On Fri, Apr 17, 2009 at 09:49:19PM +0200, Mike Hommey wrote: > On Fri, Apr 17, 2009 at 08:24:35PM +0400, Dmitry Potapov wrote: > > On Thu, Apr 16, 2009 at 11:10:56PM +0200, Mike Hommey wrote: > > > When using a forced-command, OpenSSH sets the SSH_ORIGINAL_COMMAND > > > variable to what would otherwise be passed to $SHELL -c. When this > > > variable is set, we use it instead of the contents of argv. > >_ > > It would be nice to provide some justification where it can be used. > > IOW, why do you want to have the force command where essentially > > you execute the original command as it were no force-command? >_ > You're not executing any command, but only what git-shell allows. > This allows git-shell to be set as a forced-command for a specific > ssh key, for example. Would it better to set git-shell as the login shell for this account? IMHO, that provides better security than using a forced-command, and that is how git-shell is intended to use. So, I am not sure what are benefits of using a forced-command when it just executes the original command using git-shell. Besides, you made SSH_ORIGINAL_COMMAND to take precedent over explicitly specified parameters given to git-shell. Maybe it should be the other way around? Dmitry -- To unsubscribe from this list: send the line "unsubscribe git" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html