Using –/.ssh/authorized keys to decide what the incoming connection can do

In my setup, I have one host that can take multiple actions on a second host, with a restricted set of file paths.<p>I created a shell script on the second host called &quot;from_host_1&quot; which implements the logic to parse the first host&#x27;s request and any file paths it supplies, validates them, translates the paths as needed, and then executes the corresponding program.<p>This way, I can just use a single SSH key which can perform multiple functions. On the first host, I have a bunch of tiny scripts like `~&#x2F;bin&#x2F;func` which basically performs `ssh secondhost func &quot;$@&quot;`.<p>In the OPs case, they seem to have two different hosts which can run two different commands. Two separate SSH keys seems like a reasonable thing to do, because sharing the same key across two systems increases your risk if one machine is compromised.

Handy stuff. This would be good for restricting service accounts.<p>There is a whole lot that SSH can do that most people don&#x27;t know about.

Surprised it doesn&#x27;t mention `SSH_ORIGINAL_COMMAND`.<p>iOS Shortcuts has the built-in ability to run SSH commands on a remote server, including passphrase-less pubkey auth.<p>One can easily build a shortcut with a nice-ish user interface to run various commands on the server, which can be locked down to run a specific script that inspects `SSH_ORIGINAL_COMMAND` to determine what to do.<p>Because this can use a string comparison (without necessarily putting any user input into the command executed), it should help project against risks like shell injection while still allowing some degree of dynamic control (instead of potentially requiring one script and one SSH key per command).

For Linux hosts on zfs, this coupled with explicit entry in sudoers is useful for remote zfs send&#x2F;receive which requires root.