如何配置 SSHd 以允许单个命令，而不向用户提供完全登录访问权限？

您可以使用 authorized_keys 文件限制命令。放在command="/home/rpcall/bin/command.sh"密钥之前，在 authorized_keys 文件中，用户只会在连接时运行该命令。

检查 authorized_keys 的手册页，这是来自该手册页，

 command="command"
         Specifies that the command is executed whenever this key is used
         for authentication.  The command supplied by the user (if any) is
         ignored.  The command is run on a pty if the client requests a
         pty; otherwise it is run without a tty.  If an 8-bit clean chan-
         nel is required, one must not request a pty or should specify
         no-pty.  A quote may be included in the command by quoting it
         with a backslash.  This option might be useful to restrict cer-
         tain public keys to perform just a specific operation.  An exam-
         ple might be a key that permits remote backups but nothing else.
         Note that the client may specify TCP and/or X11 forwarding unless
         they are explicitly prohibited.  The command originally supplied
         by the client is available in the SSH_ORIGINAL_COMMAND environ-
         ment variable.  Note that this option applies to shell, command
         or subsystem execution.

如果你需要一个以上的命令，你基本上需要设置几组按键，使用不同的按键给你不同的命令。

编辑：我刚刚注意到，原始命令在SSH_ORIGINAL_COMMAND环境变量中可用，因此您确实可以使用自己的脚本处理该输入，做一些聪明的事情。