I need to run backups from multiple servers to a single account on another server. If one of the public servers is compromised, I don't want the other server's files on the backup account compromised.
What I need to do is only allow SCP to a specific directory, based on the ssh key of the incoming connections.
I know that I can set the shell, and several options on a per key basis in the authorized_keys file. http://www.manpagez.com/man/8/sshd/ (Scroll down to "AuthorizedKeysFile")
What I don't know how to set the internal-sftp command to only use a certain directory. I don't have root on the the machine, so I can't do the normal internal-sftp + chroot.
It doesn't work that way.
What you need to do is set up a mini chroot jail for each backup host. It just needs to be able to run sh and scp (/dev only needs /dev/null entry).
Use jailsh as the login shell for each account.
Jailsh is a suid-root login shell that sets chroot jail to the directory marked by two consecutive slashes, drops root privs, and execs /bin/sh.