SSH and SFTP Setup using sshd_config

**I am aware that this is security through obscurity, however this is for training purposes and will not be accessible via the Internet. It will merely be used as an internal tool.** I have looked at the following link: How to disable sftp for some users, but keep ssh enabled? The problem is that it doesn't answer my question which is described below: I am attempting to setup a virtual server which allows one user to log in to the server using sftp, and another user to log in to the server using ssh. The sftp portion works and is done by forcing internal-sftp within the sshd_config file shown further within this question. This part works as it disallows the user from logging into the server using ssh, and only allows them access to the sftp jail which I have created. For the other user which is only meant to be able to access the Chroot jail via ssh, I am unsure of how to disallow access via sftp. The problem is that I have specifically created a chroot jail for that user to prevent commands such as ls and cat, however if the user accesses the server using sftp, they are able to use those commands. The section within the /etc/ssh/sshd_config is as follows: Match User test1 ChrootDirectory /home/jail X11Forwarding no AllowTcpForwarding no # Match Group sftpusers Match User test2 ChrootDirectory /sftp/guestuser ForceCommand internal-sftp AllowUsers test2 I have attempted to add: ForceCommand Subsystem sftp /bin/false or ForceCommand sftp /bin/false or Subsystem sftp /bin/false or to Match User test1 However none of the aformentioned additions work with sshd_config. So my question is: Is there a way to prevent user1 from accessing the server via sftp? If not is there a way to remove certain commands from sftp, such as ls or cat? Any advice would be greatly appreciated.