I am trying to set up my droplet so that an SFTP user can't move up to view other directories above their own /home.

I added the following to sshd_config:

Match Group filetransfer
ChrootDirectory %h
X11Forwarding no
AllowTcpForwarding no
ForceCommand internal-sftp

Then I added the user the group filetransfer .

Then I added chown user:filetransfer /home

At that point the user is not able to log in via SFTP at all. What am I missing?

Thanks!