It covers two parts:
1. Setting up the user on server side with ssh forced command option for allowing only single command to be executed when user connects.
2. Then, using the bash vulnerability to bypass "force command" and executing arbitrary commands.
This happens because "ssh" daemon sets our passed command to $SSH_ORIGINAL_COMMAND environment and it gets executed.
