Surprised it doesn't mention `SSH_ORIGINAL_COMMAND`.

iOS Shortcuts has the built-in ability to run SSH commands on a remote server, including passphrase-less pubkey auth.

One can easily build a shortcut with a nice-ish user interface to run various commands on the server, which can be locked down to run a specific script that inspects `SSH_ORIGINAL_COMMAND` to determine what to do.

Because this can use a string comparison (without necessarily putting any user input into the command executed), it should help project against risks like shell injection while still allowing some degree of dynamic control (instead of potentially requiring one script and one SSH key per command).