SFTP without shell/terminal via SSH

Scroll to the very bottom of the file and append the following configuration snippet:


at the bottom add

Match User pippo
ForceCommand internal-sftp
PasswordAuthentication yes
ChrootDirectory /var/sftp
PermitTunnel no
AllowAgentForwarding no
AllowTcpForwarding no
X11Forwarding no

Then save and close the file, here’s what each of those directives do:

Match User tells the SSH server to apply the following commands only to the user specified. Here, we specify sammyfiles.
ForceCommand internal-sftp forces the SSH server to run the SFTP server upon login, disallowing shell access.
PasswordAuthentication yes allows password authentication for this user.
ChrootDirectory /var/sftp/ ensures that the user will not be allowed access to anything beyond the /var/sftp directory. You can learn more about chroot in this chroot tutorial.
AllowAgentForwarding no, AllowTcpForwarding no. and X11Forwarding no disables port forwarding, tunneling and X11 forwarding for this user.