Model Context Protocol (MCP) SSH client server for remote automation
npm install mcp-ssh-tool
A Model Context Protocol (MCP) SSH client server that provides autonomous SSH operations for GitHub Copilot and VS Code. Enable natural language SSH automation without manual prompts or GUI interactions.
- Global install (recommended): npm install -g mcp-ssh-tool
- One-off run: npx mcp-ssh-tool
Add to your MCP configuration (mcp.json, .vscode/mcp.json, or the Claude Desktop MCP config):
``json`
{
"servers": {
"ssh-mcp": {
"type": "stdio",
"command": "mcp-ssh-tool",
"args": []
}
}
}
Once configured, you can use natural language with your MCP client:
- SSH Connection: "Connect to server 192.168.1.100 as admin using SSH key"
- File Operations: "Read the content of /etc/nginx/nginx.conf on the server"
- Command Execution: "Run 'systemctl status nginx' on the remote server"
- Package Management: "Install htop package on Ubuntu server"
- Service Control: "Restart the nginx service"
- ssh_open_session - Establish SSH connection with various auth methodsssh_close_session
- - Close SSH sessionssh_list_sessions
- - List all active SSH sessionsssh_ping
- - Check if a session is alive and responsivessh_list_configured_hosts
- - List hosts from ~/.ssh/configssh_resolve_host
- - Resolve host alias from SSH configproc_exec
- - Execute commands remotely (with optional timeout)proc_sudo
- - Execute commands with sudo privilegesfs_read
- , fs_write, fs_list, fs_stat, fs_mkdir, fs_rm, fs_rename - File system operationsensure_package
- - Package managementensure_service
- - Service controlensure_line_in_file
- - File line managementpatch_apply
- - Apply patches to filesdetect_os
- - System information detection
The SSH MCP Server acts as a bridge between GitHub Copilot and remote systems via SSH. It supports:
- Non-interactive SSH operations - No prompts or GUI interactions
- Multiple authentication methods - Password, SSH keys, or SSH agent
- Session management - Automatic connection pooling with TTL and LRU eviction
- File system operations - Read, write, list, and manage remote files via SFTP
- Process execution - Run commands and sudo operations remotely
- High-level automation - Package management, service control, and configuration management
- Security - Automatic redaction of sensitive data in logs
`
┌─────────────────┐ ┌──────────────────┐ ┌─────────────────┐
│ GitHub Copilot │────│ SSH MCP Server │────│ Remote Systems │
│ / VS Code │ │ │ │ (via SSH) │
└─────────────────┘ └──────────────────┘ └─────────────────┘
│ │ │
│ MCP stdio protocol │ Session management │ SSH + SFTP
│ │ LRU cache + TTL │
│ │ Auth strategies │
- Node.js ≥ 18 (LTS)
- SSH access to target systems
- SSH keys or credentials for authentication
`bash`
npm install -g mcp-ssh-tool
`bash`
git clone https://github.com/oaslananka/mcp-ssh-tool.git
cd mcp-ssh-tool
npm install
npm run build
npm link
- --help / -h: Show usage and examples.--version
- / -v: Print version.--stdio
- : Force stdio mode (default).
Note: This is an MCP stdio server. The terminal is not an interactive shell; use an MCP client (Claude Desktop, VS Code MCP, etc.) or send JSON-RPC over stdio.
- Linux / macOS: Uses POSIX shell wrappers with safe quoting. Default temp directory: /tmp.C:\\Users\\
- Windows targets: Requires OpenSSH server/agent; key discovery checks . Commands are wrapped for PowerShell-safe execution. Package/service helpers are intentionally disabled on Windows targets.STRICT_HOST_KEY_CHECKING=true
- Host keys: Host key checking is relaxed by default. Set and optionally KNOWN_HOSTS_PATH to enforce verification.
`bash`
npm run setup:chatgpt
This command automatically configures ChatGPT Desktop to use mcp-ssh-tool.
Add to your ChatGPT Desktop MCP config:
- macOS: ~/Library/Application Support/ChatGPT/mcp.json
- Windows:
- Linux:
`json`
{
"mcpServers": {
"ssh-mcp-server": {
"name": "ssh-mcp-server",
"command": "npx",
"args": ["-y", "mcp-ssh-tool"]
}
}
}
For detailed usage, see docs/chatgpt-usage.md.
Open VS Code and press Ctrl+Shift+P, then run "MCP: Open User Configuration".
