diff --git a/README.md b/README.md
index 990de21..9396faf 100644
--- a/README.md
+++ b/README.md
@@ -1 +1,12 @@
-# rsnapshothelper
\ No newline at end of file
+# rsnapshothelper
+combination of:
+- https://serverfault.com/questions/749474/ssh-authorized-keys-command-option-multiple-commands
+- https://www.virtono.com/community/tutorial-how-to/restrict-executable-ssh-commands-with-authorized-keys/
+
+add your public key on target server like: command="/root/rsnapshothelper.sh" ...........
+
+Can be used for more than just rsnapshot.
+
+Could be improved by reading a ini, yaml, use regex, etc. Feel free!
+
+Have fun
\ No newline at end of file
diff --git a/rsnapshothelper.sh b/rsnapshothelper.sh
new file mode 100644
index 0000000..c5e85c3
--- /dev/null
+++ b/rsnapshothelper.sh
@@ -0,0 +1,24 @@
+#!/bin/sh
+if  [ -n "$SSH_ORIGINAL_COMMAND"  ]
+then
+        #echo  "$(/bin/date): $SSH_ORIGINAL_COMMAND" >> $HOME/rsnapshothelper.log
+        case "$SSH_ORIGINAL_COMMAND" in
+                "rsync --server --sender -vlogDtprRe.iLsfxC --numeric-ids . /opt")
+                echo  "$(/bin/date): OK: $SSH_ORIGINAL_COMMAND" >> $HOME/rsnapshothelper.log
+                exec $SSH_ORIGINAL_COMMAND
+                ;;
+        "rsync --server --sender -vlogDtprRe.iLsfxC --numeric-ids . /etc")
+                echo  "$(/bin/date): OK: $SSH_ORIGINAL_COMMAND" >> $HOME/rsnapshothelper.log
+                exec $SSH_ORIGINAL_COMMAND
+                ;;
+        "mysqldump --all-databases")
+                echo  "$(/bin/date): OK: $SSH_ORIGINAL_COMMAND" >> $HOME/rsnapshothelper.log
+                exec $SSH_ORIGINAL_COMMAND
+                ;;
+        *)
+                echo  "$(/bin/date): VIOLATION: $SSH_ORIGINAL_COMMAND" >> $HOME/rsnapshothelper.log
+                echo "Access denied"
+                exit 1
+                ;;
+        esac
+fi
\ No newline at end of file