Sure. You can compare ~/.ssh/webpage_ed25519_key.pub and ~/.ssh/webpage_ed25519_key.pub.bak
All that sed script does is prepend
command="internal-sftp" to the public key, while keeping a backup copy. The -i.bak renames the original by appending .bak to the name. The pattern ^ is an anchor to the beginning of the line. s/// is, of course, the substitute command. I figured it was less complicated than saying to find any method you like to prepend
command="internal-sftp" to the public key.
So if the public key was like this before:
Code:
ssh-ed25519 AAAAC3NzaC1lZDI1N ... oDZmcveerQq53dm/o9j pedroski's sftp login
Then it will be like this afterwards:
Code:
command="internal-sftp" ssh-ed25519 AAAAC3NzaC1lZDI1N ... oDZmcveerQq53dm/o9j pedroski's sftp login
And what that does is make that key usable only for SFTP as a first step in locking it down. If the authorized_keys file on the remote server is accessible then it can be replaced. But if nothing else, it adds an extra step for anyone who has succeeded in stealing the key.
See the manual page for
sed and
http://www.grymoire.com/Unix/Sed.html