diff --git a/docs/usage.rst b/docs/usage.rst
index 73a60dc8e..e3a9ed7ba 100644
--- a/docs/usage.rst
+++ b/docs/usage.rst
@@ -419,9 +419,10 @@ Examples
 ::
 
     # Allow an SSH keypair to only run borg, and only have access to /mnt/backup.
+    # Use key options to disable unneeded and potentially dangerous SSH functionality.
     # This will help to secure an automated remote backup system.
     $ cat ~/.ssh/authorized_keys
-    command="borg serve --restrict-to-path /mnt/backup" ssh-rsa AAAAB3[...]
+    command="borg serve --restrict-to-path /mnt/backup",no-pty,no-agent-forwarding,no-port-forwarding,no-X11-forwarding,no-user-rc ssh-rsa AAAAB3[...]
 
 
 .. include:: usage/upgrade.rst.inc