Submit

SSH MCP Tool — Production-Grade SSH Automation for AI Agents

@oaslananka

Visit Server
2 months ago
Production-grade MCP server that opens persistent SSH sessions and exposes safe, structured tools for command execution, file operations, transfers, tunnels, package and service management, metrics, resources, and guided prompts. Secure by default: strict host-key verification, root login disabled, raw sudo policy-gated, destructive commands denied unless explicitly allowed.
OverviewToolsComments
Overview

SSH MCP Tool

Production-grade MCP server for SSH automation. Opens persistent SSH sessions and exposes safe, structured tools to MCP clients (Claude Desktop, Cursor, VS Code, ChatGPT, custom agents).

Why this server

  • Trust: central policy engine, structured audit events, redacted logs, strict host keys, machine-readable errors.
  • MCP quality: stdio for local clients, Streamable HTTP for remote clients, legacy SSE only behind an explicit compatibility flag.
  • AI-friendly tools: stable output schemas, structuredContent, annotations for read-only / destructive / idempotent behavior, resources, and curated prompts.
  • Operations: session TTL/eviction, command timeouts, transfer checksum verification, real SSH forwarding, Prometheus metrics, OpenTelemetry hooks.
  • Portability: SFTP first, POSIX/BusyBox-aware shell fallbacks, explicit support boundaries.

Quick Start

npm install -g mcp-ssh-tool

Add to your MCP client configuration:

{
  "mcpServers": {
    "ssh-mcp": {
      "command": "npx",
      "args": ["-y", "mcp-ssh-tool"]
    }
  }
}

Use it from your AI client:

Open a safe SSH session to prod-1 as deploy, inspect host capabilities, then show disk usage.

Security defaults

  • Strict host-key verification is on
  • Root login is off
  • Raw sudo is policy-gated
  • Destructive commands and filesystem mutations are denied unless policy allows them
  • Remote HTTP starts on loopback only unless bearer auth and allowed origins are configured

Available tools

  • ssh.session.open / ssh.session.close — persistent session lifecycle
  • ssh.exec — run commands with timeout, structured output, audit log
  • ssh.file.read / ssh.file.write / ssh.file.list — safe file operations
  • ssh.transfer.upload / ssh.transfer.download — SFTP with checksum verification
  • ssh.tunnel.open — local/remote port forwarding
  • ssh.package.install / ssh.service.restart — package and systemd management
  • ssh.metrics — host metrics (CPU, RAM, disk, network)
  • Plus resources and guided prompts

Requirements

  • Node.js 22.22.2+ or 24.14.1+ (LTS only)
  • SSH access to target hosts
  • Populated known_hosts file or explicit per-session host-key policy

License

MIT

Try in Playground

Server Config

{
  "mcpServers": {
    "ssh-mcp": {
      "command": "npx",
      "args": [
        "-y",
        "mcp-ssh-tool"
      ],
      "env": {
        "MCP_SSH_KNOWN_HOSTS": "~/.ssh/known_hosts",
        "MCP_SSH_LOG_LEVEL": "info"
      }
    }
  }
}
© 2025 MCP.so. All rights reserved.

Build with ShipAny.