Restrict SSH to file transfers only [duplicate]
Since they're logging in by using public keys, you can simply set that key to not allow any PTY. Here's an example of a fairly closed-down key:
from="their.workstation.only.domain.com",no-pty,no-port-forwarding ssh-dss AAA....
This will only allow connections from one computer and will disallow both PTY and port forwarding. All such options should come before the actual key starts and be separated by commas.
There's a list of all possible options in the section AUTHORIZED_KEYS FILE FORMAT in the man page for sshd.
I think rssh is obviously choice.
rssh is a restricted shell for use with OpenSSH, allowing only scp and/or sftp. It now also includes support for rdist, rsync, and cvs. For example, if you have a server which you only want to allow users to copy files off of via scp, without providing shell access, you can use rssh to do that.