If you have purchased a web hosting package, one of the first tasks after your web hosting account has been successfully deployed is to either:
- install an application on the website using our 1-click script installers
- upload existing files you have to the website
Even if our 1-click website installer installs an application on your website (say WordPress or an e-commerce script such Magento, etc), you may still want to upload a custom them/template or a plugin/extension that you bought to enhance the functionality of the site.
While you can upload files using via browser using either WordPress admin or cPanel native File Manager, these might not be the best option because:
- you cannot specify a file size greater than the file size that has been set in the upload_max_filesize in the server php.ini, there may be a limit to the size of upload you can do via a browser.
- even if the size allowed is generous enough for you to initiate the upload, the max_execution_time which determines the maximum time in seconds the script is allowed to receive input (including file uploads) may time out.
- cPanel File Manager does not allow you to upload a naked folder/directory unless you compressed/zipped the file first, then untar or unzip after uploading.
To overcome these constraints, the next question logically would be ... what other options are available to me?
There are two ways to deal with this and we will start with the easiest one which is using an SFTP (SSH/Secure File Transfer Protocol) client.
SFTP is a secure file transfer protocol designed from the ground up by the SECSH working group at IETF (Internet Engineering Task Force) to run over Transport Layer Security (TLS).
It was created to replace the legacy FTP (and even FTP/S) as a file transfer protocol.
- supports the full security and authentication functionality of SSH.
- fully capable of protecting against password sniffing, and man-in-the-middle attacks
- is capable of protecting the integrity of the data using encryption and cryptographic hash functions
- can authenticate both the server and the user
- has a command-line interface
- and enables uploaded files to be associated with their basic attributes, such as timestamps.
SFTP is so secure that a United States Federal Information Processing Standards (FIPS 140-2) recommends it as a preferred protocol for financial, medical, government data in transit.
As a web hosting company that places a strong emphasis on security, we made it mandatory that customers wishing to manage files with FTP must do so using its secure version which SFTP.
There are two reasons for that:
- our systems do not listen to legacy port 21 which FTP uses.
- and even as we enforce the use of SFTP over FTP, weak passwords can also make SSH and port 22 easy targets. So to mitigate the often over-looked human factor, most of our systems don't permit password authentications but rather uses either signed public key, API tokens, or OAuth for authentication and authorization.
To be able to use SFTP to manage your website files, there are six (6) steps that you must complete:
- generate an SSH key on your local machine
- add the generated key to your cPanel server
- authorize the key for usage
- download an SFTP client and install it
- connect to your cPanel server
- and perhaps, a file editor installed on your machine.
The rest of this tutorial assumes that your local machine is a Mac OS system though it is not too different if you are on a Linux machine.
For Windows, please visit any of these URLs:
- How to Enable and Use Windows 10’s New Built-in SSH Commands
- Configuring the New Windows Terminal with Secure Shell (SSH) Profiles | InterWorks
- Installing SFTP/SSH Server on Windows using OpenSSH :: WinSCP
- How to Use SSH in Windows: 5 Easy Ways - MakeUseOf
- A Better Windows 10+WSL SSH Experience - Shea Polansky
- Getting Started using SSH with PowerShell
How To Generate An SSH Key On Mac
First, visit 1Password Password Generator from your browser, generate a strong password, save it to your password manager but leave the page open without reloading it.
Now, check to see if you already have an existing SSH key with:
% ls -al ~/.ssh
If there are an existing public and private key pair listed (for example id_rsa.pub and id_rsa), you can add your SSH key to your cPanel server.
If there no existing public and private key pair, or don't wish to use any that exist to connect to your cPanel server, then:
Open your Finder folder, click on Applications, then Utilities, and finally, scroll down and select Terminal.
You can also hit Command + Tab, then search for Terminal.
When the application opens up (you may need to configure/personalize it to match your workflow later), type in:
% ssh-keygen -t ed25519 -C "$Comment"
where $Comment is an identifier for the key.
It has to be something that when viewing the key on GUI or via shell, you will be able to immediately identify it from the rest of the keys present.
Don't worry, you can always rename it by either adding a space after the key and adding a new comment or using the -c flag:
% ssh-keygen -c [-P passphrase] [-C comment] [-f keyfile]
Back to the key generation, when you see the "Enter a file in which to save the key", just hit Enter.
This will save the key to the default file location often your home directory.
Type in a secure pass-phrase you copied from 1Password Password Generator to secure the SSH keys.
Remember that a secure password is one without a dictionary word, and must contain uppercase and lowercase letters, numbers, and even better, symbols.
But don't worry much as you can always change the passphrase for an existing private key without regenerating the key-pair using the -p flag:
% ssh-keygen -p
You will be prompted to enter it before you can change to a new passphrase.
