I am not sure this is the best way to do this nor am I sure it is that secure. But this is how I did it.
Edit
sudo nano /etc/ssh/sshd_config
modify the Subsystem sftp line to look like the following:
Subsystem sftp internal-sftp
Then add this block of text to the end of that same file:
Match group sftpusers
ChrootDirectory %h
X11Forwarding no
AllowTcpForwarding no
ForceCommand internal-sftp
sudo service ssh restart
sudo addgroup –system sftpusers
Create a folder for your website
sudo mkdir /var/www/website
sudo mkdir /var/www/website/website
Yes you need them both. The first one is a landing page for the SFTP jailed user. The second one is where your website files go.
Now making the user is the hardest part.
Create a new user that is in the group sftpusers you can do it all in one line but this is how I did it.
sudo adduser –home /var/www/website newuser
usermod -G sftpusers newuser
Now let set the rights on the folders
sudo chown root:root /var/www/website
sudo chown www-data:sftpusers /var/www/website/website
sudo chmod -R 0755 /var/www/website/website
sudo chmod -R 0775 /var/www/website
Notes:
It would be best to add a shell that did not let someone login via SSH
sudo nano /etc/shells
At the bottom of that file add this lone
/usr/sbin/nologin
Then edit
sudo nano /etc/passwd
At the bottom of this file you should see the user you just created. Make sure you replace the Shell with the new one you just create something like this.
newuser:x:0000:0000:,,,:/var/www/website:/usr/sbin/nologin
Also if you making this public you should add
fail2ban just Google it and you will see how to install.
Now if I have not forgotten anything that should work.
