Scroll to the very bottom of the file and append the following configuration snippet:
at the bottom add
Match User pippo ForceCommand internal-sftp PasswordAuthentication yes ChrootDirectory /var/sftp PermitTunnel no AllowAgentForwarding no AllowTcpForwarding no X11Forwarding no
Then save and close the file, here’s what each of those directives do:
Match User tells the SSH server to apply the following commands only to the user specified. Here, we specify sammyfiles.
ForceCommand internal-sftp forces the SSH server to run the SFTP server upon login, disallowing shell access.
PasswordAuthentication yes allows password authentication for this user.
ChrootDirectory /var/sftp/ ensures that the user will not be allowed access to anything beyond the /var/sftp directory. You can learn more about chroot in this chroot tutorial.
AllowAgentForwarding no, AllowTcpForwarding no. and X11Forwarding no disables port forwarding, tunneling and X11 forwarding for this user.