The problem is caused by the function test_nosuid(char * path, dev_t fs). The function is part of patch "openssh-6.6p1-sftp_homechroot.patch". The function is unable to find the bind mount entries in output of /bin/mount, because only the "/" mount is processed. Finding bind mounts is not so easy, because "stat" returns the same filesystem number (st.st_dev) for the bind mount compared with the bind mount origin (see source code of the patch). Mount options like nodev, noexec and nosuid are evaluated in bind mounts. From this perspective openSSH should not block access to directories configured like in this bug description.