diff --git a/doc/bugs/git-annex-shell_fails_to_run_true/comment_1_7573eb95bdecc3ecc9b31599bd309d3d._comment b/doc/bugs/git-annex-shell_fails_to_run_true/comment_1_7573eb95bdecc3ecc9b31599bd309d3d._comment
new file mode 100644
index 0000000000..431e869990
--- /dev/null
+++ b/doc/bugs/git-annex-shell_fails_to_run_true/comment_1_7573eb95bdecc3ecc9b31599bd309d3d._comment
@@ -0,0 +1,31 @@
+[[!comment format=mdwn
+ username="joey"
+ subject="""comment 1"""
+ date="2021-08-24T16:28:40Z"
+ content="""
+git-annex-shell is not supposed to run true. That would be a security hole
+if it did.
+
+However, what's actually being done here is that git-annex is probing
+to see if it can ssh without a password prompt. It needs to run some
+command in the probe, without doing anything, so it uses true.
+This code was written with the knowledge that a restricted shell might not
+allow true to be run. It doesn't care if ssh exits 1 in such a situation.
+The only exit status it cares about is 255, which is what ssh uses if it
+was unable to ssh to the host due to needing a password.
+
+So, your smoking gun is actually a red herring.
+
+Your actual failure may be here:
+
+	["--git-dir=.git","--work-tree=.","--literal-pathspecs","fetch","offsite-git"]
+	git-annex-shell: git-shell failed
+	rsync: connection unexpectedly closed (0 bytes received so far) [Receiver]
+	rsync error: error in rsync protocol data stream (code 12) at io.c(228) [Receiver=3.2.3]
+	gcrypt: Repository not found: rsync://anarcat@remote-annex:/home/anarcat/offsite/Videos.git/
+	gcrypt: ..but repository ID is set. Aborting.
+
+That looks like something is set up incorrectly, but I don't really know what.
+It seems to prevent `git fetch` from working though, so currently it does not look
+like a git-annex problem.
+"""]]