SFTP

    Chroot user into a directory

    SFTP Chroot
    Match Group hs-hb-cloud
     ChrootDirectory %h
     AllowTCPForwarding no
     X11Forwarding no
     PermitTunnel no
     ForceCommand internal-sftp
     PasswordAuthentication no
      
    # With the standard path of AuthorizedKeysFile, the SSH keys authentication will fail for chrooted-users. To fix this, append a root-owned directory on AuthorizedKeysFile to /etc/openssh/sshd_config e.g. /etc/ssh/authorized_keys, as example
    AuthorizedKeysFile /etc/ssh/authorized_keys/%u .ssh/authorized_keys
    

    Note: hs-hb-cloud group should exist, and the user used to login should be part of this group

    reference