SSH MCP Tool — Production-Grade SSH Automation for AI Agents
@oaslananka
Production-grade MCP server that opens persistent SSH sessions and exposes safe, structured tools for command execution, file operations, transfers, tunnels, package and service management, metrics, resources, and guided prompts. Secure by default: strict host-key verification, r
Overview
What is SSH MCP Tool — Production-Grade SSH Automation for AI Agents?
A production‑grade MCP server that opens persistent SSH sessions and exposes safe, structured tools to MCP clients such as Claude Desktop, Cursor, VS Code, ChatGPT, and custom AI agents. It provides a central policy engine, structured audit events, and AI‑friendly output schemas for secure, automated remote system management.
How to use SSH MCP Tool — Production-Grade SSH Automation for AI Agents?
Install globally via npm install -g mcp-ssh-tool, then add the server to your MCP client configuration (e.g., mcpServers.ssh-mcp with command npx). Use the client to describe tasks like “Open a safe SSH session to prod‑1 as deploy, inspect host capabilities, then show disk usage.” The server supports stdio (local), Streamable HTTP (remote), and legacy SSE (opt‑in via compat flag).
Key features of SSH MCP Tool — Production-Grade SSH Automation for AI Agents?
- Central policy engine with structured audit events and redacted logs
- Supports stdio, Streamable HTTP, and legacy SSE transports
- Persistent SSH session lifecycle with TTL, eviction, and command timeouts
- Safe file operations via SFTP with checksum verification
- Prometheus metrics and OpenTelemetry instrumentation
- Strict host‑key verification; root login and destructive commands blocked by default
Use cases of SSH MCP Tool — Production-Grade SSH Automation for AI Agents?
- Securely run commands on remote servers from an AI agent
- Upload or download files with integrity verification over SFTP
- Manage packages and systemd services via policy‑gated tools
- Establish local or remote SSH tunnels for port forwarding
- Collect host metrics (CPU, RAM, disk, network) for monitoring
FAQ from SSH MCP Tool — Production-Grade SSH Automation for AI Agents?
What security defaults are enforced?
Strict host‑key verification is on, root login is off, raw sudo is policy‑gated, destructive commands and filesystem mutations are denied unless policy allows, and remote HTTP starts on loopback only unless bearer auth and allowed origins are configured.
What runtime environment is required?
Node.js 22.22.2+ or 24.14.1+ (LTS only) and SSH access to target hosts with a populated known_hosts file or explicit per‑session host‑key policy.
How do I enable remote HTTP access?
Remote HTTP starts on loopback only. To allow external access you must configure bearer authentication and set allowed origins.
What tools are available?
The server provides ssh.session.open/close, ssh.exec, ssh.file.read/write/list, ssh.transfer.upload/download, ssh.tunnel.open, ssh.package.install, ssh.service.restart, and ssh.metrics, plus resources and guided prompts.
Does the server support SSH port forwarding?
Yes, the ssh.tunnel.open tool enables local and remote port forwarding over SSH.