-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hi Oliver, this is essentially the point of the forced commands. SSH will execute them, no matter what the client actually provides as a command. If you instead want to jsut verify if the command is allowed, you will need a wrapper script as forced command that checks the $SSH_ORIGINAL_COMMAND environment variable and then decides what to do. Again, the forced-commands-only is for forcing a command, not for verifying it. - -nik -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.10 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iQJJBAEBAgAzBQJNOrBaLBpodHRwOi8vd3d3Lm5hdHVyYWxuaWsuZGUvZ3BnLXBv bGljeS50eHQuYXNjAAoJEOl28jJzc23tgVIQAJ6d/wst1WOC8Eq9vohsNFGS1Got mMf/PlzQXYjNnyjorpo3tEspwPCjBh0UvPtzRpseY7vXIYuvwiKWwhylIND5t1K5 MrKTZOuZ+tZNG4hXkPO8VCG0TzWPRoEK5IE5v9mKF8XaKmlahIaWd2VvHWZsKnG+ fYjtAObxUtSj887vfW5wAXql8velPmkXq6GBgiqqt6T8gHxLTTjJ0AH4uPpjpwY0 lQBjuhkqip/JCfFYiDztS0KIGRDQKrZNuHiFGqshL666HZlo9m5ipb2nm26nHgyG flunkAJzEzRZrxxMX00/2drwIjxQlYKDrv/jJDfh9DVzKiqsqM3D//FdYjZmbKjL e9Gi/G45U+XMJIDcT2jAtj4kWEH8yHTkvRwnq/VeeriKgU4xItZ9bjhvCR1u08oX Y+jHwetpWA7F2cmtReD37f9w2jAMmC5dKZqjTLjgAS3xAIhhvfJZvVVtsxKd27pj vds66oEaKSuU8nGc0j2cSt5FWjBfRRxDZy67vIn6QhaBswogIdnTnyT5w0R6ECSb p6vgUirVacsZ916cw5flPs856dYZvpmvMkDY4BNOaGnurdITdfhJVpugW1mqeBiU dpET4E9lGbVmnEdUj/KIvEN4I8bghnqfdo+hyZYAhikOnKv707CzrYfePGYnwa+8 ftpoZh6AyrDi00Dd =3OTV -----END PGP SIGNATURE-----