# For local SSH forwarding
PermitRootLogin false
Match LocalAddress 127.0.0.1,::1
        PermitRootLogin prohibit-password

# Sample for SFTP-Only users
# Every dir include /root must be owned by root with o=rx or o=r
# 
# Example tree
# /srv/someuser/root/data # owned by someuser
# /srv/soomeuser/root     # owned by root
# /srv/someuser/.ssh      # owned by somueuser
# /srv/someuser           # owned by root
#
Match User bu_*
        X11Forwarding no
        AllowTcpForwarding no
        ForceCommand internal-sftp -l info -u 022
        ChrootDirectory %h/root