ssh-mcp
ssh-mcp is a local MCP (Model Context Protocol) server that connects to a remote Linux/Windows host over SSH and exposes tools to run remote shell commands (exec and sudo-exec) from an MCP client.
Score Breakdown
⚙ Agent Friendliness
🔒 Security
Communication with the SSH server is assumed encrypted (SSH), but TLS/transport specifics for the local MCP channel are not documented. The server supports password or SSH key auth to the target host. There is no documented MCP-level authorization, no scoped permissions, and no command allowlisting; this raises risk of arbitrary command execution if an agent is prompted with malicious instructions. Timeout and process abortion are mentioned for hanging commands, which is a helpful safety control. Secret handling details (e.g., whether args/logs expose passwords/sudo passwords) are not specified in the provided README.
⚡ Reliability
Best When
You have an authenticated MCP client and want a convenient way to execute bounded, timeout-controlled SSH commands on a known set of servers.
Avoid When
When commands or connection parameters could be influenced by untrusted users, or when you need strict auditing, least-privilege command authorization, or tenant-level policy enforcement.
Use Cases
- • Letting an MCP-enabled agent run administrative or operational commands on remote servers
- • Remote execution via natural language using MCP tool calls
- • Automating recurring troubleshooting tasks over SSH
- • Controlled command execution with configurable timeout and input length limits
Not For
- • Unrestricted, internet-exposed remote command execution from untrusted inputs
- • High-assurance production automation without additional guardrails/auditing
- • Interactive long-running sessions that require streamed I/O beyond simple exec outputs
- • Use cases requiring robust tenant isolation or fine-grained per-command authorization
Interface
Authentication
Authentication is to the remote host over SSH using a provided password or private key. There is no documented separate auth/authorization layer for the MCP client itself.
Pricing
MIT-licensed OSS package; pricing for hosting/usage depends on your environment.
Agent Metadata
Known Gotchas
- ⚠ sudo-exec requires sudoPassword and can be disabled entirely via --disableSudo
- ⚠ Command execution can be affected by --timeout (kills/aborts running processes) and --maxChars input length limits
- ⚠ No explicit allowlist/denylist or least-privilege model is documented—agents may be able to run arbitrary commands they are given
Alternatives
Full Evaluation Report
Comprehensive deep-dive: security analysis, reliability audit, agent experience review, cost modeling, competitive positioning, and improvement roadmap for ssh-mcp.
AI-powered analysis · PDF + markdown · Delivered within 30 minutes
Package Brief
Quick verdict, integration guide, cost projections, gotchas with workarounds, and alternatives comparison.
Delivered within 10 minutes
Score Monitoring
Get alerted when this package's AF, security, or reliability scores change significantly. Stay ahead of regressions.
Continuous monitoring
Scores are editorial opinions as of 2026-03-30.