...
Sometimes this is not convenient because several commands are to be run. A solution is to specify a script in authorized_keys and for the script to validate the commands. For example:
#!/bin/bash
# Purpose: validates the command a remote host is attempting to execute by sshss
df_regex='^df '
rsync_server_regex='^rsync --server '
stat_regex='^stat --format=%F '
if [[ $SSH_ORIGINAL_COMMAND =~ $df_regex \
|| $SSH_ORIGINAL_COMMAND =~ $rsync_server_regex \
|| $SSH_ORIGINAL_COMMAND =~ $stat_regex \
]]; then
exec $SSH_ORIGINAL_COMMAND
else
echo "${0##*/}: command did not pass validation ($SSH_ORIGINAL_COMMAND)" >&2
exit 1
fi
...