Give them a restricted shell, e.g. /bin/rbash. Make sure they can't run binaries that would let them run arbitrary commands (such as other shells, editors with shell escapes and so on). You'll need to have a PATH containing only vetted executables.
If you only want the users to be able to copy files over SSH (with rsync, CVS and so on), not run applications, then make their shell rssh.
This is doable but not very practical. You can put them in a chroot jail of their home directory but then you need to have copies of /bin and /usr/bin in their home directories.
I am with spectre256, better to keep them out of where you don't want them.
Give them a restricted shell, e.g.
/bin/rbash. Make sure they can't run binaries that would let them run arbitrary commands (such as other shells, editors with shell escapes and so on). You'll need to have aPATHcontaining only vetted executables.If you only want the users to be able to copy files over SSH (with rsync, CVS and so on), not run applications, then make their shell rssh.
This is doable but not very practical. You can put them in a chroot jail of their home directory but then you need to have copies of /bin and /usr/bin in their home directories.
I am with spectre256, better to keep them out of where you don't want them.