> ## Documentation Index
> Fetch the complete documentation index at: https://help.noxity.io/llms.txt
> Use this file to discover all available pages before exploring further.

# SSH Access

> Generate, import, and authorize SSH keys for shell access to your hosting account. Plus the warning you should read before using SSH at all.

The SSH Access tool manages the keys cPanel uses to authenticate shell logins to your account. Generate a new key pair, import an existing public key, and mark which keys are authorized to log in.

Open it from cPanel home → **Security** → **SSH Access**.

<Frame caption="SSH Access landing page with the Manage SSH Keys button">
  <img src="https://mintlify.s3.us-west-1.amazonaws.com/noxity/images/cpanel/security-settings/ssh-access/landing-light.png" alt="SSH Access page with Manage SSH Keys" className="block dark:hidden" />

  <img src="https://mintlify.s3.us-west-1.amazonaws.com/noxity/images/cpanel/security-settings/ssh-access/landing-dark.png" alt="SSH Access page with Manage SSH Keys" className="hidden dark:block" />
</Frame>

<Warning>
  **SSH gives you a real shell on the server.** Mistakes at the command line are not undoable in the same way the cPanel UI is. `rm -rf` does what it says, an `.htaccess` typo can take the site offline, and a runaway script counts against your resource limits.

  If you don't already know your way around a Linux shell, do the work in the cPanel UI or the [File Manager](/web-hosting/cpanel/file-management/file-manager). Open a ticket and we'll walk you through whatever you were going to do over SSH; usually there's a safer path.
</Warning>

## Generate a key pair

<Steps>
  <Step title="Click Manage SSH Keys, then Generate a New Key">
    cPanel opens the key generation form.
  </Step>

  <Step title="Pick a name and (optional) password">
    The default name `id_rsa` matches the OpenSSH convention and is fine. A password protects the private key on disk; you'll have to type it (or unlock it via `ssh-agent`) every time you connect. For an automated job, leave the password blank.
  </Step>

  <Step title="Choose the key type">
    `ed25519` is the modern default; faster, shorter, and at least as secure as RSA. Pick `RSA 4096` if you have to interoperate with old clients that don't speak `ed25519`. Skip `dsa`, it's deprecated.
  </Step>

  <Step title="Click Generate Key">
    cPanel writes both the private and the public key into your account's `.ssh/` directory. Download the **private** key (the one without `.pub`) to whichever machine you want to connect from. Don't email it. Don't paste it into chat.
  </Step>
</Steps>

## Authorize a key for login

A generated or imported public key sits on the server but doesn't grant access until you authorize it. The Manage SSH Keys page shows every key it knows about with an **Authorize** / **Deauthorize** button next to each.

* **Authorize** appends the public key to `~/.ssh/authorized_keys`. Anyone holding the matching private key can now log in as your cPanel user.
* **Deauthorize** removes the line. Existing sessions stay open, future logins are denied.

## Import a key you already have

If you already have an SSH key pair on your laptop, import the public half rather than generating a new one:

<Steps>
  <Step title="Click Manage SSH Keys, then Import Key">
    Two text areas open. You only need the **public** one.
  </Step>

  <Step title="Paste the public key">
    Open `~/.ssh/id_rsa.pub` (or `id_ed25519.pub`) on your local machine, copy the single line, paste into cPanel's **Public Key** field.
  </Step>

  <Step title="Skip the private key field">
    Don't paste your private key into a server you don't control. cPanel only needs the public half to authorize logins.
  </Step>

  <Step title="Save and authorize">
    The key shows up in the list. Click **Authorize**.
  </Step>
</Steps>

## Connect from your local machine

Standard OpenSSH. Once a key is authorized:

```bash theme={}
ssh -p 22 your-cpanel-username@your-server.example.com
```

Use the host from your welcome email, not the bare domain (so cPanel proxy doesn't get in the way). If your private key isn't `~/.ssh/id_rsa` or `~/.ssh/id_ed25519`, point at it explicitly with `-i`:

```bash theme={}
ssh -i ~/keys/noxity-id_ed25519 your-cpanel-username@your-server.example.com
```

## Common issues

<AccordionGroup>
  <Accordion title="Permission denied (publickey)">
    Three usual causes: the key isn't authorized in cPanel, you're connecting with the wrong username, or the local SSH client is offering a different key than the one you authorized. Run with `-vvv` to see which key OpenSSH is sending; check the username matches your cPanel account.
  </Accordion>

  <Accordion title="The cPanel terminal won't open">
    cPanel's in-browser **Terminal** tool requires shell access to be enabled on the account. Some Noxity plan tiers don't include it. Open a ticket if you need it enabled.
  </Accordion>

  <Accordion title="I lost the private key">
    There's no recovery. Generate a new key in cPanel, authorize it, deauthorize the lost one. Treat the lost key as compromised.
  </Accordion>

  <Accordion title="&#x22;Too many authentication failures&#x22;">
    OpenSSH offers every key in your `~/.ssh/` to the server before falling back to password. With many keys loaded into `ssh-agent`, the server hits its retry limit before the right key is tried. Use `ssh -o IdentitiesOnly=yes -i /path/to/correct-key` to force one specific key.
  </Accordion>
</AccordionGroup>

## Need a hand?

<CardGroup cols={2}>
  <Card title="Open a ticket" icon="life-ring" href="https://members.noxity.io/submitticket.php">
    Best for anything that needs an account check or a config change on our end.
  </Card>

  <Card title="Live chat" icon="messages" href="https://noxity.io/contact">
    Faster for quick questions during business hours.
  </Card>
</CardGroup>