The scp and sftp commands, as part of the OpenSSH suite, are great secure ways to transfer files around … they generally make a great secure alternative to FTP. However, I’d often wondered if there was a way of allowing file transfer with scp or sftp without giving users a full SSH-accessible shell account on my machine. Who knows what they may run 😛
scponly runs in a chrooted environment (under /home/scponly by default), which in theory should stop users fiddling with your machine via ssh, but will still give them read/write access to the incoming directory within the chrooted directory tree.
I probably wouldn’t trust it for unrestricted public access (since I’m just paranoid about things like this, unless it’s a really well known tool on a properly secured server), but it certainly would be useful for friends, family, colleagues and collaborators.