There may be times when you want to restrict what commands a user can issue when they attempt to login over an SSH connection. Instead of executing the users shell, you can instead execute a custom script that limits the user to a specific set of commands. This is known as ForceCommand .
There are two ways one can choose to use this. Today, I’ll describe a scenario where you don’t have permissions to modify the SSH server config ( /etc/ssh/sshd_config ) but still want to enforce specific commands for certain users (identified by their SSH key).
First, create a script somewhere that you have write permissions. We’ll reference this later in our config. Here’s a quick example to get you started that only allows you to get a process list ( ps -ef ) and print system statistics ( vmstat ).