add sshd's `restrict` option to all key authorizations (redundant as port forwarding etc is already disabled in `sshd_config`)

CHANGELOG.md

@@ -10,6 +10,8 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
   `SSH_CLIENT_PUBLIC_KEYS_[NAME]`, and `SSH_CLIENT_PUBLIC_KEYS_APPEND_ONLY_[NAME]`.
   keeping functionality of `BORG_REPO`, `SSH_CLIENT_PUBLIC_KEYS`,
   and `SSH_CLIENT_PUBLIC_KEYS_APPEND_ONLY` for downward compatibility.
+- add sshd's `restrict` option to all key authorizations
+  (redundant as port forwarding etc is already disabled in `sshd_config`)
 
 ## [0.1.1] - 2021-06-20
 ### Fixed

entrypoint.sh

@@ -13,7 +13,7 @@ unset SSHD_HOST_KEYS_DIR
 
 authorize_key() {
     if echo -E "$2" | grep -q '^[a-z]'; then
-        echo "command=\"/usr/bin/borg serve --restrict-to-repository '$1'$3\" $2" >> ~/.ssh/authorized_keys
+        echo "command=\"/usr/bin/borg serve --restrict-to-repository '$1'$3\",restrict $2" >> ~/.ssh/authorized_keys
     fi
 }
 printenv SSH_CLIENT_PUBLIC_KEYS | while IFS=$'\n' read -r key; do