Custom Openssh Shell

ssh forced commands spring to mind if you're happy to use keypair based authentication.

man authorized_keys
/command=

To be pedantic, it won't be ctrl+c, but SIGHUP (closer to ctrl+d) that kills the app.

You can put essentially whatever you want in the user's shell in /etc/passwd. Simply replace the default on the user's passwd line (probably /bin/bash) with another program. That program can be a script, such as /usr/bin/tail_log_file, with these contents, owned by root:root, with umode 0755:

#!/bin/rbash
tail -f /path/to/logfile

You can use some interpreter other than rbash, but it is advisable to use a restricted shell in such cases.

To be extremely pedantic about it, you should add the script's path to /etc/shells, but I usually find it works anyway.

Keep in mind also that the user could potentially put the script in the background, or use some options (ssh username@host bash) and still acquire a shell. If you want to restrict the user in such ways, good filesystem permissions are the only real solution.

You can configure ssh to run a command of your choice when you log in using public key authentication. To do this, generate a pair of keys:

djs@sardinia:~$ ssh-keygen -f restricted-key 
Generating public/private rsa key pair. 
Enter passphrase (empty for no passphrase): 
Enter same passphrase again: 
Your identification has been saved in restricted-key. 
Your public key has been saved in restricted-key.pub. 
The key fingerprint is: b1:8f:26:47:c2:c5:f2:8d:ed:a0:c4:bd:9a:30:9d:08 djs@sardinia 
[...]

restricted-key.pub contains a line suitable for putting in the users's ~/.ssh/authorized_keys file:

ssh-rsa AAAA...UDz47Nl djs@sardinia

but you can add a command to this, and ssh will run that command when logging in with the key:

command="tail -f /my/interesting/file" ssh-rsa AAAA...UDz47Nl djs@sardinia

Then the user can ssh to the machine using ssh -i restricted-key.