Per-account configuration lets you instruct the SSH server to treat
your account differently. Using public-key authentication, you can
permit or restrict connections based on a client's key,
hostname, or IP address. With forced commands, you can limit the set
of programs that a client may run in your account. You can also
disable unwanted features of SSH, such as port forwarding, agent
forwarding, and tty allocation.
Using trusted-host authentication, you can permit or restrict
particular hosts or remote users from accessing your account. This
uses the files ~/.shosts or (less optimally)
~/.rhosts. However, the mechanism is less secure
and less flexible than public-key authentication.