How To Manage Your File In cPanel With SFTP

First, ensure that you have installed an FTP client on your local machine before you download and run the script file.

You can also see more at Wikipedia’s Comparison of FTP client software

If you encounter problems when you try to automatically configure your FTP client, ensure that your client is properly installed on your computer.

If problems persist, consult the FTP client’s documentation.

To configure an FTP client, perform the following steps:

  • Click Configure FTP Client for the desired FTP account.
  • Click FTP Configuration File under the desired FTP client’s logo. You can choose between Filezilla™, Core FTP, or Cyberduck.

Notes: cPanel only support auto-configuration for these FTP clients.

To use another client, manually configure the client.

Click Instructions to view detailed instructions for your chosen client.

  • Open the configuration script file that downloaded to your computer.
  • The FTP client automatically opens, configures itself, and connects to your FTP server.

Panic Transmit:

Transmit is considered as the gold standard of macOS file transfer apps.

You need to have Transmit installed before continuing.

With it, you can upload, download, and manage files on tons of servers with an easy, familiar, and powerful UI.

Not only can you connect to your cPanel server via FTP, SFTP, WebDAV with ease, but it also allows you to connects to over cloud services, like S3, Backblaze B2, Box, Google Drive, Dropbox, Microsoft Azure, and others.

You can either download the 7 days trial from that enables you to use it as much as you want, without restriction, until the subscription kicks in or subscribe via Mac App Store for $24.99 USD/year.

However, the Mac App Store version:

  • does not support Transmit Disk (but we hope to restore Transmit Disk support in the future)
  • does not include the Open In Terminal feature (which was removed at Apple’s request)
  • has minor sand-boxing-related limitations
  • no longer functions if your subscription expires
  • is only supported on macOS 10.14 (Mojave) or later

The drawback when downloaded from is that if they ever release an all-new major update (like a “6.0”), there would likely be an upgrade price involved.

Before proceeding, ensure that you have generated the local machine keys and added them to your cPanel server.

The reason is that we do not allow password authentication because passwords are inherently bad and notoriously hard to remember, yet easy for attackers to break.

A secure password is a long, meaningless string containing a mix of letters, numbers, and symbols.

Because they’re so hard to remember, it’s tempting to use the same password everywhere, which means you have to change all your passwords if just one login gets compromised.

So instead of a password, you have a pair of matched keys: one public, and one private.

Anyone with access to the public key can use it to encrypt information, which can only be decrypted using the corresponding private key.

If you’re on a Mac, we can generate your keypair from the command line. Open a Terminal window and enter the following command:

$ ssh-keygen -t rsa -b 4096

Hit Return to create a keypair using the default name id_rsa and put it in the .ssh folder in your home folder.

Next, you can opt to encrypt your private key with a passphrase.

The passphrase is an extra layer of security on your private key.

With a passphrase, not only does someone need to gain access to your private key, they also need your passphrase in order to make use of it.

To set a passphrase, enter it here.

To skip setting a passphrase, hit Return without typing anything.

Whether you set a passphrase or not, you’ll be asked to confirm it.

Enter the passphrase again, or just press Return.

Your keypair has been generated.

Note that the private key is called “id_rsa” and the public key is “”, and they’re both in a folder called “.ssh” in your home folder.

The public key (the one ending in .pub) goes on the remote server and you’ll need to put your public key on the server either via cPanel web interface or connecting with a username and password via SSH.

Your public key is a text file with a single long line.

Enter this command to see it:

$ cat ~/.ssh/

Open that file in a text editor, and append the entire contents of your public key onto the end of the file.

Once connected, navigate into ~/.ssh/ on the remote server and look for a file called authorized_keys or authorized_keys2.

If you are using the cPanel interface, visit Home >> Security >> SSH Access.

  • Click Manage SSH Keys.
  • Click Import Key.

To use a custom key name, enter the key name in the Choose a name for this key (defaults to id_dsa) text box.

  • Paste the public and private keys into the appropriate text boxes.
  • Click Import.

Make sure that you authorize the key by clicking “Manage“.

A new interface will appear. Click Authorize to authorize the key or Deauthorize to revoke authorization for the key.

Along with your public and private keys, your .ssh folder can contain a file called config containing settings and preferences relating to your keys and servers.

There are too many possible options to list here, and not every possibility is supported (or even practical) in every app.

