On Sat, 31 Oct 2009, happymaster23 wrote:

as I have read manual, if I use in file authorized_keys option command="" with some command, no other commands will be permitted. I have tried it, created authorized_keys2 for root and added there command="rdiff-backup --server" and after that tried to login. Thit command was executed, but I was normally able to supply other comand as root. Can you tell me why?

One assumes: man sshd in the section on the topic at: AUTHORIZED_KEYS FILE FORMAT. I suspect you either are not running CentOS' provided sshd; have not JUST an options line present, but both the options line you mentioned AND another more liberal rule; OR have a defective form of the 'option' for the "command=""" 'option' field

'authorized_keys2' has not been in the sshd man page for some time [checking with Google, I find: "The authorized_keys2 file has been deprecated since the OpenSSH 3.0 release (2001) ... " .]

http://marc.info/?l=openssh-unix-dev&m=100508718416162&w=2

which is stronger to the effect of obsolete. If a option is not supporteed for eight years, one has to assume that the upstream is not interested in testing that behaviours remain as people who do not do a migration as they are told to expected.

-- Russ herrold