I spent 24 hours on this and I guess it's worth sharing.
Target: having several web developers being able to access the server by SFTP publishing contents in different locations in the web server path. We want a "server safe" way of providing ssh access, that means chrooted access.
Solution: a ChRooted sftp access to user home directory with direcotries linking to where the user is allowed to post on the /var/www dir root of the web service. But we cannot link out from the rooted home directory right? No we can, using "mount --bind" command!
Another trick to debug sftp connection server side: open up port 2222 on the firewall and run
"/usr/sbin/sshd -p 2222 -d -D" (with the complete path) on the server and "sftp -P 2222 user@host" on the client, all possible issues will be clear. Most likely you will have to fix some privileges on the chrooted dir.
This solution is much beter chan ChRoot directly in /var/www dirs!!
For more info about chrooting the user on sftp login, use google or see the following useful links:
