using OpenSSH/SFTP to replace an FTP server securely

Ángel González keisial at
Tue May 20 05:05:49 EST 2014

On 19/05/14 03:31, IMAP List Administration wrote:
> Hello Folks,
> (...)
> if I chroot all users to the same top directory, for example "/home",
> which would solve the problem of avoiding hundreds of syslog logging sockets, I
> have found no method of having OpenSSH chdir into a user-specific subdirectory
> (I would be willing to rely on the standard UNIX security model to restrict
> users' access to their own directories).
> Have I missed something, or is what I'm trying to achieve simply not possible
> using OpenSSH?

Suppose the user home is /home/foo, then if that path exists inside your 
(eg. /chrooted-users/home/foo) then the user will be landed inside that 
(writable for him).

If you want something different, like chrooting them at 
/chrooted-users/foo, you
can use -d parameter in the ForceCommand, ie.
  ForceCommand internal-sftp -d /%u


More information about the openssh-unix-dev mailing list