With ssh keys (add user's public key to her home folder)

1. Add to end of /etc/ssh/sshd_config:

#Subsystem sftp /usr/lib/openssh/sftp-server
Subsystem sftp internal-sftp -f AUTH -l VERBOSE

Match group sftp
  ForceCommand internal-sftp
  ChrootDirectory %h
  X11Forwarding no
  AllowTcpForwarding no

2. Create group:

groupadd sftp

3. Create user and add it to the group:

useradd -d <home holder>  -m <username> -g sftp -s /bin/false

4. Home folder for the new sftp user has to be given to root owner and have correct permissions:

chown root:sftp <home folder>

chmod 755 <home folder>

5.

service ssh restart

NOTE: if you need read/write access in /var/www folder, users need to be in www-data group.

usermod -aG www-data <username>