[CentOS] centos] authorized_keys command=""

Sat Oct 31 21:11:08 UTC 2009
R P Herrold <herrold at centos.org>

On Sat, 31 Oct 2009, happymaster23 wrote:

> as I have read manual, if I use in file authorized_keys option
> command="" with some command, no other commands will be permitted. I
> have tried it, created authorized_keys2 for root and added there
> command="rdiff-backup --server" and after that tried to login. Thit
> command was executed, but I was normally able to supply other comand
> as root. Can you tell me why?

One assumes:  man sshd in the section on the topic at: 
AUTHORIZED_KEYS FILE FORMAT.  I suspect you either are not 
running CentOS' provided sshd; have not JUST an options line 
present, but both the options line you mentioned AND another 
more liberal rule; OR have a defective form of the 'option' 
for the "command=\"\"" 'option' field

'authorized_keys2' has not been in the sshd man page for some 
time [checking with Google, I find: "The authorized_keys2 file 
has been deprecated since the OpenSSH 3.0 release (2001) ... " .]

http://marc.info/?l=openssh-unix-dev&m=100508718416162&w=2

which is stronger to the effect of obsolete.  If a option is 
not supporteed for eight years, one has to assume that the 
upstream is not interested in testing that behaviours remain 
as people who do not do a migration as they are told to 
expected.

-- Russ herrold