SSH key for port forwarding only

When creating more permanent ssh tunnels it is often a good idea to have an ssh keypaire that can only be used for tunneling and not for obtaining a real shell.

Add this to your .ssh/authorited_keys

# Idea from stackoverflow
# Change the port and include the real ssh pubkey
no-pty,no-X11-forwarding,permitopen="localhost:62000",command="/bin/echo do-not-send-commands" ssh-rsa AAAA...

To prevent the ssh client from trying to open a shell use the -N flag.