Estou usando este sshd_config para permitir que root e Users em sshlogin, façam login via ssh. Usuários no grupo netlogin são chrooted:
# 2009-04-27
AllowGroups root netlogin sshlogin
PermitRootLogin without-password
PermitEmptyPasswords no
PubkeyAuthentication yes
UsePAM yes
ChallengeResponseAuthentication no
PasswordAuthentication yes
AuthorizedKeysFile .ssh/authorized_keys
#AcceptEnv LANG LC_*
AddressFamily inet
HostbasedAuthentication no
HostKey /etc/ssh/ssh_host_dsa_key
HostKey /etc/ssh/ssh_host_rsa_key
IgnoreRhosts yes
MaxStartups 4
KeyRegenerationInterval 3600
LoginGraceTime 60
LogLevel INFO
PrintLastLog yes
PrintMotd no
Protocol 2
Port 22
RhostsRSAAuthentication no
RSAAuthentication yes
ServerKeyBits 768
StrictModes yes
SyslogFacility AUTH
TCPKeepAlive yes
UsePrivilegeSeparation yes
X11DisplayOffset 10
X11Forwarding no
Subsystem sftp internal-sftp
Match group netlogin
ChrootDirectory /home
X11Forwarding no
AllowTcpForwarding no
ForceCommand internal-sftp