Debian SSH authorized_keys 被忽略

我使用 authorized_keys 来限制用户可用的命令。~/.ssh 和文件的所有者是 root，并设置为

chmod 700 ~/.ssh
chmod 600 ~/.ssh/authorized_keys

一切运行良好，直到我发现，在某个时候，用户现在可以再次使用所有命令。文件 authorized_keys 确实包含：

command="mysql -u arg1 -p arg2",no-X11-forwarding,no-agent-forwarding,no-pty ssh-rsa public_key

我不知道我做错了什么，我也尝试了调试模式并检查了日志。但他只是允许所有命令。

用户登录应该仅使用密码，因此没有密钥系统。

调试日志：

Connection from XX.XX.XX.XXX port 26048
debug1: Client protocol version 2.0; client software version PuTTY_Release_0.63
debug1: no match: PuTTY_Release_0.63
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_6.0p1 Debian-4+deb7u2
debug1: permanently_set_uid: 103/65534 [preauth]
debug1: list_hostkey_types: ssh-rsa,ssh-dss [preauth]
debug1: SSH2_MSG_KEXINIT sent [preauth]
debug1: SSH2_MSG_KEXINIT received [preauth]
debug1: kex: client->server aes256-ctr hmac-sha2-256 none [preauth]
debug1: kex: server->client aes256-ctr hmac-sha2-256 none [preauth]
debug1: SSH2_MSG_KEX_DH_GEX_REQUEST_OLD received [preauth]
debug1: SSH2_MSG_KEX_DH_GEX_GROUP sent [preauth]
debug1: expecting SSH2_MSG_KEX_DH_GEX_INIT [preauth]
debug1: SSH2_MSG_KEX_DH_GEX_REPLY sent [preauth]
debug1: SSH2_MSG_NEWKEYS sent [preauth]
debug1: expecting SSH2_MSG_NEWKEYS [preauth]
debug1: SSH2_MSG_NEWKEYS received [preauth]
debug1: KEX done [preauth]
debug1: userauth-request for user restricteduser service ssh-connection method none [preauth]
debug1: attempt 0 failures 0 [preauth]
debug1: PAM: initializing for "restricteduser"
debug1: PAM: setting PAM_RHOST to "XXX.XXXX.XXXXXXXX.XX"
debug1: PAM: setting PAM_TTY to "ssh"
debug1: userauth-request for user restricteduser service ssh-connection method password [preauth]
debug1: attempt 1 failures 0 [preauth]
debug1: PAM: password authentication accepted for restricteduser
debug1: do_pam_account: called
Accepted password for restricteduser from XX.XX.XX.XXX port 26048 ssh2
debug1: monitor_read_log: child log fd closed
debug1: monitor_child_preauth: restricteduser has been authenticated by privileged process
debug1: PAM: establishing credentials
User child is on pid 24137
debug1: SELinux support disabled
debug1: PAM: establishing credentials
debug1: permanently_set_uid: 2001/2001
debug1: Entering interactive session for SSH2.
debug1: server_init_dispatch_20
debug1: server_input_channel_open: ctype session rchan 256 win 16384 max 16384
debug1: input_session_request
debug1: channel 0: new [server-session]
debug1: session_new: session 0
debug1: session_open: channel 0
debug1: session_open: session 0: link with channel 0
debug1: server_input_channel_open: confirm session
debug1: server_input_channel_req: channel 0 request pty-req reply 1
debug1: session_by_channel: session 0 channel 0
debug1: session_input_channel_req: session 0 req pty-req
debug1: Allocating pty.
debug1: session_new: session 0
debug1: SELinux support disabled
debug1: session_pty_req: session 0 alloc /dev/pts/11
debug1: server_input_channel_req: channel 0 request shell reply 1
debug1: session_by_channel: session 0 channel 0
debug1: session_input_channel_req: session 0 req shell
debug1: Setting controlling tty using TIOCSCTTY.
debug1: server_input_channel_req: channel 0 request [email protected] reply 1
debug1: session_by_channel: session 0 channel 0
debug1: session_input_channel_req: session 0 req [email protected]

问候 ProcTrap