Chrooted user logged out immediately after login

I am trying to use chroot to setup a user who can login via ssh and limit access to the /var/www directory. The server is on AWS running Amazon Linux 64-bit, openssh installed. I used ssh-keygen to generate the keys.

Before I edit the sshd_config file, I am able to login with the username and private key, user starts in the /home/my-username directory, so the key is valid.

I modified the sshd_config file as follows:

Subsystem sftp internal-sftp

Match User my-username
ChrootDirectory /var/www
ForceCommand internal-sftp
AllowTcpForwarding no
PermitTunnel no
X11Forwarding no

Then I restarted sshd.

The ChrootDirectory /var/www is owned by root:root with no groups having write privileges up to that point in the tree – default Apache install.

When I login with my-username and the key, the session immediately disconnects. I checked /var/log/secure and find this entry:

Nov  3 19:53:51 ip-xxx.xxx.xxx.xxx sshd[2945]: Accepted publickey for my-username from xxx.xxx.xxx.xxx port 61821 ssh2
Nov  3 19:53:51 ip-xxx.xxx.xxx.xxx sshd[2945]: pam_unix(sshd:session): session opened for user my-username by (uid=0)
Nov  3 19:53:51 ip-xxx.xxx.xxx.xxx sshd[2945]: pam_unix(sshd:session): session closed for user my-username

I have read numerous threads in many forums and see different solutions – some of which I’ve tried with no success. I’d like to keep this as simple as possible. The goal is to create a user account for a developer who only needs to upload files to the webserver using WinSCP, in the default case to /var/www/html.

I found this thread – User gets instantly disconnected after connection sucessful on a chrooted SSH - but not sure it relates directly to my issue.

I’m thinking this may have something to do with my PAM configuration. Again, this is pretty much a default install.

Thank you in advance for any direction you can provide.