There are many ways to create Chroot for SSH here are 2 good links for that.

Note: Here some more info on the subject. The following article is based on an extract of the following site:

Enabling chrooted SSH

Enabling chrooted SSH is a bit complicated because we must set up a chroot environment with all programs/tools (e.g. /bin/bash, /bin/cp, etc.) that the users should be able to use. This means we must also copy all libraries that these programs need to the chroot jail. You can do this manually with the cp command, and you can find out what libraries a tool needs by using the ldd command, e.g.
ldd /bin/bash
We also have to create some devices such as /dev/null, /dev/zero, /dev/tty, and /dev/urandom inside the chroot jail with the mknod command.
However, this can be a tedious task. Fortunately, there’s a script that can do this for us. Found at:
First, we need to install some prerequisites:
apt-get install sudo debianutils coreutils
Then we download to /usr/local/sbin and make it executable for the root user:
cd /usr/local/sbin
chmod 700 /usr/local/sbin/make_chroot_jail.

Enabling chrooted SFTP Only and disable SSH

Method 1

The following article has nothing to do with the above articles of Chroot for SSH.
Here is shown what you can do to make a user use SFTP only and disallow SSH usage for that user.
All you have to do is change the user’s login shell to /usr/lib/openssh/sftp-server.
usermod -s /usr/lib/openssh/sftp-server falko
/usr/lib/openssh/sftp-server must be listed in /etc/shells as a valid login shell,
so if it isn’t already listed, please add it to /etc/shells as follows:
echo '/usr/lib/openssh/sftp-server' >> /etc/shells
This above command has to be done only once, not for every user that you want to restrict to SFTP.
Afterwards, you can log in with an SFTP client, such as FileZilla or WinSCP, or for MAC Cyberduck .

Method 2

Create a user for SFTP without any shell:
adduser sftp
usermod -s /bin/false sftp

For chroot the user home directory must be owned by root and writable only by root
chown root:root /home/sftp
chmod 755 /home/sftp

The user should not be allowed to write in its chrooted home directory. So we create an upload sub-directory which belongs to the user.
mkdir /home/sftp/upload
chown sftp:sftp /home/sftp/upload

Adapting sshd Configuration
In /etc/ssh/sshd_config
Subsystem sftp internal-sftp
Disable the following line with ‘#’
#Subsystem sftp /usr/lib/openssh/sftp-server
Add the following lines:
Match User sftp
ChrootDirectory /home/%u
ForceCommand internal-sftp
X11Forwarding no
AllowTcpForwarding no

Restart SSHD Daemon:
/etc/init.d/sshd restart
tail -f /var/log/auth.log

%d bloggers like this: