Published on Sep 28 2012 in Control Panels Non-Java

On a cPanel server where password login is not allowed you will need to use SSH key. Follow this guide to have key based SSH connection set up in Putty.

For SSH access from Windows we recommend PuTTY and PuTTYgen from

Login to cPanel and go to Security > SSH/Shell Access to generate SSH key pair for use with a standalone SSH client like Putty.

SSH shell access
#### Click Manage SSH Keys > Genarate a New Key. You should use a password to protect the key. You will be asked the password each time you use the key.

SSH generate keypair
IMPORTANT: as OpenSSH 7+ deprecated DSA use RSA (id_rsa) when generating keys.

This will create key pair (id_dsa, in /home/USERNAME/.ssh file. In 11.32.4 version of cPanel there seems to be a problem with generating key size different than 1024. Please note that some special characters in passphrase can cause the key to become unusable. You will then get Server refused our key Access denied in Putty and Permission denied (publickey) in Linux/Mac command line. In such case try to set up a new key pair avoiding special characters in passphrase.

In Public key section click 'Manage Authorization' and 'Authorize'

SSH manage authorization
This will create authorized_keys and authorized_keys2 files in your /home/USERNAME/.ssh directory. In each of these files your public key string is included.

In Private key section click 'View/Download' beside the key (id_dsa) and then under 'Private SSH Key id_dsa conversion to ppk format:' enter the password you set in step #2 and click Convert to get the key in format suitable for Putty and download the key (id_dsa.ppk or id_rsa.ppk) to your PC.

Note: Before leaving this cPanel page check first if the downloaded key is the same as the one displayed in cPanel. You may just check last line starting with 'Private-MAC:'.

SSH private key download
If you get blank content in PPK format window then you may be affected by cPanel bug (cPanel internal case number 103473). See bottom of the article for alternate methods of getting your key in PPK format.

Run putty.exe and in Putty:

  1. Enter your hosting server hostname (consult 'New Hosting Account Created' email if in doubt)
  2. Set correct SSH port (consult 'New Hosting Account Created' email if in doubt)

SSH putty define connection
Enter connection label e.g. 'my_connection' and click Save. 'my_connection' will appear added below 'Default Settings'.

  1. Click SSH > Auth in the left menu and choose 'Private key file for authentication'. Use path to your id_dsa.ppk or id_rsa.ppk here.

In the example the file was read from "C:" path.

SSH load ppk
d) Click Connection > Data in the left menu and set 'Auto-login username' to your username.

SSH username
e) Click Session in the top of left menu, make sure 'my_connection' is highlighted and save. f) Double click the session name. You should be prompted for password from step #2 and subsequently logged in.

SSH putty connected
#### Troubleshooting

If you happen to receive blank/empty key when generating PPK then either contact our support or connect from a Linux system (a live CD distro will do) using downloaded id_dsa private key with:

ssh -p sshport_here -i id_dsa

Then in shell command line run the following to generate the PPK key:

mkdir -p ~/.ssh/putty
/usr/local/cpanel/3rdparty/bin/puttygen ~/.ssh/id_dsa -O private -o ~/.ssh/putty/id_dsa.ppk 
Enter passphrase to load key: YOUR_PASSPHARES_HERE
ls -l ~/.ssh/putty

The above will convert the key from OpenSSL to Putty format and list the newly created file properties. You can then download the PPK version key (id_dsa.ppk) with cPanel's file manager or FTP or SCP and use it in Putty.

Another method of getting your key in PPK format is to use PuttyGen:

  1. Generate SSH keypair with passphrase using cPanel - Security - SSH/Shell Access, authorize the public key and download the private key id_dsa (or whatever you named it) from /home/yourusername/.ssh with FTP or cPanel's File Manager.
  2. Download PuTTY Key Generator (PuTTYgen) application from here
  3. Open PuTTYgen and choose 'Conversions', click 'Import Key'
  4. Find your private key file (usually id_dsa) then click 'Open' - you will be asked for passphrase

You can now save your key as a PPK file by clicking 'Save private key' button. This key is the suitable for use in Putty and WinSCP.

Yet another method is even simpler. If you tried to generate key in PPK format in cPanel and got blank result then your key has most probably been generated and is now in ~/.ssh/putty directory. Just use FTP or cPanel's File Manger to get it - here goes FTP example:

$ ftp server
Name (server:user): username
Password: password
ftp> cd .ssh/putty
ftp> get id_dsa.ppk
ftp> quit

In another article we will show how to use this encrypted connection to have PgAdminIII or any other PostgreSQL client tunnelled to the PostgreSQL server.