See the sshd_config(8) man page, and read the section on ChrootDirectory and the section on Subsystem.
See the sftp-server(8) man page.
---
I have never used ChrootDirectory except with sftp-server. My shell users are granted full shell access.
Here's an example that was once in use on one of my systems:
Code:
Subsystem sftp /usr/libexec/sftp-server
Match User carpetsmoker
ChrootDirectory /home/carpetsmoker
AllowTcpForwarding no
ForceCommand internal-sftp