You can easily configure this by following this tutorial:
The part which you are missing is Step 3 — Restricting Access to One Directory
What you need to do is to edit the
/etc/ssh/sshd_config file and apply the following changes:
Match User sammyfiles
Match User tells the SSH server to apply the following commands only to the user specified. Here, we specify sammyfiles.
ForceCommand internal-sftp forces the SSH server to run the SFTP server upon login, disallowing shell access.
PasswordAuthentication yes allows password authentication for this user.
ChrootDirectory /var/sftp/ ensures that the user will not be allowed access to anything beyond the /var/sftp directory.
AllowAgentForwarding no, AllowTcpForwarding no. and X11Forwarding no disables port forwarding, tunneling and X11 forwarding for this user.
This set of commands, starting with Match User, can be copied and repeated for different users too. Make sure to modify the username in the Match User line accordingly.
Note: You can omit the PasswordAuthentication yes line and instead set up SSH key access for increased security. Follow the Copying your Public SSH Key section of the SSH Essentials: Working with SSH Servers, Clients, and Keys tutorial to do so. Make sure to do this before you disable shell access for the user. In the next step, we’ll test the configuration by SSHing locally with password access, but if you set up SSH keys, you’ll instead need access to a computer with the user’s keypair.
To apply the configuration changes, restart the service.
sudo systemctl restart sshd
You have now configured the SSH server to restrict access to file transfer only for sammyfiles. The last step is testing the configuration to make sure it works as intended.
Please make sure to change the sammyfiles user with your actual username.
Hope this helps!