Se restringir todos ao uso de chaves autorizadas não for uma opção, você pode usar a diretiva ForceCommand em sshd_config para obter o que deseja (Openssh 4.9 ou posterior). Consulte Segurança do OpenSSH :
OpenSSH 4.9 and newer do not execute ~/.ssh/rc for sessions whose command has been overridden with a sshd_config(5) ForceCommand directive. This was a documented, but unsafe behaviour (described in OpenSSH 4.9 release notes).
As notas de patch para o OpenSSH 4.9 dizem o seguinte sobre o ForceCommand:
Disable execution of ~/.ssh/rc for sessions where a command has been forced by the sshd_config ForceCommand directive. Users who had write access to this file could use it to execute abritrary commands. This behaviour was documented, but was an unsafe default and an extra hassle for administrators.
Uma sugestão seria usar a solução proposta neste tópico " ForceCommand e ~ / .ssh / rc ".