On 09/23/2013 01:50 PM, Les Mikesell wrote: > Is there something that convinces you that sudo is better at handling > the command restriction than sshd would be? In the context of a production server, the idea is to remove any ability from another host (EG: backup server) to run local arbitrary code or change local files. (read-only) There is one (small) benefit to not using SSHD options: Even if the account is somehow accessed locally, (eg via password prompt) it still cannot be used for anything but a read-only rsync command. And by using a (read only) script to replace the normal shell and sudo, I'm able to not only limit the command being run (in this case rsync) but also limit all options passed to it. You can disable the password on the backup account to achieve a similar effect using an SSHD option. If there's a better/simpler way to do this via SSHD option I'd love to hear about it! Thanks, -Ben