In Debian theres is a package available called "scponly", which is a shell.
If my memory is correct it forces the account into a chroot and you can do sftp and scp -- only
I remember doing this manually before having found that package and I had to create some devices manually in the chroot. This was to ensure basic system functionality. Plus I had to copy a bunch of stuff into the chroot, it was pretty messy.
Another solution is to restrict an ssh public key to specific commands for the account in question.