To restrict ssh user I create a user and changed there shell to use rbash instead of bash.
sudo chsh -s /bin/rbash duplicati-backsups
Only using rbash ( and not bash ) the backup fails with error.
2020-02-20 13:09:11 +13 - [Warning-Duplicati.Library.Main.Operation.RestoreHandler-NoFilesRestored]: Restore completed without errors but no files were restored
No backups were created.
What SSH commands dies duplicati require to run on the shell.