Allow SFTP but limiting SSH access an account on Ubuntu 14.04

I want to control user access on server to just a specific directory via SFTP and nothing else, not even ssh. Here is my take after searching info on the net:

First, edit ssh config file.

 sudo nano  /etc/ssh/sshd_config  

Change Subsystem property (or add one if not already there)

Subsystem sftp internal-sftp

Add the following lines to the bottom of config file.

Match group sftponly

ChrootDirectory %h

# Force the connection to use SFTP and chroot to the required directory.

ForceCommand internal-sftp

# Disable network tunneling

PermitTunnel no

# Disable authentication agent forwarding.

AllowAgentForwarding no

# Disable TCP connection forwarding.

AllowTcpForwarding no

# Disable X11 remote desktop forwarding.

X11Forwarding no

From config it says, we only allow a user group name ‘sftponly’ to use ssh solely for sftp and not any other purpose including some forwarding functions.

This means we will have to create this system group (it can be named something else). Exit and save the config file by pressing Ctrl + X and Enter then issue this command in shell:

sudo addgroup sftponly

Then add user that you want to limit ssh access to this group. In this example, we assume that this is new user and we will create them first.

sudo adduser testuser

Then add to the group.

sudo usermod testuser -g sftponly

Next, change home directory of this user to where you want to confine access to.

sudo usermod testuser -d /path/to/newhome

Now, restart the ssh service for the change to take effect.

sudo service ssh restart

Finally, change path to the new user’s home and change the ownership and permission to allow access.

cd /path/to/newhome
sudo chown testuser:sftponly -R *
sudo chmod 755 -R *

Refs:
https://bensmann.no/restrict-sftp-users-to-home-folder/
http://passingcuriosity.com/2014/openssh-restrict-to-sftp-chroot/
https://www.linode.com/docs/tools-reference/tools/limiting-access-with-sftp-jails-on-debian-and-ubuntu