I set up rssh and its great! But, can you also add the ability to run command x?
Well, no. Or, actually yeah I could, but I don’t want to. There are several reasons for this, and I think they’re good ones. The purpose of rssh is to allow system administrators to allow users access to a server via either scp or sftp, or both. This design is simple and clean, and very easy to keep secure. Aside from the fact that if I added the ability to run all of the x’s in people’s requests, what you’d end up with would essentially be bash, once you start adding additional commands, or the ability to run arbitrary commands, it becomes much harder, which is to say nearly impossible to keep secure. Too many possible variables. Also, rssh has the ability to chroot. This requires that the binary (or at least a helper program) is SUID root. This only compounds the problem; one little mistake would mean a root compromise. So sorry, but no. As far as I’m concerned, it defeats the purpose of having the thing in the first place, and also utterly destroys the simplicity of the code. Maybe