Add to your mcp.json:
`json`
{
"servers": {
"ssh-mcp": {
"type": "stdio",
"command": "mcp-ssh-tool",
"args": []
}
}
}
Create .vscode/mcp.json in your workspace:
`json`
{
"servers": {
"ssh-mcp": {
"type": "stdio",
"command": "mcp-ssh-tool",
"args": []
}
}
}
1. Restart VS Code
2. Open Copilot Chat
3. The SSH MCP tools should appear in the available tools list
4. Test with: "Connect to 192.168.1.100 as admin and run 'uname -a'"
`
"Connect to 10.11.12.13 as deployer with password 'mypass' and run 'df -h'"
`
"Connect to server.example.com as admin, read /etc/nginx/nginx.conf and show me the server blocks"
`
"Connect to 192.168.1.50 as root, install htop package, start nginx service, and list /var/www contents"
`
"Connect to web-server as admin, add these lines to /etc/hosts:
192.168.1.10 db-server
192.168.1.20 cache-server
Then restart networking service"
#### ssh.openSession
Opens a new SSH session with authentication.
Input:
`json`
{
"host": "example.com",
"username": "admin",
"port": 22,
"auth": "auto",
"password": "optional",
"privateKey": "optional-inline-key",
"privateKeyPath": "optional-path",
"passphrase": "optional",
"useAgent": false,
"readyTimeoutMs": 20000,
"ttlMs": 900000
}
Output:
`json`
{
"sessionId": "ssh-1645123456789-1",
"host": "example.com",
"username": "admin",
"expiresInMs": 900000
}
#### ssh.closeSession
Closes an active SSH session.
Input:
`json`
{
"sessionId": "ssh-1645123456789-1"
}
Output:
`json`
{
"ok": true
}
#### proc.exec
Executes a command on the remote system.
Input:
`json`
{
"sessionId": "ssh-1645123456789-1",
"command": "ls -la /home",
"cwd": "/tmp",
"env": {"DEBUG": "1"}
}
Output:
`json`
{
"code": 0,
"stdout": "total 12\ndrwxr-xr-x 3 root root 4096...",
"stderr": "",
"durationMs": 245
}
#### proc.sudo
Executes a command with sudo privileges.
Input:
`json`
{
"sessionId": "ssh-1645123456789-1",
"command": "systemctl restart nginx",
"password": "sudo-password",
"cwd": "/etc"
}
#### fs.read
Reads a file from the remote system.
Input:
`json`
{
"sessionId": "ssh-1645123456789-1",
"path": "/etc/hosts",
"encoding": "utf8"
}
Output:
`json`
{
"data": "127.0.0.1 localhost\n::1 localhost\n..."
}
#### fs.write
Writes data to a file (atomic operation using temp file + rename).
Input:
`json`
{
"sessionId": "ssh-1645123456789-1",
"path": "/tmp/config.txt",
"data": "server_name example.com;\nlisten 80;",
"mode": 644
}
#### fs.stat
Gets file or directory statistics.
Output:
`json`
{
"size": 1024,
"mtime": "2024-01-15T10:30:00.000Z",
"mode": 33188,
"type": "file"
}
#### fs.list
Lists directory contents with pagination.
Input:
`json`
{
"sessionId": "ssh-1645123456789-1",
"path": "/var/log",
"page": 0,
"limit": 50
}
Output:
`json`
{
"entries": [
{
"name": "nginx",
"type": "directory",
"size": 4096,
"mtime": "2024-01-15T10:30:00.000Z",
"mode": 16877
}
],
"nextToken": "1"
}
#### fs.mkdirp
Creates directories recursively (mkdir -p equivalent).
#### fs.rmrf
Removes files or directories recursively (rm -rf equivalent).
#### fs.rename
Renames or moves files and directories.
#### ensure.package
Ensures a package is installed using the system's package manager.
Input:
`json`
{
"sessionId": "ssh-1645123456789-1",
"name": "nginx",
"sudoPassword": "optional"
}
Output:
`json`
{
"ok": true,
"pm": "apt",
"code": 0,
"stdout": "Package nginx is already installed",
"stderr": ""
}
#### ensure.service
Manages system services (systemd or traditional service).
Input:
`json`
{
"sessionId": "ssh-1645123456789-1",
"name": "nginx",
"state": "started",
"sudoPassword": "optional"
}
#### ensure.linesInFile
Ensures specific lines exist in a file (idempotent).
