Restrict commands available in an SFTP session

Jeremy Monin jdmossh at
Mon Feb 13 06:48:59 EST 2012


I had a similar need, so I've maintained a patch to do just that, with a
new sshd_config option that can be global or in a Match block.

Could my patch possibly be merged?  I'd be grateful for feedback either way.

Many thanks,
Jeremy Monin
Sysadmin and open-source developer

On Thu, 9 Feb 2012, Peter Stuge wrote:

> Date: Thu, 9 Feb 2012 14:35:53 +0100
> From: Peter Stuge <peter at>
> To: openssh-unix-dev at
> Subject: Re: Restrict commands available in an SFTP session
> Hi Sonja,
> Sonja Meyer wrote:
>> i am using SFTP with CHROOT. I want to allow my users that they can 
>> upload and download with the sftp server, but they should never do an 
>> MKDIR! Is it possible to restrict commands and how can i do this?
> sftp-server has no provisions for this.
>> i only found material of modifing the source...and that is not the
>> best way for me.
> Maybe you can work with filesystem permissions and ACLs.
> //Peter
> _______________________________________________
> openssh-unix-dev mailing list
> openssh-unix-dev at

More information about the openssh-unix-dev mailing list