Issue :
How to allow SFTP but disallow shell-level access ?
Solution :
To allow SFTP access but without shell access, you must first enable (jailed) shell via WHM. But then run the following so they do not have command line/shell access:
usermod -s /usr/local/cpanel/bin/noshell username
Of course, replace “username” with the actual account user name.
Then generate a key pair for the account in question:
cd /home/userid/.ssh
Run:
ssh-keygen
(Accept the default names, i.e. id_rsa)
Enter any passphrase and be sure to remember the passphrase used.
After this two files will be created:
id_rsa
***This is the private key.
id_rsa.pub
***This is the public key.
Now entering the following:
cat id_rsa.pub >> authorized_keys
The id_rsa file is the private key to be used with FileZilla:
Preferences —> SFTP —> add key file.
Then configure FileZilla with SFTP and port – (insert ssh access port here), the user ID but NO password.
Remove both files from the on-line account:
id_rsa.pub
id_rsa
Now SFTP transfers should work.
