It seems to be possible, there’s a db property to disable the sftp subsystem.
config setprop sshd SubsystemSftp no
Create a custom template:
mkdir -p /etc/e-smith/templates-custom/etc/ssh/sshd_config/
Create /etc/e-smith/templates-custom/etc/ssh/sshd_config/80Custom with following content:
# Custom settings
SyslogFacility AUTHPRIV
GSSAPIAuthentication yes
GSSAPICleanupCredentials yes
AcceptEnv LANG LC_CTYPE LC_NUMERIC LC_TIME LC_COLLATE LC_MONETARY LC_MESSAGES
AcceptEnv LC_PAPER LC_NAME LC_ADDRESS LC_TELEPHONE LC_MEASUREMENT
AcceptEnv LC_IDENTIFICATION LC_ALL LANGUAGE
AcceptEnv XMODIFIERS
ChrootDirectory /home
Subsystem sftp internal-sftp
Expand the template and restart sshd:
expand-template /etc/ssh/sshd_config
systemctl restart sshd
I could login via sftp and got chrooted to /home. Are you sure you need the SyslogFacility, GSSAPI and AcceptEnv settings?