If you run the command below, you will see the generated key-pair in your hidden SSH folder:
% ls -al .ssh
Edit your .zshrc file and add this alias:
alias pb='pbcopy < ~/.ssh/id_ed25519.pub'
This will enable you to cat the public key instead of typing the longer:
How To Add Your SSH Key To The SSH-Agent
To make things easy for yourself, add the generated key to the ssh-agent to a form of single sign-on (SSO).
The ssh-agent is a helper program that keeps track of user's identity keys and their pass-phrases.
The agent can then use the keys to log into other servers without having the user type in a password or pass-phrase again.
% eval "$(ssh-agent -s)"
% ssh-add -K ~/.ssh/id_ed25519
Create a config file at .ssh to reduce the number of things you need to type:
% touch ~/.ssh/config
% cd .ssh && vi config
Let's assume that your domain name is meepmeep.com hosted at the IP address 220.127.116.11 and that you have configured the DNS properly using what is available at the Zone Editor of the Domain section after logging in to cPanel.
You can confirm this with:
% dig meepmeep.com
If meepmeep.com is not pointing to 18.104.22.168, and it has been more than 24 hrs you added this record, you need to take another look at your DNS configuration.
Also, let's assume that the SSH port remains 22 and that your cPanel username is meepmeep.
Add this to the file:
Press the esc button, type in :wp to save and close the file.
With this, you have created an SSH key you can use for both SFTP and SSH connections to your cPanel.
How To Add A Public SSH Key To Your cPanel Server
Let's go back to our cPanel interface.
Log back into cPanel.
Scroll down until you see the Security pane or section.
Click on the SSH Access icon.
Click Manage SSH Keys.
Use the Import key to add a public key to the account.
Go back to your local machine Terminal and type in:
if you have added the previously recommended alias or below if you haven't:
If you are using the pb alias, the machine will automatically copy the key and all you need to do is to paste it.
If you are using the cat command, the key will be displayed and you have to manually copy it.
You don't need to import the private key.
Go back to cPanel and in the last box with Paste the public key into the following text box: on top, paste it the key.
Type in the Passphrase if you are using one.
In the upper-most box with Choose a name for this key (defaults to id_dsa):, either use the name/comment that you select during the key generation or type in a name that will help you identify it later.
Go back and select the key you just imported and click on Manage.
When the page loads, click the blue Authorize button.
You can always deauthorize a key anytime you wish by using this method but choosing Deauthorize instead.
Your local machine and the cPanel are now ready to communicate and all you need is a tool to make the connection possible.
How To Download A Good SFTP Client To Use
There are several SFTP capable clients that you can use.
You certainly will be able to find one that meets your need by visiting these links:
How To Connect To Your cPanel Server Using A SFTP Client
Each of these tools has its own documentation and your first task is to take the time to read these through.
It is the only way to understand how they work and get the best out of the one you have opted to go with.
Once you have completed the download and have installed Transmit successfully, open it, type in a name to identify the server, and then select SFTP.
Type in the domain name which in our case id meepmeep.com.
Type in the username which in our case is meepmeep.
Save the connection details.
You will see the domain/server listed on the pane.
To connect, just double-click on the server name, and Transmit will attempt to connect to your cPanel and list its content.
To upload files once the connection is made, find the files on your local machine, select the directory where you want to upload the files in your cPanel server (often public_html), and drag them into the Transmit window.
You can learn more about Transmit and SFTP by visiting How does SFTP Authentication work in Transmit 5.
You can also download their newer Nova which serves both as an all-in-one Mac web editor and a great SFTP client.
How To Connect To Your cPanel Server Using The SFTP Command
Once you are logged in, check the available commands by typing ‘help‘:
Check to confirm the directory you are currently on:
Navigate to another directory, use the cd command.
List the files and directories in public_html:
|?||see all available commands|
|help||see all available SFTP commands|
|!||leave the environment temporarily|
|cd||change active directory path on the remote host|
|chmod||change file permission on the remote host|
|chown||change file owner on the remote host|
|dir||list contents of the current directory on the remote host|
|mkdir||create a directory on the remote host|
|put||copy a file from the local computer to the remote host|
|pwd||show present working directory path on the remote host|
|rename||rename a file on the remote host|
|rm||delete a file on the remote host|
|rmdir||remove an empty directory on the remote host|
|ln||create a symbolic link for a file on the remote host|
|symlink||same as ln|
|lcd||change active directory on the local system|
|lls||list contents of the current directory on the local computer|
|lmkdir||create a directory on the local computer|
|lpwd||show present working directory on the local computer|
|get||copy a file from the remote host to the local computer|
|ls||same as dir|
|lumask||change the local umask value|
|version||show the SFTP version|
|exit||close current connection and exit SFTP|
|quit||same as exit|
Additional details on SFTP can be found here: man.openbsd.org/sftp