Don't know enough to help with OpenSSH server config. However, the main problem I see is: you want this on port 22.
- this will interfere with "normal" ssh login (which also uses port 22) for that machine
-
Port 22 is privileged, you need root for this
You could take the approach many
git servers do: the user named "git" has a special shell allowing only specific operations (that would correspond to your script). Since you need to be root anyway(*), this looks like the easier approach. Your users then connect
ssh yourserviceuser@yourhost
and if your script needs their "real" credentials, it can ask them (or, like git, distinguishes them by their SSH key).
(*)Update: for configuration, not for running it