Secure server access is critical for any developer or site manager. Cloudways offers an intuitive way to handle SSH and SFTP credentials, yet a detailed, hands-on approach helps ensure you fully understand the process, along with essential best practices. This guide delivers that in-depth coverage, without assuming prior knowledge.
Master vs. Application Credentials
Cloudways differentiates between two types of credentials:
- Master Credentials: These apply at the server level, giving full SSH/SFTP access across all hosted applications on that server.
- Application Credentials: Scoped to a specific application, they offer limited access—ideal for collaborative or restricted use .
Understanding this distinction empowers you to enforce the principle of least privilege, enhancing security while enabling team workflows.
Accessing and Managing Credentials
As discussed above there are 2 types of Credentials to access and manage your applications.
Master Credentials
Navigate to Servers → select your server.
In Server Management, you’ll see:
- Master Username
- Password (hidden by default)
- Public IP address
Click the copy icon to copy them. You can also click Edit to regenerate the password if needed.
Application Credentials
Go to Applications → open your target app → SSH/SFTP (or Application Management).
The interface shows:
- Application Username
- Password
- Host IP
These are auto-generated. Use the copy button to avoid typos while connecting to the server.
Creating Additional Application Users
In order to support the team collaboration, in the same app view, click Add SFTP User.
- You will need to enter a username and strong password.
- Once created, click Add or Confirm as Cloudways generates new credentials.
- These users can use SSH or SFTP and are limited strictly to the designated application directory.
Editing or Revoking Access
Editing and deleting the credentials is quite easy on Cloudways Platform:
- Change an existing user’s password: Click the Edit icon next to the user, update the password, and save, usernames stay the same, only passwords change.
- Delete credentials: Click the trash icon next to the user. This immediately revokes SSH/SFTP access.
Establishing SSH or SFTP Connections
SSH (Command Line)
For SSH access (if you are using macOS/Linux), you can use the following command to access your server:
ssh [email protected]
For Windows, use PuTTY or WSL, you can also connect via command prompt. Connect on port 22, accept the RSA fingerprint, then log in.
Using Master credentials starts at the server root will all applications visible. Application credentials begin within the app directory. From there, you can run commands like ls, cd, composer, npm, or wp.
You can also directly access your Cloudways server via SSH using Cloudways SSH terminal.
SFTP (File Transfer)
For SFTP, you can open FileZilla, WinSCP, or Cyberduck with following details.
- Host: Your Cloudways server_ip,
- Port: 22.
- Enter your SFTP credentials (Master or Application) and use drag-and-drop to manage files and directories securely.
💡Note: Connect with master credentials gives you full server access, not as root user but has maximum access, while app credentials restrict you to that particular app’s folder.
Upgrading Security with SSH Keys
For stronger security, you can switch from passwords to SSH key-based authentication:
- Generate key pairs using ssh-keygen (Linux/macOS) or PuTTYgen (Windows).
- Upload the public key in Cloudways under Application Management or SSH/SFTP.
- After adding your public key, password logins can be disabled for that user.
SSH keys prevent unauthorized access via brute-force attacks and eliminate the need to manage passwords.
Best Practices and Security Measures
- Limited Access: Always use application credentials when sharing access—reserve master credentials for administrative tasks only.
- Strong credentials: Use random passwords (e.g. 16+ characters) or SSH keys.
- Regular audits: Delete unused users and rotate passwords periodically.
- IP whitelisting: Limit SSH/SFTP access to specific IPs via Cloudways security settings.
- Backups: Always take a snapshot before making significant server or file changes.
- Permission fixes: Use the “Reset File & Folder Permissions” tool in Cloudways to restore correct permissions (folders: 775, files: 664).
Conclusion
Cloudways strikes an excellent balance between usability and security with its credential management system. By clearly distinguishing master and app credentials, enabling secure connections, supporting SSH key authentication, and incorporating best practices like IP whitelisting and credential rotation, you maintain tight control while empowering your team. Properly managed SSH/SFTP workflows make server and site administration both efficient and secure.
Frequently Asked Questions
1. Can I use SSH keys instead of passwords on Cloudways?Yes, generate a key pair locally and upload the public key via the SSH/SFTP tab. Once configured, password authentication can be disabled.
2. How many application users can I create?
Owners can generate multiple credentials per app. Team members can add one per application.
3. What directory do application credentials give me access?
They begin inside that specific application’s folder, not at the server root, unlike master credentials.
4. How do I fix “permission denied” errors when uploading files?
Use Cloudways’ Reset File & Folder Permissions tool, which sets directories to 775 and files to 664, restoring proper permissions.
Salwa Mujtaba
Salwa Mujtaba is a Technical Content Writer at Cloudways. With a strong background in Computer Science and prior experience as a team lead in Cloudways Operations, she brings a deep understanding of the Cloudways Platform to her writing. Salwa creates content that simplifies complex concepts, making them accessible and engaging for readers. When she's not writing, you can find her enjoying good music, reading a book, or spending quality time with her family.
