diff --git a/src/anemoi/utils/remote/ssh.py b/src/anemoi/utils/remote/ssh.py
index 9ba49ef..99c407c 100644
--- a/src/anemoi/utils/remote/ssh.py
+++ b/src/anemoi/utils/remote/ssh.py
@@ -44,6 +44,9 @@ def _parse_target(self, target):
             hostnames = hostname.split("+")
             hostname = hostnames[random.randint(0, len(hostnames) - 1)]
 
+        if ".." in path.split("/"):
+            raise Exception("Path contains suspicious '..' : {target}")
+
         return hostname, path
 
     def get_temporary_target(self, target, pattern):
diff --git a/tests/test_remote.py b/tests/test_remote.py
index 7e5bab8..3fd6b98 100644
--- a/tests/test_remote.py
+++ b/tests/test_remote.py
@@ -151,7 +151,7 @@ def test_transfer_local_to_s3_to_local(path):
 
 
 @pytest.mark.skipif(IN_CI, reason="Test requires ssh access to localhost")
-@pytest.mark.parametrize("path", ["directory", "directory/", "file"])
+@pytest.mark.parametrize("path", ["directory", "file"])
 @pytest.mark.parametrize("temporary_target", [True, False])
 def test_transfer_local_to_ssh(path, temporary_target):
     local = LOCAL_TEST_DATA + "/" + path