Technical guide on generating RSA/ED25519 SSH keys and authorizing them for jailed shell access in cPanel. Learn how to secure terminal access for specific clients.

SSH Access: Generating and Authorizing Public Keys

Secure Shell (SSH) access on Hovixa is restricted to a Jailed Shell (VirtFS) environment. This provides a functional CLI while preventing users from viewing other tenants' processes or sensitive system files. For maximum security, password authentication should be avoided in favor of Public Key Authentication.

1. Generating a New SSH Key Pair

You can generate keys directly within cPanel or on your local machine. We recommend RSA 4096-bit or ED25519 for the best balance of security and compatibility.

1. Log in to cpanel.hovixa.com.
2. Navigate to the Security section and click SSH Access.
3. Click Manage SSH Keys.
4. Click + Generate a New Key.
5. Key Name: Leave as id_rsa or give it a unique name (e.g., client_dev_key).
6. Key Password: Enter a strong passphrase. This encrypts the private key on disk.
7. Key Type & Size: Select RSA and 4096.
8. Click Generate Key.

2. Authorizing the Public Key

Generating a key is not enough; it must be explicitly added to the authorized_keys file via the cPanel interface to be active.

1. On the Manage SSH Keys page, locate your new key under Public Keys.
2. Notice the status says not authorized. Click Manage.
3. Click the Authorize button.
4. The key is now active and will be recognized by the SSH daemon.

3. Connecting from a Specific Client

To connect, the client must possess the Private Key. You must download this from cPanel (or have generated it locally).

For Windows (PuTTY):

• Download the Private Key from cPanel.
• Convert the .key file to .ppk using PuTTYgen.
• In PuTTY, go to Connection > SSH > Auth > Credentials and browse for your .ppk file.
• Connect to cpanel.hovixa.com on Port 22.

For Linux/macOS (Terminal):

ssh -i ~/.ssh/id_rsa [email protected] -p 22
    

4. Technical Implementation & Jailed Shell Limits

Because Hovixa uses CloudLinux CageFS and Jailed Shell, your SSH session has specific constraints:

• Path Isolation: Your root is /home/username. You cannot cd into system folders like /etc or /var.
• Binary Access: You have access to common binaries (php, mysql, git, tar, composer), but system-level tools like yum, apt, or systemctl are restricted.
• Environment: The environment variables and PHP versions match what you have selected in the CloudLinux PHP Selector.

5. Troubleshooting

• Permission Denied (publickey): Ensure the key is Authorized in cPanel. Also, verify your local SSH client is actually presenting the key (use ssh -v for verbose output).
• Connection Timed Out: Hovixa's firewall (CSF) may have blocked your IP due to failed login attempts. Ensure you are using the correct port (22) and your local IP is whitelisted if necessary.
• Passphrase Issues: If you forget the passphrase used during key generation, the private key becomes useless. You must delete the key pair and generate a new one.