How to Migrate Accounts with WHM Transfer Tool Using Temporary SSH Keys

How to Migrate Accounts with WHM Transfer Tool Using Temporary SSH Keys

When managing web servers, the best cybersecurity practice is to keep password-based root access disabled. However, this poses a challenge when using the WHM Transfer Tool, as the destination server needs to connect to the source server to extract the data.

To keep security intact and avoid leaving permanent private keys that could be exploited in the future, the safest method is to use ephemeral SSH keys (temporary). This process creates a secure bridge that exists only during the minutes the migration takes.

Below, we explain how to perform this process in 4 simple steps.

Step 1: Generate the key on the Destination server (The receiver)

The server receiving the accounts will initiate the connection, so it needs to generate the private key.

  1. Log in to the WHM of the Destination server.

  2. In the left-hand menu, look for the Security Center section and click on Manage root’s SSH Keys.

  3. Click the Generate a New Key button.

  4. Assign an easy-to-identify name, for example: migration_server1_to_server2.

  5. You can leave the passphrase field empty or set a password you can easily remember.

  6. Click on Generate Key.

Step 2: Authorize the key on the Source server (Where the data comes from)

Now we must tell the source server to trust the key we just created.

  1. On the Destination server (where you generated the key), go to your key list and click on View/Download Key under the Public Keys column of your new temporary key. Copy the entire text of the public key.

  2. Log in to the WHM of the Source server.

  3. Go to Security Center > Manage root’s SSH Keys and click on Import Key.

  4. Assign a name to the key (e.g., migration_server1_to_server2) and paste the text you copied into the lower box designated for the public key. Leave the private key box empty and click Import.

  5. Return to the key list on the Source server, find the newly imported key, click on Manage Authorization and then press Authorize.

Step 3: Execute the account transfer

With the communication bridge established, you can now perform the migration smoothly.

  1. Return to the WHM of the Destination server and open the Transfer Tool.

  2. In the Remote Server Address field, enter the IP of the Source server.

  3. In the Authentication section, select SSH Public Key.

  4. In the keys dropdown menu, select the temporary key you created in Step 1 ( migration_server1_to_server2 ).

  5. Click on Fetch Account List. Select the packages or cPanel accounts you want to migrate and execute the transfer normally.

Step 4: Key destruction (Critical security step)

This is the most important step of the methodology. Once you confirm the migration has finished successfully, you must destroy the communication bridge to avoid long-term risks.

  1. On the Source server, go to Manage root’s SSH Keys and delete the temporary public key you authorized in Step 2.

  2. On the Destination server, go to Manage root’s SSH Keys and delete both the public and private keys you generated in Step 1.

By deleting these keys, you ensure that no server retains direct access to other nodes in your infrastructure, keeping the architecture isolated and protected against lateral movement.

    • Related Articles

    • Basic SSH commands

      FILE MANAGEMENT Copy file cp -a archivo.zip archivocopia.zip Create a 404.html file touch /home/usuario/public_html/404.html Compress directory zip -r archivo.zip /home/usuario/public_html/directorio Extract file unzip archivo.zip View contents of a ...

    • Using Screen on Linux: create, resume, and close terminal sessions

      Screen is a command-line tool on Linux that allows you to manage multiple, persistent terminal sessions. With screen, you can run programs in the background, detach from a session without closing it, and resume it later. This is useful for ...

    • JetBackup 5: How to fix the Integrity Check error using CLI/SSH

      When JetBackup performs its automated integrity verification processes, they may sometimes complete partially due to network interruptions, timeouts, or communication issues with the remote storage destination. If you receive notifications indicating ...

    • Clean /tmp on Linux: remove old temporary files with tmpwatch

      The /tmp partition on a Linux server is used to temporarily store files while various tasks are running. It is important to ensure that this partition does not become full, as it can affect system performance and cause unexpected issues. In this ...

    • How to install and configure Nginx as a reverse proxy in cPanel/WHM 🚀

      What is Nginx and why use it with cPanel? Nginx is a high-performance web server that can function as a reverse proxy in front of Apache on cPanel servers. This configuration allows Nginx to handle static files (images, CSS, JavaScript) while Apache ...