How can I create a Single-purpose keys (ssh) for use with scp?

Solution 1:

When you talk about command="" I assume you refer to the entry you can put in a ~/.ssh/authorized_keys, limiting what command a public ssh key can be used to execute?

When transferring a file across ssh using scp you spawn the following process on the remote side: "scp -t /destination/directory". Hence, if you want an entry only allowing you to scp files into the /tmp directory you will use the following

command="scp -t /tmp"

To my knowledge there is no command="" entry restring a key only to use scp, but at the same time allowing transfers into any destination directory. A completely different solution, which might very well not be what you are after, is using a restrictive shell like scponly.