While I was looking for a chroot'ed SSH setup on MacOS X, I've came a cross a few postings but most of them were basically "yeah, it's hard, and you have to recompile, bla..." or were dealing with sftp/scp - not what I wanted. I really want users to get an interactive shell, but not snoop around on the real filesystem. Here's a short howto:

$ sudo su -
$ port install jailkit
$ mkdir -p /mnt/chroot/usr/bin /mnt/chroot/usr/lib/system /mnt/chroot/etc \
           /mnt/chroot/home /mnt/chroot/dev/fd /mnt/chroot/home/dummy
$ chown -R root:wheel /mnt/chroot
$ ln /bin/bash /mnt/chroot/bin/bash
$ ln /usr/bin/telnet /mnt/chroot/usr/bin/telnet
$ cp -R /usr/lib/libncurses*dylib /mnt/chroot/usr/lib
$ cp /usr/lib/libSystem.B.dylib /mnt/chroot/usr/lib
$ cp /usr/lib/system/libmathCommon.A.dylib /mnt/chroot/usr/lib/system

Note: there's no ldd in MacOS X, but we can use otool to list dynamic (library) dependencies:

$ otool -L /bin/bash 
/bin/bash:
        /usr/lib/libncurses.5.4.dylib (compatibility version 5.4.0)
        /usr/lib/libSystem.B.dylib (compatibility version 1.0.0)

Be aware that these dependencies may have dependencies on its own, you can do something like this to grab all of them - although it's not entirely recursive.

We're not quite ready yet:

create a user ("dummy") via NetInfo Manager.app, set a password.
set her home to /mnt/chroot/./home/dummy
set her shell to /opt/local/sbin/jk_chrootsh
create an /etc/passwd inside the jail

$ id -u dummy
505
$ echo "dummy:x:505:505::/home/dummy:/bin/bash" > /mnt/chroot/etc/passwd
$ chown -R dummy:dummy /mnt/chroot/home/dummy

And for the sake of completenes, we're even creating a few devicefiles:

$ cp -R /dev/fd/[012] /mnt/chroot/dev/fd
$ cp -R /dev/std* /dev/null /dev/zero /dev/tty /dev/*random /mnt/chroot/dev

Now everything should be in its place. jk_chrootsh is *very* picky about ownership/permissions (rightfully so!) and when something goes wrong, it logs to auth.log, e.g.:

  abort, home directory /dummy differs from jail home directory 
   /mnt/chroot/./dummy for user dummy (505),
   check /etc/passwd and /mnt/chroot/etc/passwd

  ERROR: failed to execute shell /bin/bash for user dummy (505), 
  check the permissions and libraries of /mnt/chroot//bin/bash

NB: Tiger's OpenSSH_5.1p1 comes with an option called ChrootDirectory for quite a while now. And after struggling with the procedure above (sigh...), this option looks quite comfortable:

Match user dummy
    ChrootDirectory /mnt/chroot

This worked for me after two small fixes:

$ chown root:wheel /
$ chmod 0755 /

Btw, for a few weeks now SunSSH does support this option too in OpenSolaris. Nice :)