Overview
What is SSH MCP Server?
SSH MCP Server is a local Model Context Protocol (MCP) server that exposes SSH control for Linux and Windows systems, enabling LLMs and other MCP clients to execute shell commands securely via SSH. It provides tools for managing SSH connections and running commands, with support for password and key-based authentication.
How to use SSH MCP Server?
Clone the repository, create a machines.json file specifying remote machines with SSH credentials (password or key path), then configure your MCP client (e.g., Claude Desktop) to launch the server with the MACHINES_PATH environment variable pointing to that config file.
Key features of SSH MCP Server
- Execute shell commands on remote Linux and Windows systems via SSH
- Secure authentication with password or SSH key
- Read-only mode via
secure_execute_commandwith built-in security checks - Manage multiple concurrent SSH sessions tracked by
connection_id - MCP‑compliant, built with TypeScript and the official MCP SDK
Use cases of SSH MCP Server
- Have an LLM run system diagnostics (e.g.,
uptime,df -h) on remote servers - Automate deployment or maintenance tasks by securely executing commands
- Provide an AI assistant with controlled shell access for troubleshooting
- Integrate remote command execution into MCP‑compatible applications like Claude Desktop
FAQ from SSH MCP Server
How does SSH MCP Server differ from a typical SSH client?
SSH MCP Server is an MCP server that exposes SSH capabilities as tools for LLMs, not a direct terminal client. It allows models to initiate and manage SSH sessions and execute commands programmatically under your control.
What dependencies or runtime does it require?
You need Node.js (to run the server from the built dist/index.js file) and the official MCP SDK (included in the project). No external databases or cloud services are required.
Where does connection data live?
Connection configurations are stored locally in a machines.json file that you create. Active sessions are tracked in memory; no data is sent to external services unless you explicitly configure the MCP client to do so.
Are there any known limits or security restrictions?
The server includes a secure_execute_command tool that blocks destructive actions, but the execute_command tool is unrestricted. You should review commands carefully and run the server in a secure environment. Use at your own risk.
What transport and authentication methods are supported?
The server communicates via the MCP protocol (typically over stdin/stdout). SSH authentication supports both password and private key (keyPath) methods, configured per machine in machines.json.