diff --git a/roles/borg_server/tasks/main.yml b/roles/borg_server/tasks/main.yml
index 739e77c82bd002478a274d5f04880c9cc3a26c64..40d6bc71c7a896eb4787650ee2af371f688e2d8d 100644
--- a/roles/borg_server/tasks/main.yml
+++ b/roles/borg_server/tasks/main.yml
@@ -37,5 +37,5 @@
     user: borg
     key: "{{ item.stdout }}"
     manage_dir: true
-    key_options: "command=\"/usr/bin/borg serve --restrict-to-path {{ backup_dir }}/{{ item['item'] }}\",no-pty,no-agent-forwarding,no-port-forwarding,no-X11-forwarding,no-user-rc"
+    key_options: "command=\"borg serve --restrict-to-path {{ backup_dir }}/{{ item['item'] }}\",restrict"
   with_items: "{{ ssh_keys.results }}"
diff --git a/roles/hetzner_storagebox/templates/authorized_keys.j2 b/roles/hetzner_storagebox/templates/authorized_keys.j2
index d742cd4cf283cdd75b398b9d4571bdeafd957bee..038383da6dee33b0b8af7a46e03c35ff3a030a9d 100644
--- a/roles/hetzner_storagebox/templates/authorized_keys.j2
+++ b/roles/hetzner_storagebox/templates/authorized_keys.j2
@@ -13,5 +13,5 @@
 
 # Client machines keys
 {% for client_key in client_ssh_keys.results %}
-command="/usr/bin/borg serve --restrict-to-path {{ backup_dir }}/{{ client_key['item'] }}",no-pty,no-agent-forwarding,no-port-forwarding,no-X11-forwarding,no-user-rc {{ client_key['stdout'] }}
+command="borg serve --restrict-to-path {{ backup_dir }}/{{ client_key['item'] }}",restrict {{ client_key['stdout'] }}
 {% endfor %}
diff --git a/roles/rsync_net/templates/authorized_keys.j2 b/roles/rsync_net/templates/authorized_keys.j2
index d742cd4cf283cdd75b398b9d4571bdeafd957bee..038383da6dee33b0b8af7a46e03c35ff3a030a9d 100644
--- a/roles/rsync_net/templates/authorized_keys.j2
+++ b/roles/rsync_net/templates/authorized_keys.j2
@@ -13,5 +13,5 @@
 
 # Client machines keys
 {% for client_key in client_ssh_keys.results %}
-command="/usr/bin/borg serve --restrict-to-path {{ backup_dir }}/{{ client_key['item'] }}",no-pty,no-agent-forwarding,no-port-forwarding,no-X11-forwarding,no-user-rc {{ client_key['stdout'] }}
+command="borg serve --restrict-to-path {{ backup_dir }}/{{ client_key['item'] }}",restrict {{ client_key['stdout'] }}
 {% endfor %}