sftp是一个很好的使用ssh加密的secure ftp。而要架设一个好的sftp，最重要的是要创建一个安全的chroot环境。scponly就是这样一个很好的在工具。它会生成一个叫 scponlyc的shell,机器上的用户如果使用这个shell就只能运行scp / sftp等命令。它能自动为用户生成一个chroot的环境，而且它对winscp这个open source for Windows的client端支持很好.
1. sudo apt-get install scponly
2. dpkg-reconfigure scponly
3.Now, to create the new user account (let's call him "upload") and the chroot jail (/home/upload) for him:

# cd /usr/share/doc/scponly/setup_chroot
# gzip -d setup_chroot.sh.gz
# sh setup_chroot.sh

4. At the time of writing, the setup_chroot.sh script forgets to create /dev/null inside the jail. To fix it:

# mkdir /home/upload/dev
# cp -a /dev/null /home/upload/dev/

   That should do it!

5. If you are using a 64-bit version of Debian, it should be noted that Debian's current setup_chroot script does not copy the necessary loader library from the lib64 directory, as it only accounts for 32-bit operating systems. Assuming your chroot is /home/upload :

# mkdir /home/upload/lib64
# cp /lib64/ld-linux-x86-64.so.2 /home/upload/lib64/

That should do it!