The only way I know of to do that is to use ssh keys.
append this to the beginning of the keyline in your authorized_keys file
Quick rundown of keys ....
* if you want customers to be able to use putty to create the tool you need to create a dsa key (at least I always have to)
echo -n 'no-pty,no-X11-forwarding,no-agent-forwarding,command="" ' >> ~/.ssh/authorized_keys && cat ~/.ssh/id_rsa.pub >> ~/.ssh/authorized_keys
Give the private key to your user and tell them how to use it.
Note: doing things this way there is really no way to restrict who uses what port or when so people could experience conflicts.
Also it could make for some interesting logs if you are being attacked via a tunneled connection. You may not pick it up, just something to think about.