1 PermitRootLogin shall be disabled (aka 'no') or at least reasonably restricted
2 ('without-password', 'forced-commands-only').
5 ChrootDirectory jails the user into a separate environment
7 ForceCommand might help (especially with internal-sftp) to further limit possibilities of
8 a remote use. rssh might be used as a shell to achieve similar behaviour.