Skip to main content
The SSH Access tool manages the keys cPanel uses to authenticate shell logins to your account. Generate a new key pair, import an existing public key, and mark which keys are authorized to log in. Open it from cPanel home → SecuritySSH Access.
SSH Access page with Manage SSH Keys
SSH gives you a real shell on the server. Mistakes at the command line are not undoable in the same way the cPanel UI is. rm -rf does what it says, an .htaccess typo can take the site offline, and a runaway script counts against your resource limits.If you don’t already know your way around a Linux shell, do the work in the cPanel UI or the File Manager. Open a ticket and we’ll walk you through whatever you were going to do over SSH; usually there’s a safer path.

Generate a key pair

1

Click Manage SSH Keys, then Generate a New Key

cPanel opens the key generation form.
2

Pick a name and (optional) password

The default name id_rsa matches the OpenSSH convention and is fine. A password protects the private key on disk; you’ll have to type it (or unlock it via ssh-agent) every time you connect. For an automated job, leave the password blank.
3

Choose the key type

ed25519 is the modern default; faster, shorter, and at least as secure as RSA. Pick RSA 4096 if you have to interoperate with old clients that don’t speak ed25519. Skip dsa, it’s deprecated.
4

Click Generate Key

cPanel writes both the private and the public key into your account’s .ssh/ directory. Download the private key (the one without .pub) to whichever machine you want to connect from. Don’t email it. Don’t paste it into chat.

Authorize a key for login

A generated or imported public key sits on the server but doesn’t grant access until you authorize it. The Manage SSH Keys page shows every key it knows about with an Authorize / Deauthorize button next to each.
  • Authorize appends the public key to ~/.ssh/authorized_keys. Anyone holding the matching private key can now log in as your cPanel user.
  • Deauthorize removes the line. Existing sessions stay open, future logins are denied.

Import a key you already have

If you already have an SSH key pair on your laptop, import the public half rather than generating a new one:
1

Click Manage SSH Keys, then Import Key

Two text areas open. You only need the public one.
2

Paste the public key

Open ~/.ssh/id_rsa.pub (or id_ed25519.pub) on your local machine, copy the single line, paste into cPanel’s Public Key field.
3

Skip the private key field

Don’t paste your private key into a server you don’t control. cPanel only needs the public half to authorize logins.
4

Save and authorize

The key shows up in the list. Click Authorize.

Connect from your local machine

Standard OpenSSH. Once a key is authorized: 
ssh -p 22 your-cpanel-username@your-server.example.com
Use the host from your welcome email, not the bare domain (so cPanel proxy doesn’t get in the way). If your private key isn’t ~/.ssh/id_rsa or ~/.ssh/id_ed25519, point at it explicitly with -i: 
ssh -i ~/keys/noxity-id_ed25519 your-cpanel-username@your-server.example.com

Common issues

Three usual causes: the key isn’t authorized in cPanel, you’re connecting with the wrong username, or the local SSH client is offering a different key than the one you authorized. Run with -vvv to see which key OpenSSH is sending; check the username matches your cPanel account.
cPanel’s in-browser Terminal tool requires shell access to be enabled on the account. Some Noxity plan tiers don’t include it. Open a ticket if you need it enabled.
There’s no recovery. Generate a new key in cPanel, authorize it, deauthorize the lost one. Treat the lost key as compromised.
OpenSSH offers every key in your ~/.ssh/ to the server before falling back to password. With many keys loaded into ssh-agent, the server hits its retry limit before the right key is tried. Use ssh -o IdentitiesOnly=yes -i /path/to/correct-key to force one specific key.

Need a hand?