Limited SSH access for log retrieval

Make a separate user for this purpose only. Have the user login with an SSH key only. In the authorized_keys file for the user, edit the public key to allow only a command. That command should not be a pointer to a shell script; instead insert the shell script into the key directly.

Here's an example. The setup here is that on the server, there's a cron job that moves daily logs to /var/log/logfetch. Another server, with IP 10.1.2.3, will connect and send a command. If the command is BACKUP, the client will receive a gzipped tar file of the files in the directory /var/log/logfetch. If it is instead a file name, the file with that name in /var/log/logfetch will be deleted. Any other command will be ignored. All commands will be logged. Connections are only allowed from that one IP address.

from="10.1.2.3",no-port-forwarding,no-X11-forwarding,no-agent-forwarding,no-pty,command="read ARG;HOST=$(/usr/bin/hostname);if [ \"$ARG\" = \"BACKUP\" ]; then cd /var/log/logfetc;/usr/bin/tar -cf - *;/usr/bin/logger -t LOGFETCH -p daemon.info \"INFO: Backup-files on $HOST fetched from ${SSH_CLIENT%% *} by $USER\";else cd /var/log/logfetch; if [ -f $ARG ]; then /usr/bin/rm $ARG;/usr/bin/logger -t LOGFETCH -p daemon.info \"INFO: Backup-file \\"$ARG\\" removed on $HOST by $USER\";else /usr/bin/logger -t LOGFETCH -p daemon.info \"WARNING: $USER failed to remove \\"$ARG\\" on $HOST\";exit -1;fi;fi " ssh-dss AA.....

This may be overkill for your particular situation, but it's reasonably hard for a third party to abuse and should be possible to adapt to your particular needs.