# NOTE: requires "Subsystem sftp internal-sftp"
#
# Every directory in the chroot path must be owned by root (group ownership
# irrelevant) and only writable by the owner.
# (See https://wiki.archlinux.org/index.php/SFTP_chroot#Write_access_to_chroot_dir
# for a workaround using bind mounts.)

Match group filetransfer
    ChrootDirectory %h
    X11Forwarding no
    AllowTcpForwarding no
    PermitTunnel no
    ForceCommand internal-sftp