Below are the patches I've maintained for Open-SSH for the last many years. Feel free to use them, just please provide me with feedback, or improvements, and so on.
I can be contacted using the address jason with this domain name.
Since late 2000, I've maintained (albeit not actively) a restricted sftp-only shell called sftpsh. It isn't complex; just a simple straight-forward restriction of user execution to the sftp-server binary. If all you need is simple, give it a try. Combined with chroot'd SSH, it makes a nice additional layer of security. But I also highly recommend you research other more capable products such as rssh, chressh, or others.
I've maintained this patch for the last four years. Below are all the versions I have readily available. Use anything but the newest at your own risk. Anything that does not have both unified (.udiff) and context (.cdiff) diffs, your mileage may vary. This code has been used successfully without issue at numerous production sites, and seems OK. I've been trying off and on to get the code included in Open-SSH distribution, with little luck. If you would like to see this sort of functionality in default Open-SSH, please let the authors know.
patch < /path/to/patchfile
Van Dyke Publickey Server Logging As a user of SecureCRT from Van Dyke Software, I've been using the publickey-server code they've released for Open-SSH since it has been available. In that time, I've maintained a patch to add logging of their publickey subsystem, in much the same way I've maintained the above SFTP Logging patch. Please note, the patches for 4.0 are against a version of their publickey-server code that is not yet made public. I've submitted for their consideration the changes necessary to get publickey-server to compile with 3.9 and 4.0, but they have yet to release said changes to the public. Please contact Van Dyke support should you need a more recent release.