How to Restrict SFTP Users to Home Directories Using chroot Jail

If You Appreciate What We Do Here On TecMint, You Should Consider:

  1. Stay Connected to: Twitter | Facebook | Google Plus
  2. Subscribe to our email updates: Sign Up Now
  3. Get your own self-hosted blog with a Free Domain at ($3.95/month).
  4. Become a Supporter - Make a contribution via PayPal
  5. Support us by purchasing our premium books in PDF format.
  6. Support us by taking our online Linux courses

We are thankful for your never ending support.

Senthil Kumar

A Linux Consultant, living in India. He loves very much to write about Linux, Open Source, Computers and Internet. Apart from that, He'd like to review Internet tools and web services.

Your name can also be listed here. Got a tip? Submit it here to become an TecMint author.

RedHat RHCE and RHCSA Certification Book
Linux Foundation LFCS and LFCE Certification Preparation Guide

You may also like...

4 Responses

  1. Robert Giordano says:

    On my freeBSD server, everything works fine until I try to rsync.

    If I do: sftp [email protected], I get “Connected to ip.address” like in your article above.

    But if I do: rsync -avz [email protected]/ /path/to/local/backup, then I get the following:

    protocol version mismatch — is your shell clean?
    (see the rsync man page for an explanation)
    rsync error: protocol incompatibility (code 2) at /SourceCache/rsync/rsync-42/rsync/compat.c(61) [receiver=2.6.9]

    Any ideas? Thanks

    • Ravi Saive says:


      I think its due to different versions of rsync installed on servers, make sure you have same version of rsync or may be different flavors of Linux distros used here, you need to check..

  2. Lenny says:

    You’re better of creating a SFTP root as /home/sftproot and then putting your SFTP users home directories under /home/sftproot/home.
    Then when that user logs in they’ll automatically get put into their home directory e.g. /home/lenny within the chroot instead of the root directory of the chroot. You can then also restrict permissions so that within the chroot /home directory users can’t see what other user directories exist, chmod 0751
    You can also configure rsyslog to add a socket to /home/sftproot/dev/ so ssh logs all transfers to syslog.

  3. Jalal Hajigholamali says:

    Very nice article…
    Thanks a lot

Got something to say? Join the discussion.

Your email address will not be published. Required fields are marked *