SSH server implementations are not known for its
their flexibility in per-user configuration. However, they
turn out to provide just enough infrastructure to make it possible to
make "special" accounts that are just only used
for a specific task. Here, I will concentrate on OpenSSH and
restricting access to file transfer and only a particular type of file
transfer.
First, the right place to tweak things is to use public key
authentication and forced commands. So make a key pair for the account
you want to give restricted access to, give the private key to the
people who need to use the restricted service, service
(they need to invoke scp as scp -i path/to/private_key), and drop
the public key into the server account's
.ssh/authorized_keys. Then, add options to the beginning of the line so
that the line reads something like this (the line has been
broken for readability but should be on one line without a backslash,
newline or space character):
[...]