Ability to disable SFTP
Call for Comments
The ability for cPanel users, when logging in via SFTP, to browse above their directory is both undesired and unnecessary in contemporary cPanel&WHM hosting environments. To get around this, we should implement a chrooted environment.
Being mindful of the many servers still running CentOS 5, we cannot implement the chrooting abilities specific to CentOS/RHEL 6. However, we may be able to do this by using ProFTPd for SFTP as it has supported chrooting for a very long time and has already established a record of being compatible with cPanel&WHM environments.
Note, ProFTPd does not natively accommodate OpenSSH keys, often used on SSH. However, as documented on ProFTPD module mod_sftp these keys can be converted to a format compatible with ProFTPd. This is an understood limitation and is considered something that could be accommodated later as most SFTP users currently just use username/password authentication.