How to automatically chroot jail selected ssh user logins -

In this article we will look on how to automatically chroot jail selected user ssh login based on the user group. This technique can be quite useful if you what your user to be provided with a limited system environment and at the same time keep them separate from your main system.
This is a companion discussion topic for the original entry at


Is there a way to have it so each user is jailed into their own environment? example: Each user needs to be jailed into /data/chroot/jail/“User” currently it’s only allowing me to jail all users into /data/chroot/jail/ which still allows each user to see one another’s data etc.


Finally a real good tutorial about chroot. I’ve tried 3 others before without success. Thanks for sharing good knowledge !

Cufflink -> Kundun

Agreed. This tutorial helped me configure the environment first try. Thanks!


Any idea(s) why I get “bash: ls: command not found” errors for all my commands even when all of the necessary libraries exist?


How could i use nano editor in chroot environment created by your how to?

Ryan Salomon

There’s a typo:

At this point all is ready and we can chroot

# chroot /vat/chroot

I think you mean the above line to say:

# chroot /var/chroot

Lubos Rendek -> Ryan Salomon

This will be updated shortly… thanks…

Excellent post on setting up a jailed ssh chroot. I would really line to know how this script works:
for i in ( ldd * | grep -v dynamic | cut -d " " -f 3 | sed ‘s/://’ | sort | uniq )
echo $i
#cp --parents $i $CHROOT

Quesions 1: grep -v dynamic (Where does dynamic come from?)

Question 2: sed ‘s/://’ (I need to research this . Please give me a big hint)


Very good tutorial. For CentOS 7.5 I needed to use some more hints from this other article at serverfault “a-proper-way-to-create-a-chrooted-ssh-on-centos-7”