and the rest of it...

ssh-handlers/generic-authorized_keys

@@ -0,0 +1 @@
+command="/home/user/restricted-handler.sh",from="ALLOWED_HOST_FQDN",no-port-forwarding,no-X11-forwarding,no-agent-forwarding,no-pty PUBLICKEY

ssh-handlers/generic-restricted-handler.sh

@@ -0,0 +1,23 @@
+#!/bin/bash
+
+set $SSH_ORIGINAL_COMMAND
+ 
+case "$1" in
+   ls)
+     ;;
+   scp)
+     ;;
+   /bin/scp)
+     ;;
+   rm)
+     ;;
+   /path/to/custom/command)
+     ;;
+   *)
+     logger -s -t restricted-command -- "Invalid command $@"
+     exit 1
+     ;;
+esac
+ 
+logger -t restricted-command -- "Executing $@"
+exec "$@"

ssh-handlers/slack-authorized_keys

@@ -0,0 +1 @@
+command="/home/slack-lab/bin/restricted-handler.sh" SSHPUBKEY

ssh-handlers/slack-restricted-handler.sh

@@ -0,0 +1,16 @@
+#!/bin/bash
+
+set $SSH_ORIGINAL_COMMAND
+
+case "$1" in
+   rsync)
+     ;;
+   *)
+     logger -s -t restricted-command -- "Invalid command $@"
+     echo "An attempt was made to utilize the private key on a KNEL managed server to access control and execute the following command: $@" | mail -s "SECURITY BREACH ON control for slack account: $USER" BREACHPAGEEMAIL
+     exit 1
+     ;;
+esac
+
+exec "$@"
+