In the client-server architecture used by the SSH protocol, a client can authenticate by providing a tunneled clear text password or by using a public/private key pair: this is called public key authentication. A user who logs in in via a public key on a remote machine has complete access to the command line; in certain situations, however, it may be useful to associate a public key to a single specific command, for security reasons.

Source: LXer – How to bind an SSH public key to a specific command