On Sat, 31 Oct 2009, happymaster23 wrote: > as I have read manual, if I use in file authorized_keys option > command="" with some command, no other commands will be permitted. I > have tried it, created authorized_keys2 for root and added there > command="rdiff-backup --server" and after that tried to login. Thit > command was executed, but I was normally able to supply other comand > as root. Can you tell me why? One assumes: man sshd in the section on the topic at: AUTHORIZED_KEYS FILE FORMAT. I suspect you either are not running CentOS' provided sshd; have not JUST an options line present, but both the options line you mentioned AND another more liberal rule; OR have a defective form of the 'option' for the "command=\"\"" 'option' field 'authorized_keys2' has not been in the sshd man page for some time [checking with Google, I find: "The authorized_keys2 file has been deprecated since the OpenSSH 3.0 release (2001) ... " .] http://marc.info/?l=openssh-unix-dev&m=100508718416162&w=2 which is stronger to the effect of obsolete. If a option is not supporteed for eight years, one has to assume that the upstream is not interested in testing that behaviours remain as people who do not do a migration as they are told to expected. -- Russ herrold