PermitRootLogin shall be disabled (aka 'no') or at least reasonably restricted ('without-password', 'forced-commands-only'). Possible options: ChrootDirectory jails the user into a separate environment ForceCommand might help (especially with internal-sftp) to further limit possibilities of a remote use. rssh might be used as a shell to achieve similar behaviour.