Introduction
This guide will help you configure OpenSSH to restrict users to their home directories. Please note that these instructions are not intended to support shell logins; any user accounts modified in accordance with this guide will have the ability to transfer files, but not the ability to log into a remote shell session.
Configure OpenSSH
Edit the /etc/ssh/sshd_config file, making sure the following line is present. If your system's file has a line that begins with "Subsystem sftp" modify it to resemble the following:
File: /etc/ssh/sshd_config
Subsystem sftp internal-sftp
Continue to add the following block to the end of the file:
File: /etc/ssh/sshd_config
Match group filetransfer
ChrootDirectory %h
X11Forwarding no
AllowTcpForwarding no
ForceCommand internal-sftp
Match
Restart OpenSSH as follows:
sudo /etc/init.d/ssh restart
Create User Group
The above config changes make it possible to restrict all users who are included in a user group called filetranser to only be able to use SFTP and whol'll be chroot'd to their home folder.
So lets create this new user group:
sudo addgroup filetransfer
That's it for now. We are going to use this specifically for users created for websites. You can see how this works by seeing the page on Website User Management.