I'd like to use SFTP for all the sites on my cPanel CentOS server as we had an FTP password hacked before (not hard). However I don't want each sites SFTP account to have shell access (not even jailed shell). Is this possible and how? I'm quiet new to UNIX, server management and the command line.
SnapOverflow
I'm not sure which version of OpenSSH is bundled with CentOS, but if it is 4.9 or newer then you can actually do it with OpenSSH with no need to install any additional software.
I wrote a blog post about this recently, you can check it out here: http://blog.frands.net/sftp-only-chroot-users-with-openssh-in-debian-166/
The guide is for Debian, but it's pretty much the same if the version of OpenSSH is 4.9 or more. You find out the version by issuing this command:
Also, in my example I use a static directory for all users. You can use %u in the config file, which will be replaced by the username. So the ChrootDirectory could be set to /www/users/%u
Set scponly as login shell for those users.
RSSH - Restricted SSH will do what you are after.
RSSH is a shell wrapper that will only allow a user to access the SSH parts you permit, it's a bit tricky to set up at first with a chroot environment etc.
http://www.pizzashack.org/rssh/
You may want to consider MySecureShell which offers:
I've used this in the past; it's straightforward to install and configure and is actively developed. For you, there are CentOS packages and a GUI to help with configuration and administration.