1) Setup SSH jail in /etc/ssh/sshd_config
Match User JAILED_USER_NAME
  ForceCommand internal-sftp
  ChrootDirectory /jailed/directory
  AllowTcpForwarding no
  X11Forwarding no

2) Restart SSHD
systemctl restart sshd

3) Test

4) Setup dir share from somewhere else in filesystem using:
mount --bind /jailed/directory /somewhere/else

Remember that path to jailed dir must be owned by root and the share dir must be in a group that is writable by the jailed user. This will also only stick around till the next reboot, if you need something more permanent look into using fstab.

Published on June 1, 2018