I configured my authorized_keys as:
from="192.168.1.*",restrict ssh-rsa AAAA***
tty is restricted, but remote user still can run commands on my side:
(Notice lines marked as <<<<<<. These are the commands I have typed)
$ ssh kes
PTY allocation request failed on channel 0
No mail.
asdf <<<<<<
-bash: line 1: asdf: command not found
ls <<<<<<
bin
work
x
: > test <<<<<<
echo "sdf" > test2 <<<<<<
cat test2 <<<<<<
sdf
Why connection still interactive?
The magic is: command="cat ~/t/db/tucha.sql.gz". In combination with restrict it will allow user only this one thing.
I add it to the ~/.ssh/authorized_keys file:
from="192.168.1.*",restrict,command="cat ~/t/db/tucha.sql.gz" ssh-rsa AAAAB3NzaC1yc2EXXXXXXXXX name
When user connect to my host he will get dump of tucha.sql.gz file.
He must connect using command: ssh myhost > local.name.sql.gz
Thus output from from host will be saved into local.name.sql.gz file