> This prohibits SSH logins via password, but does not strictly enforce > what commands are allowed to be run (and all options allowed) by a > specific which is what I was looking for. I found this article series from 2002 (!) quite good. http://www.hackinglinuxexposed.com/articles/20021211.html The last in the series http://www.hackinglinuxexposed.com/articles/20030115.html introduces a method (via perl script) to control which commands can be run via ssh.