I just tested the SSH login of an account that should not have ssh access outside the /home/ directory.
However, it appears it does.
I cannot access the other Virtual Server directory but I can access everything including /etc/webmin/ and so on.

I … feel this is largely insecure
While I cannot view the contents of said files. I certainly don’t want to allow access to other directories.
What do I need to do to restrict this?

That’s unfortunately not possible (or at least, simple) to setup:

https://www.virtualmin.com/node/12308

What your users are seeing is allowed by the typical UNIX/Linux permissions. You can always change the permissions on files/dirs you don’t want them to be able to see.

Barring that, you might just need to prevent SSH access altogether for some users.

-Eric

Troublesome, but not impossible.

Would be nice if the feature is inherently set by default to jail you to your /home/ directory…

Doesn’t look so hard to do…

http://www.cyberciti.biz/tips/rhel-centos-linux-install-configure-rssh-shell.html

/me configures.

EDIT:
This will at least allow SCP / SFTP without SSH access (I wonder if I can include jailed SSH access?) either way.

Win for me…

Actually… I would highly recommend the above.
Gives users on your server access to SCP / SFTP without having to setup SSL for FTP.

But does not allow SSH login!
Tested and works beautifully!