Restrict SSH to Specified Commands

Here are some articles showing the trick to allow a user to scp, but not regular ssh:

If you add from="hostname1.com,hostname2.com" to the key in authorized_keys, you may sometimes see error message like this:

Authentication tried for username with correct key but not from a permitted host (host=1.2.3.4, ip=1.2.3.4)

This is because the ssh would do a reverse DNS lookup during login, and your local ISP's name server is not very reliable.

There is a simple way to get around this. Just edit your /etc/hosts file, and put your remote host's IP in there.