If you follow the "separate sshd" route, you'd have to instruct (e.g.) people at mydomain to "ssh -p 2201", "scp -P 2201" etc. Maybe move integratedwebs to port 2200, for symmetry.
But sshd will still look up people in /etc/passwd, and I can't find an option in sshd_config to override that. You can only have one "tom" user on your machine / in your password file. You may have to chroot each sshd. That might not be so bad; if they ssh in, they can at most see their own virtual site's stuff.
If that sounds heavy-handed, the lightweight alternative would be to include the domain in the user name (check how long they can be on your system). It would look a bit silly for your users, because they'd have to type, e.g.,
Code:
scp new-and-improved/index.html tom_mydomain@mydomain.com:
But hey, whether it's the port or the user name, they can stuff it into their ~/.ssh/config, e.g., like this
Code:
Host mydomain
HostName mydomain.com
# either
Port 2201
# or
User tom_mydomain
And then simply "scp X Y Z mydomain:"