I will use the user chrooteduser here with the directory /home/chrooteduser. The user chrooteduser belongs to the group users. I want to chroot the user to the /home/chrooteduser directory.
Enabling Chrooted SFTP
Enabling SFTP is very easy. Open /etc/ssh/sshd_config…
… and make sure you have the following line in it
[...] Subsystem sftp internal-sftp [...]
Then add the following stanza at the end of the file (add such a stanza for each user that you want to chroot):
[...] Match User chrooteduser ChrootDirectory /home/chrooteduser AllowTCPForwarding no X11Forwarding no ForceCommand internal-sftp
#### Note: Instead of adding a stanza for each user, you can also chroot groups, e.g. as follows: [...] Match Group users ChrootDirectory /home AllowTCPForwarding no X11Forwarding no ForceCommand internal-sftp #This would chroot all members of the users group to the /home directory. Please note that all components of the pathname in the ChrootDirectory directive must be root-owned directories that are not writable by any other user or group (see man 5 sshd_config).
/etc/init.d/ssh restart or service ssh restart
Now, you can log in with an SFTP client, such as FileZilla