In my setup, I have one host that can take multiple actions on a second host, with a restricted set of file paths.

I created a shell script on the second host called "from_host_1" which implements the logic to parse the first host's request and any file paths it supplies, validates them, translates the paths as needed, and then executes the corresponding program.

This way, I can just use a single SSH key which can perform multiple functions. On the first host, I have a bunch of tiny scripts like `~/bin/func` which basically performs `ssh secondhost func "$@"`.

In the OPs case, they seem to have two different hosts which can run two different commands. Two separate SSH keys seems like a reasonable thing to do, because sharing the same key across two systems increases your risk if one machine is compromised.