How do I setup SFTP for sites without giving shell access?

Solution 1:

I'm not sure which version of OpenSSH is bundled with CentOS, but if it is 4.9 or newer then you can actually do it with OpenSSH with no need to install any additional software.

I wrote a blog post about this recently, you can check it out here: http://blog.frands.net/sftp-only-chroot-users-with-openssh-in-debian-166/

The guide is for Debian, but it's pretty much the same if the version of OpenSSH is 4.9 or more. You find out the version by issuing this command:

ssh -V

Also, in my example I use a static directory for all users. You can use %u in the config file, which will be replaced by the username. So the ChrootDirectory could be set to /www/users/%u

Solution 2:

Set scponly as login shell for those users.

Solution 3:

RSSH - Restricted SSH will do what you are after.

RSSH is a shell wrapper that will only allow a user to access the SSH parts you permit, it's a bit tricky to set up at first with a chroot environment etc.

http://www.pizzashack.org/rssh/