ssh access

For shell accounts it would depend on how draconian you want to be with it and what you are attempting to accomplish.  On the less complex end, setting proper file/directory permissions will restrict what the user can do and see, but it may not accomplish everything you're looking for.  Alternatively, you can create a "chroot jail" (change root) that the OS will change the root directory for that user such that their home directory becomes / and they can't go anywhere else.  The problem with doing it this way is that you now have to provide a copy of everything they need to function.  They will have to have certain /dev/ devices created, libraries et. al. A word of caution, setting up the chroot jail for a full shell account can be a real pain unless you know all the pieces parts you have to provide to let them accomplish their goal.

Here is an article on the starting point for a chroot jail for SSH

>chroot jail

sounds like the way to go because the only reason why I need them to login to the server through SSH is because the user is going to be uploading files to the user's own website and nothing else.. we do not offer FTP so just (ssh login) through WinSCP I think is good.. so what setup do you recommend?

If you simply want to allow SFTP for file uploads, that article I linked in above also describes how to set that up.  It will only allow SFTP access to those users added to the SFTP group (or whatever you decide to name the group).

yeah, I read it but im a bit confused as to what exactly I should do for my case.