On Sat, 31 Oct 2009, happymaster23 wrote:
> as I have read manual, if I use in file authorized_keys option
> command="" with some command, no other commands will be
permitted. I
> have tried it, created authorized_keys2 for root and added there
> command="rdiff-backup --server" and after that tried to login.
Thit
> command was executed, but I was normally able to supply other comand
> as root. Can you tell me why?
One assumes: man sshd in the section on the topic at:
AUTHORIZED_KEYS FILE FORMAT. I suspect you either are not
running CentOS' provided sshd; have not JUST an options line
present, but both the options line you mentioned AND another
more liberal rule; OR have a defective form of the 'option'
for the "command=\"\"" 'option' field
'authorized_keys2' has not been in the sshd man page for some
time [checking with Google, I find: "The authorized_keys2 file
has been deprecated since the OpenSSH 3.0 release (2001) ... " .]
http://marc.info/?l=openssh-unix-dev&m=100508718416162&w=2
which is stronger to the effect of obsolete. If a option is
not supporteed for eight years, one has to assume that the
upstream is not interested in testing that behaviours remain
as people who do not do a migration as they are told to
expected.
-- Russ herrold