Input:
`json`
{
"sessionId": "ssh-1645123456789-1",
"path": "/etc/hosts",
"lines": ["192.168.1.10 db-server", "192.168.1.20 cache-server"],
"createIfMissing": true,
"sudoPassword": "optional"
}
#### patch.apply
Applies a patch to a file using the patch command.
#### os.detect
Detects operating system information, package manager, and init system.
Output:
`json`
{
"platform": "linux",
"distro": "ubuntu",
"version": "22.04",
"arch": "x86_64",
"shell": "bash",
"packageManager": "apt",
"init": "systemd",
"defaultShell": "bash",
"tempDir": "/tmp"
}
The server supports multiple authentication methods with automatic fallback:
1. Password (if provided)
2. SSH Key (inline → path → auto-discovery)
3. SSH Agent (if available)
The server automatically searches for SSH keys in:
- ~/.ssh/id_ed25519
-
-
> Note: DSA keys (id_dsa) are no longer supported due to security concerns.
Custom key directory: Set SSH_DEFAULT_KEY_DIR environment variable.
Password Authentication:
`json`
{
"host": "server.com",
"username": "admin",
"auth": "password",
"password": "secret"
}
SSH Key (inline):
`json`
{
"host": "server.com",
"username": "admin",
"auth": "key",
"privateKey": "-----BEGIN PRIVATE KEY-----\n...",
"passphrase": "optional"
}
SSH Key (file path):
`json`
{
"host": "server.com",
"username": "admin",
"auth": "key",
"privateKeyPath": "/home/user/.ssh/id_rsa"
}
SSH Agent:
`json`
{
"host": "server.com",
"username": "admin",
"auth": "agent"
}
- LOG_LEVEL - Logging level (error, warn, info, debug)SSH_DEFAULT_KEY_DIR
- - Custom SSH key directorySTRICT_HOST_KEY_CHECKING
- - Enable strict host key checkingKNOWN_HOSTS_PATH
- - Custom known_hosts file path
- Connection timeout: 20 seconds
- Session TTL: 15 minutes
- Max concurrent sessions: 20
- Host key checking: Relaxed (disabled by default)
The server returns structured error codes for machine-readable error handling:
- EAUTH - Authentication failed
- ECONN - Connection error
- ETIMEOUT - Operation timeout
- ENOSUDO - Sudo operation failed
- EPMGR - Package manager not found
- EFS - File system operation failed
- EPATCH - Patch application failed
- EBADREQ - Invalid request parameters
Each error includes:
- name: Error class namecode
- : Machine-readable error codemessage
- : Human-readable error messagehint
- : Optional suggestion for resolution
Sensitive data is automatically redacted from logs:
- Passwords
- Private keys
- Passphrases
- Sudo passwords
- SSH agent socket paths
- Configurable host key verification
- Support for known_hosts files
- Connection timeout enforcement
- Automatic session cleanup
- TTL-based session expiration
- LRU cache eviction
- Graceful connection cleanup
- No persistent credential storage
`bash`
git clone https://github.com/oaslananka/mcp-ssh-tool.git
cd mcp-ssh-tool
npm install
`bash`
npm run build # Compile TypeScript
npm run dev # Watch mode compilation
npm run test # Run unit tests
npm run e2e # Run E2E tests (requires RUN_SSH_E2E=1)
npm run lint # Type-check (no emit)
npm run format # Run Prettier
npm run test:coverage
npm run docs
Unit Tests:
`bash`
npm test
E2E Tests (optional):
`bash``
RUN_SSH_E2E=1 npm run e2e
MIT License
Copyright (c) 2025 Osman Aslan (oaslananka)
Permission is hereby granted, free of charge, to any person obtaining a copy
of this software and associated documentation files (the "Software"), to deal
in the Software without restriction, including without limitation the rights
to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
copies of the Software, and to permit persons to whom the Software is
furnished to do so, subject to the following conditions:
The above copyright notice and this permission notice shall be included in all
copies or substantial portions of the Software.
THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
SOFTWARE.
E2E tests require a local Docker container or SSH server for testing.
1. Follow TypeScript and ESLint rules
2. Add tests for new features
3. Update documentation
4. Ensure all tests pass
5. Use conventional commit messages
MIT License - see LICENSE file for details.
- Model Context Protocol - Official MCP documentation
- VS Code MCP Guide - VS Code Copilot extensibility
- GitHub Copilot - GitHub Copilot documentation