Openssh daemon config
From wikinotes
Common Options
Port 22 PermitRootLogin no PasswordAuthentication no PermitEmptyPasswords no # if user is authenticated, do not prevent them from accessing # if their ip addr has changed since last time. IgnoreUserKnownHosts yes
Restricting Users
# /etc/ssh/sshd_config # members of unix group 'sftpusers' # are restricted to dir '/var/sftpdata/{username}' # and are only allowed to run 'internal-sftp' command Match Group sftpusers ChrootDirectory /var/sftpdata/%u ForceCommand internal-sftp