will attempt to start an encrypted SSH session on your server. If this is the first time youve connected, Windows may pop up a dialog asking for permission. Youre safe to proceed if you entered the host details correctly.
Once the connection is established, PuTTY opens its terminal emulator with a username prompt. Enter your cPanel username, press enter, and then provide your password.
https://www.rise.company/forum/images/imported/2021/12/17.png All being well, the server will authenticate you and youll be given a command prompt. If youre happy to log in with your username and password, thats all you need to know to access cPanel via PuTTY.
Read on if youd like to learn a more secure way to authenticate.
How To Connect to Your cPanel Server With PuTTY SSH and SSH Keys

SSH keys are an authentication mechanism based on public-key cryptography (https://en.wikipedia.org/wiki/Public-key_cryptography). The user generates a key pair with a public key and a private key. As the names suggest, you keep the private key secret and upload the public key to the server. The keys are mathematically intertwined so a cryptographic algorithm built into the SSH server can use the public key to verify ownership of the private key.
There are several benefits to this approach. SSH keys arent vulnerable to brute-force and dictionary attacks; if you keep the private key secret, there is no chance of anyone guessing it. SSH keys can also use a passphrase so that they are even more secure. Unlike a password, the private key is never sent over the internet, so it cant be snatched as it traverses the network.
SSH keys arent perfect: if someone has access to the machine you store the private key on, they can steal it. But they are much more secure than the passwords people usually choose (https://www.pcmag.com/news/2020s-most-common-passwords-are-laughably-insecure).
Generating SSH Keys with PuTTY

When you installed PuTTY, you also installed the PuTTY Key Generator. Launch it from the Windows menu. Its another complicated-looking interface, but as before were only interested in a couple of the features.
If you want to use a passphrase with your keysand you shouldenter one in the Key passphrase and Confirm passphrase fields.
Click the Generate button and PuTTY will ask you to wiggle your mouse around. This seems peculiar, but the mouses movement provides random data the software needs to generate keys. When youre done wiggling, the public key is displayed in the top text field.
https://www.rise.company/forum/images/imported/2021/12/18.png Before we get to the public key, click the Save Private Key button to save the resulting .ppk file with a meaningful name.
Uploading the Public Key to Your Server

The public key must be made available to the SSH server, and were going to do that by adding it to your user accounts authorized_keys file.
Log in to your cPanel account and open the File Manager, which youll find in the Files section of the main page menu. Browse to the .ssh folder, select the authorized_keys file, and click the Edit button in the toolbar.
Copy the public key from the PuTTY Key Generator and paste it at the bottom of this file; leave an empty line between existing keys and the new one. Click the Save Changes button.
https://www.rise.company/forum/images/imported/2021/12/19.png Both keys are where they need to be, so we can now use them to authenticate with the server. But first, we need to tell PuTTY where to find the private key.
https://www.rise.company/forum/images/imported/2021/12/20.png Open PuTTYs main session interface:

Enter your servers domain name or IP address.
In the left-hand sidebar, expand the Connection item, then the SSH item, and click Auth.
Click the Browse button and select the .ppk file you saved earlier.
Click the Open button at the bottom of the window.

PuTTY will now attempt to use the private key to authenticate with the server. It opens the terminal emulator and asks for your username and the passphrase associated with the key (if you used one). If you supply the correct credentials, youll be logged in to the servers command line.
Finally, you can save the session details in the main interface so that you dont have to specify a private key and domain name every time you log in.
PuTTY SSH is a useful tool that became popular when Windows lacked a built-in SSH client. Its still the most powerful and feature-rich client available for Windows, but Windows 10 now includes a native SSH client (https://docs.microsoft.com/en-us/windows/terminal/tutorials/ssh). If you dont need all the bells and whistles that accompany PuTTY, you might want to take the built-in client for a spin.

Secure Your cPanel Server With SSH Keys And Public Key Cryptography

cPanel & WHM is a complete server management solution, but you may occasionally need to log in to your servers shell to run scripts or edit configuration options on the command line. The most secure way to remotely log in is with SSH. An SSH client on your local computer connects to a daemon on the server. SSH encrypts the commands you send to the server and the information it sends back.
When you log in with SSH, you must supply authentication credentials. These are usually your cPanel accounts username and password. However, password-based logins are not as secure as we might like. Users often choose easy-to-guess passwords. Even if they dont, malicious bots will bombard SSH with brute force and dictionary attacks, consuming the servers resources.
SSH keys are an alternative way to authenticate using public-key cryptography and a pair of cryptographic keysone public and one private. SSH keys are more secure because they are not vulnerable to guessing attacks. We discussed SSH keys briefly in How To Use PuTTY SSH With cPanel (https://blog.cpanel.com/how-to-use-putty-ssh-with-cpanel/). In this article, well dig a little deeper into how public key cryptography works, show you how to generate public-private key pairs with cPanel, and how to use them to authenticate with SSH.
What is Public Key Cryptography?

