I don't know what you are using for authentication; nor is it clear to me if any client private keys were exposed if used.
If client private keys were (or are) at risk, you might consider one of the two-factor authentication options available for SSH.
In addition, ChrootDirectory can apply chroots to authenticated client sessions. I've used that very successfully when needed to restrict users to sftp activity within a specific filesystem branch.
Both of these may be helpful. It's also possible that neither are helpful, or that you're already using both techniques.
|