As a basic example, here’s what you’d put in your config so that the key called exampleKey is used when connecting with the username user to the server

Host domain/
User cPanelusername
IdentityFile "~/.ssh/exampleKey"

This is a great way to tell apps which key file goes with which server, especially if you use non-standard names for your keys, you keep your keys outside of ~/.ssh, or if you use passphrase-encrypted keys, which Transmit cannot validate.

To use Transmit with your cPanel server after the installation:

  • Click to open the Transmit app.
  • Click the “+” sign at the bottom or select “Add New Server” from the “Servers” menu.

You will see all available options.

  • Select SFTP or if you are giving access to your developer using Port 21, select FTP.
  • Type in the name of the server for easy identification.
  • Type in your domain name.
  • Type in your user cPanel username.

If you have followed all the guide above, you can leave the password option blank since your key is already available to use by the app.

  • Either click “Save” or select the paths that you want to access remotely or locally.

This will save the server for you for immediate or future use.

If you simply want to test out things, just use the “Quick Connect” option.

This won’t save the server and you will need to repeat the process when next you access the server.

If you have entered all relevant information correctly, the app will list out all files and directories on your remote cPanel server.

You can either edit, upload or manage all of these right from the user interface.

Do remember though to always backup your files before editing them.


After your keys have been generated and authorized, you will need to create your SFTP profile in your FileZilla application which requires to steps:

Setting up the SFTP connection profile :

  • Open the FileZilla client.
  • From the top of the home screen, click on Edit and select Settings.
  • On the left side of the menu, expand the Connection section and highlight SFTP.
  • Click on the [Add keyfile…] button and browse your local machine’s directories and select your Private Key file.
  • Using the upper toolbar, click on File and then Site Manager. A popup will appear for you to create a new profile.
  • Click on the New Site.
  • Rename the empty site title, “New Site” to a nickname for your server.

Changing the port to 22 will automatically set the host to https:// making it a secure connection.

The right-hand form will appear brighter, indicating you can now enter data in it.

  • Now, under the General tab, fill in the Host (with either an IP address or FQDN) and Port fields (default is 22).
  • In the Protocol drop-down menu, select SFTP – SSH File Transfer Protocol.

More like this:

Host Enter your domain name here. (ie:
Port Set this to “22”.
Protocol Set this to “SFTP – SSH File Transfer Protocol”.
Logon Type Specify the location of the private key file (in .ppk or .pem format)

In the Edit – Settings menu of the FileZilla client, you can [Add key file…] under Connection – SFTP, and FileZilla can then use the public key authentication in the site manager with the ‘Interactive’ Logon type it connects.

Note: Importing a site’s public key is not supported.

Using PuTTY Tools (Windows only).

To allow the use of RSA/DSA key files with Filezilla, you’ll need to download two more tools from PuTTY: Pageant and (assuming your key file isn’t already in PPK format) PuTTYgen found here: .

If your key file is already in PuTTY’s PPK format you can skip the following 4 lines.

If your key is in OpenSSH format, you first need to convert it to PuTTY’s PPK format.

To do this,

  • Launch PuTTYgen and from the “Conversions” menu, select the “Import key” option.
  • Select your key and follow the prompts to enter your passphrase.
  • Save your private key.

Now run Pageant.

In your system tray, you’ll see the Pageant icon appear.

  • Right-click the icon and select “Add Key” and select your private key (PPK) file.
  • Follow the prompt to enter your passphrase and you’re done.

You can now simply launch FileZilla and connect to your server using SFTP with a username and an empty password.

Don’t forget to close pageant when you’re done.

This also works with the portable versions of FileZilla and PuTTY tools.

Alternatively, use WinSCP which has PuTTYgen included by default.

You can download it from here:

Filezilla on a Mac:

If for some reason you are not using ssh-agent and on a Mac, don’t worry about ssh key conversion.

Just import your key via Settings and then use Normal mode in your site connection definition. The imported key will get used.

The following instructions assume you have a working SSH configuration which allows you to ssh to the same host without a password.

  • In FileZilla -> Settings … select Connection -> SFTP
  • Press the Add key file… button
  • Press Command-Shift-G to bring up a path selection window and type “~/.ssh”
  • Select the “id_rsa” key file and click Open (this imports the key)
  • Click OK to close the Settings dialog
  • Open File -> Site Manager …
  • Select the site with which you want to use the key
  • Choose Protocol “SFTP” and select Logon Type “Normal”. Don’t worry about a password if you key file doesn’t have a password
  • Click Connect and you’ll see your files.

Again, a little exploration might be in order to get the best of this.

Was this answer helpful? 5 Users Found This Useful (13 Votes)