ssh-mcp-server-copilot
Provides an MCP server (stdio transport) that lets VS Code Copilot Chat manage remote Linux hosts over SSH using natural-language queries mapped to a fixed set of template-based, policy-scoped tools (read-only, controlled mutation, and privileged operations requiring approval).
Score Breakdown
⚙ Agent Friendliness
🔒 Security
Security posture is heavily guardrailed per README: no raw shell (template-only), regex-validated parameters, path traversal blocking, secret redaction in outputs, approval workflow for privileged Tier 2 operations with HMAC-verified one-time tokens, and tamper-evident hash-chained audit logging. TLS is not directly discussed (SSH transport typically encrypted, but docs focus on SSH, not HTTPS/TLS). Dependency hygiene is not evidenced in provided material (scores are estimate-based from dependency list, not from CVE scanning results). Rate limiting and explicit error-handling guidance are not described.
⚡ Reliability
Best When
When you want an LLM/agent workflow to operate remote servers under strict guardrails (no raw shell, parameter validation, path policies, and auditable/approvable privileged actions).
Avoid When
When you cannot restrict templates and roles appropriately, or when operational procedures for approvals and audit review are not feasible.
Use Cases
- • Read-only operational queries on remote Linux hosts (host discovery, system facts, audit log viewing).
- • Controlled execution of whitelisted command templates (e.g., disk usage, log tails) with regex-validated parameters.
- • File transfer and SFTP operations constrained by allowed paths/extensions and download justification requirements.
- • Privileged SSH key and certificate lifecycle actions gated by an approval workflow and HMAC-verified one-time tokens.
Not For
- • Arbitrary remote command execution or interactive shell access.
- • Environments where approval workflows and audit logging cannot be enforced/operationally supported.
- • Use as a general-purpose API server for non-SSH workflows (it is specialized for SSH/MCP tool operations).
Interface
Authentication
The docs describe role-based access (developer/operator/admin/auditor) and a Tier 2 approval flow with HMAC-verified one-time approval tokens. It also mentions SSH_MCP_AUTH_TOKEN for bearer-token auth (empty = dev mode), but does not clearly document how roles map to that token or how scopes are enforced for Tier 0/1.
Pricing
No commercial pricing information provided; package appears open-source (MIT) based on provided metadata.
Agent Metadata
Known Gotchas
- ⚠ MCP tools only work when Copilot Chat is switched to "Agent" mode (explicitly called out).
- ⚠ Long-running work uses background jobs and polling/cancellation; agents may need guidance to choose sync vs background tools.
- ⚠ Approval tokens appear one-time/consumed; agents must not retry Tier 2 tool calls without re-issuing approval if token is expired/consumed.
- ⚠ Template-only execution means agents must select/fit requests to existing templates/regex constraints; otherwise operations may fail due to validation/path policy restrictions.
Alternatives
Full Evaluation Report
Comprehensive deep-dive: security analysis, reliability audit, agent experience review, cost modeling, competitive positioning, and improvement roadmap for ssh-mcp-server-copilot.
AI-powered analysis · PDF + markdown · Delivered within 30 minutes
Package Brief
Quick verdict, integration guide, cost projections, gotchas with workarounds, and alternatives comparison.
Delivered within 10 minutes
Score Monitoring
Get alerted when this package's AF, security, or reliability scores change significantly. Stay ahead of regressions.
Continuous monitoring
Scores are editorial opinions as of 2026-04-04.