Cryptography is the science of secrecy. Cryptographers design secure communication systems, and encryption is their most important tool. Simply put, encryption scrambles messages so they cant be read. You start with a message called the plaintext and convert it to nonsense, which is called the ciphertext. Decrypting reverses the process, converting ciphertext back into readable plaintext.
Symmetric encryption is the most familiar type. You need two things to encrypt a message: a key and an encryption algorithm. The key is a string of letters and numbers. The algorithm is a set of instructions for combining the key with the plaintext to create the ciphertext. To decrypt the message, you give the same key and the ciphertext to a related algorithm, and it spits out the plaintext. Only someone with the key can decrypt the message.
For symmetric encryption to work, the sender and recipient have to share a secret, the key. But what if you want to encrypt a message where there is no shared secret? This is a common need on the internet. For example, I want to send a secret message to a friend. I can encrypt it, but how do I get the key to them? I cant just send it over the internet because someone spying on my connection could intercept it and decrypt the message too.
The solution is public-key cryptography, which is also called asymmetric encryption. With public-key cryptography, we use two keys, a public key and a private key. Only the private key can decrypt messages encrypted with the public key. Only the public key can decrypt messages encrypted with the private key.
When I want to send a secret message to my friend, I ask them to send me their public key. I use it to encrypt the message and send them the ciphertext. They use their private key to decrypt it. Provided they keep the private key secret, anyone with the public key can send a message only they can read.
Public key cryptography has two significant consequences. The first is that there are no shared secrets. The second is that the person with the private key can prove who they are by decrypting a message. If I encrypt a message that says hello with a persons public key, and they tell me, You said hello, I can be certain they have the private key. It might not be obvious why that matters yet, but its the foundation of online security, including HTTPS encryption and SSH keys.
SSH Keys: SSH Authentication with Public Key Cryptography

SSH key authentication uses the mechanism we just described to verify your identity when you want to log in to your server.
It works like this:

You create a pair of keys, one public and one private. You upload the public key to the server, and you keep the private key secret on your local computer.
When you connect to the server with SSH, the client on your computer tells the SSH daemon which public key is yours.
The server creates a random string of letters and numbers, which it encrypts with your public key and sends to the client.
The client decrypts the message using the private key. Remember, only your private key can decrypt messages encrypted with your public key.
The client takes the decrypted message, hashes it, and sends the hash back to the server. A hash is a sort of one-way cryptographic function. The same string always produces the same hash.
The server now hashes the original message and compares it to the hash sent by the client. If they match, it proves you have the private key and you are authenticated.

Provided you keep the private key secret, this method of authentication is reliable and secure. It isnt vulnerable to brute-force and dictionary attacks. It also helps avoid the problems that arise when users think pa55word is an ingenious solution to their password management problems. Of course, all bets are off if the private key is stolen, but thats a limitation of all authentication mechanisms.
How to Generate Public and Private Keys with cPanel

To use SSH keys, you need a key pair. There are several ways to create key pairs, but one of the easiest is cPanels SSH Access tool, which youll find in the Security section of cPanels main menu.

Open SSH Access and click Manage SSH Keys.
Click Generate New Key.
Enter a name for your keys, or you can create a key pair with the default name id_rsa.
Enter a password for an additional layer of security. Be sure to copy the password and store it safely. It wont be displayed again, and it cant be recovered.
Click Generate Key at the bottom of the page.

https://www.rise.company/forum/images/imported/2021/12/21.png The next step is authorizing the public key so you can use it for SSH authentication.

Return to the Manage SSH Keys interface, as described above.
Find the key you just created under Public Keys.
Click Manage and then Authorize on the next page.

https://www.rise.company/forum/images/imported/2021/12/22.png Finally, we have to download the private key to our local machine (see below for Microsoft Windows and PuTTY instructions).

Once again, go to the Manage SSH Keys tool.
Scroll to the bottom of the page, where youll find your Private Keys.
Click View/Download next to the new private key.
Click the Download Key beneath the text box that displays the key.

https://www.rise.company/forum/images/imported/2021/12/23.png The private key is downloaded to your browsers default download folder. You should move it from there to a safe location. If you would like to make it the default key for your local computers user, move the file to the following directory on Mac and Linux, replacing username with your local computers username.
/home/username/.ssh If you use PuTTY on Windows, you must first convert the private key to PuTTYs native PPK format.

Navigate to your private keys in cPanel as described above and scroll to the bottom of the page.
Enter the passphrase associated with your key.
Click the Convert button, and then Download Key.
You can now select the PPK file when connecting to your server with PuTTY, as we outlined in How To Use PuTTY SSH With cPanel (https://blog.cpanel.com/how-to-use-putty-ssh-with-cpanel/).

Log in To cPanel Servers with SSH Keys

If you have followed the walkthrough, you now have an authorized public key in place on your server. The private key is stored on your local machine. To use the keys, you simply tell SSH where to find the private key when you open a connection.
On Linux and Mac, the terminal command to initiate an SSH connection is:
ssh -i path_to_private_key [email protected] Replace path_to_private_key with the location of your new private key. You could omit this option if you stored the key file in the .ssh folder as your default.
SSH keys make your server more secure. They prevent poor password choices from exposing your server and its users to unnecessary risk. To further enhance security, server administrators may want to prevent users from logging in with passwords altogether with the SSH Password Authorization Tweak (https://docs.cpanel.net/whm/security-center/ssh-password-authorization-tweak/) in WHMs Security Center.


Rise Company
20-01-2022, 01:52
Generate PPK version 2 key with PuTTYgen 0.75 (or later)
1. launch PuTTYgen
2a. (click "Load" button to load existing private key)
2b. (If you create a new key, choose type and click "Generate" button (and then mouse cursor around). OpenSSH type public key text should be saved in a txt file.)
3. choose "Parameters for saving key files..." from "Key" menu


4. select PPK version 2 as below and then click "OK".


5. click "Save private key" of main window to save private key. (OpenSSH public key data won't be modified by this private key format change.)
Note: you can change PPK file version before generating/loading key.

3 2

Rise Company
20-01-2022, 01:54