[pedrocr]

In the authorized_keys script, if instead of exec()ing SHELL you use SSH_ORIGINAL_COMMAND you won't break "ssh myhost <command>"

[moomerman]

In the extended example it does actually use the SSH_ORIGINAL_COMMAND, will update the simple version too

[pedrocr]

In the extended example you're falling back to exec(SHELL) if SSH_ORIGINAL_COMMAND doesn't exist. Does sshd not set that to the login shell if no command is specified by the client?

[moomerman]

SSH_ORIGINAL_COMMAND isn't in the ENV at all if no command was passed through

[pedrocr]

Right, that was what I asked in my other post. I assumed sshd would fill in the login shell there if nothing was passed as that is effectively what is being called but it seems not. I see you're doing exec(SHELL) to fix that.