1. Add user and group
>useradd warawich >groupadd sftponly >usermod -G sftponly warawich >usermod warawich -g sftponly -s /sbin/nologin >passwd warawich >cd /home/warawich >mkdir .ssh >cd .ssh && touch authorized_keys
2. Paste public key in authorized_keys file then save
Then change permission directory and file >chmod 700 -R /home/warawich >chmod 600 /home/warawich/.ssh/authorized_keys
3. Edit sshd_config
Example: We want to limit access from 49.228.71.24 and 27.55.79.125 for user warawich and allows access from anywhere for other users
vim /etc/ssh/sshd_config
UseDNS no
Subsystem sftp internal-sftp
AllowUsers [email protected] [email protected] user1 user2
Match Group sftponly
ChrootDirectory /home
ForceCommand internal-sftp
PermitTunnel no
AllowAgentForwarding no
X11Forwarding no
AllowTcpForwarding no
systemctl restart sshd