In the olden days one had to use packages such as scponly and rssh in order to restrict a user account to just being able to use scp and sftp. Now that functionality is built into OpenSSH. A client wanted me to setup such an account for 1 user on a system. I modified sshd_config like this:
Match user username ChrootDirectory /home/%u ForceCommand internal-sftp X11Forwarding no AllowTcpForwarding no
Note that this only works in Ubuntu 8.10 and later and Debian 5.0 and later. Also, be aware that the home directry has to be owned by root and not writable by the user for security reason. So a directory inside the home directory will need to be created for the user to upload any files.
References:
- OpenSSH SFTP chroot() with ChrootDirectory
- Chroot users with OpenSSH: An easier way to confine users to their home directories