I want to control user access on server to just a specific directory via SFTP and nothing else, not even ssh. Here is my take after searching info on the net:
First, edit ssh config file.
sudo nano /etc/ssh/sshd_config
Change Subsystem property (or add one if not already there)
Subsystem sftp internal-sftp
Add the following lines to the bottom of config file.
Match group sftponly
# Force the connection to use SFTP and chroot to the required directory.
# Disable network tunneling
# Disable authentication agent forwarding.
# Disable TCP connection forwarding.
# Disable X11 remote desktop forwarding.
From config it says, we only allow a user group name ‘sftponly’ to use ssh solely for sftp and not any other purpose including some forwarding functions.
This means we will have to create this system group (it can be named something else). Exit and save the config file by pressing Ctrl + X and Enter then issue this command in shell:
sudo addgroup sftponly
Then add user that you want to limit ssh access to this group. In this example, we assume that this is new user and we will create them first.
sudo adduser testuser
Then add to the group.
sudo usermod testuser -g sftponly
Next, change home directory of this user to where you want to confine access to.
sudo usermod testuser -d /path/to/newhome
Now, restart the ssh service for the change to take effect.
sudo service ssh restart
Finally, change path to the new user’s home and change the ownership and permission to allow access.
sudo chown testuser:sftponly -R *
sudo chmod 755 -R *