Configuring an OpenSSH sftp chroot is a surprisingly easy process for how powerful it is, it allows you to create a chroot environment that a user can connect to by sftp and go about their business locked inside their folder. The purpose of this is to have a secure method of transferring files between machines, that is the purpose of the chroot which is like a jail confining access and then using sftp which is SSH file transfer protocol.
sudo vi /etc/sshd/sshd_config
Scroll down to the bottom and add the following into the file
Match Group sftp ChrootDirectory %h X11Forwarding no AllowTcpForwarding no ForceCommand internal-sftp
Add a user you want to create for sftp purposes. We are creating it with /bin/false, we don't want this accessible to anything but sftp connections
sudo useradd -m -d /home/<username here> -s /bin/false -U <username here>
Add a password to the user, make sure its strong
passwd <username here>
Add the group we specified earlier, which was sftp
And now we will add them to the group we just made.
usermod -aG sftp <username here>
To secure the directory and a big part of creating that chroot is having root own the new users home directory
chown root:root /home/<username here> chmod go-w /home/<username here>
Now we must make a folder to be writable by our new user so we they can utilize it, otherwise they will not be able to read, write, or execute anything. They must also own the folder and have the correct permissions set too.
sudo mkdir /home/
/writable sudo chown :sftp /home/ /writable sudo chmod ug+rw /home/ /writable
Now you must restart sshd for the new configuration we added earlier to get picked up, and then try connecting to by the computer/server you configured this on by using the user we created. This should be successful and ready to use.
systemctl restart sshd
Then check the daemons status:
systemctl status sshd