Allow user to set up an SSH tunnel, but nothing else

Question

I\'d like to allow a user to set up an SSH tunnel to a particular machine on a particular port (say, 5000), but I want to restrict this user as much as possible. (Authentica

Answer 1

If you want to do allow access only for a specific command -- like svn -- you can also specify that command in the authorized keys file:

command="svnserve -t",no-port-forwarding,no-pty,no-agent-forwarding,no-X11-forwarding [KEY TYPE] [KEY] [KEY COMMENT]

From http://svn.apache.org/repos/asf/subversion/trunk/notes/ssh-tricks