co třeba tohle? :-)
$ man authorized_keys
AUTHORIZED_KEYS FILE FORMAT
command="command"
Specifies that the command is executed whenever this key is used for authentication. The command supplied by the user (if any) is ignored. The command is
run on a pty if the client requests a pty; otherwise it is run without a tty. If an 8-bit clean channel is required, one must not request a pty or should
specify no-pty. A quote may be included in the command by quoting it with a backslash. This option might be useful to restrict certain public keys to per‐
form just a specific operation. An example might be a key that permits remote backups but nothing else. Note that the client may specify TCP and/or X11
forwarding unless they are explicitly prohibited. The command originally supplied by the client is available in the SSH_ORIGINAL_COMMAND environment vari‐
able. Note that this option applies to shell, command or subsystem execution.