you almost have it. user on server B must be given this will forbid interactive login from server A /bin/false as shell, (but file on server B can still be fetched or deleted).
Edit:
- using
/bin/falseas a shell forbid copying - using
/usr/sbin/nologinalso (his account is currently not available.)
A more complex solution would involve vsftp (not ftps), but this require ssl certificates.