[bandie91]

note, that even with ForcedCommand, sshd still executes ~/.ssh/rc in the user's name, so she can execute arbitrary command once she can write the rc file (unless disabled by PermitUserRC).

shameless plug: you can prevent this by https://github.com/bAndie91/tools/tree/master/ssh-groupcomma...