--- a/runopts.h	Fri Mar 18 23:51:50 2016 +0800
+++ b/runopts.h	Tue Apr 12 21:01:08 2016 +0800
@@ -114,6 +114,8 @@
 	buffer * banner;
 	char * pidfile;
 
+	char * forced_command;
+
 } svr_runopts;
 
 extern svr_runopts svr_opts;

--- a/svr-chansession.c	Fri Mar 18 23:51:50 2016 +0800
+++ b/svr-chansession.c	Tue Apr 12 21:01:08 2016 +0800
@@ -671,8 +671,16 @@
 		}
 	}
 	
-	/* take public key option 'command' into account */
-	svr_pubkey_set_forced_command(chansess);
+
+	/* take global command into account */
+	if (svr_opts.forced_command) {
+		chansess->original_command = chansess->cmd ? : m_strdup("");
+		chansess->cmd = m_strdup(svr_opts.forced_command);
+	} else {
+		/* take public key option 'command' into account */
+		svr_pubkey_set_forced_command(chansess);
+	}
+
 
 #ifdef LOG_COMMANDS
 	if (chansess->cmd) {

--- a/svr-runopts.c	Fri Mar 18 23:51:50 2016 +0800
+++ b/svr-runopts.c	Tue Apr 12 21:01:08 2016 +0800
@@ -79,6 +79,7 @@
 #ifdef ENABLE_SVR_REMOTETCPFWD
 					"-k		Disable remote port forwarding\n"
 					"-a		Allow connections to forwarded ports from any host\n"
+					"-c command	Force executed command\n"
 #endif
 					"-p [address:]port\n"
 					"		Listen on specified tcp port (and optionally address),\n"
@@ -125,6 +126,7 @@
 	/* see printhelp() for options */
 	svr_opts.bannerfile = NULL;
 	svr_opts.banner = NULL;
+	svr_opts.forced_command = NULL;
 	svr_opts.forkbg = 1;
 	svr_opts.norootlogin = 0;
 	svr_opts.noauthpass = 0;
@@ -177,6 +179,9 @@
 				case 'b':
 					next = &svr_opts.bannerfile;
 					break;
+				case 'c':
+					next = &svr_opts.forced_command;
+					break;
 				case 'd':
 				case 'r':
 					next = &keyfile;