[vaneck]

Beware that this may break apps that use SSH as a transport protocol (like rsync and mercurial, depending on your setup of course).

[Estragon]

You could set those up with separate identities authorized with forced commands, though I'm not sure how you would secure rsync from abuse.

[moomerman]

The extended example 'should' work with those kinds of apps. The trivial example does not.

[pedrocr]

More specifically it checks for the SSH_ORIGINAL_COMMAND environment variable and executes it if it exists, thus making "ssh myhost <command>" work again.