Ssh port forwarding with no shell

If you want an account where the user can connect to be able to port forward but don't want to give him a shell change the first line of authorized_keys to something like:

 command="/bin/cat" ssh-rsa ...

If you change the shell in passwd, it may be that you can't connect at all.