{"id":"ajoergensen-openssh-server","name":"openssh-server","homepage":"https://hub.docker.com/r/ajoergensen/openssh-server","repo_url":"https://hub.docker.com/r/ajoergensen/openssh-server","category":"infrastructure","subcategories":[],"tags":["infrastructure","security","networking","ssh","remote-access","server"],"what_it_does":"Provides the OpenSSH server implementation (sshd) for accepting SSH connections, authenticating users, and providing secure remote shell/SFTP/port forwarding capabilities on a host.","use_cases":["Run an SSH server for remote command execution and secure administration","Enable SFTP for file transfers","Provide SSH tunneling/port forwarding for internal services","Set up bastion hosts/jump servers for restricted network access","Remote automation by allowing SSH-based workflows"],"not_for":["Public internet exposure without strong hardening and monitoring","Use as an application-layer API service with REST/GraphQL/SDK expectations","Scenarios requiring mTLS-based client authentication without SSH-native mechanisms","Environments that disallow network daemons or inbound connections"],"best_when":"You control the host environment (network, firewalling, account management) and can apply standard SSH hardening (keys, permissions, cipher/MAC/KEX policies, logging).","avoid_when":"You need an agent-friendly HTTP API, or you cannot enforce secure configuration practices (key-based auth, disabling weak algorithms, least-privilege accounts).","alternatives":["Dropbear SSH server","Bitvise SSH Server","Commercial SSH server products","Self-hosted SFTP/FTP alternatives (when SSH is overkill)"],"af_score":24.8,"security_score":64.5,"reliability_score":40.0,"package_type":"mcp_server","discovery_source":["docker_mcp"],"priority":"low","status":"evaluated","version_evaluated":null,"last_evaluated":"2026-04-04T19:39:48.444909+00:00","interface":{"has_rest_api":false,"has_graphql":false,"has_grpc":false,"has_mcp_server":false,"mcp_server_url":null,"has_sdk":false,"sdk_languages":[],"openapi_spec_url":null,"webhooks":false},"auth":{"methods":["Public key authentication","Password authentication (optional, configurable)","Keyboard-interactive (configurable)","Certificate-based auth (sshd supports SSH certificates, if configured)","Host-based authentication (configurable)"],"oauth":false,"scopes":false,"notes":"Authentication is performed via SSHD mechanisms (keys/password/interactive/certificates). There is no OAuth-style scoped API authorization model."},"pricing":{"model":null,"free_tier_exists":false,"free_tier_limits":null,"paid_tiers":[],"requires_credit_card":false,"estimated_workload_costs":null,"notes":"Typically distributed as open-source software; operational costs come from running the server/host."},"requirements":{"requires_signup":false,"requires_credit_card":false,"domain_verification":false,"data_residency":[],"compliance":[],"min_contract":null},"agent_readiness":{"af_score":24.8,"security_score":64.5,"reliability_score":40.0,"mcp_server_quality":0.0,"documentation_accuracy":40.0,"error_message_quality":0.0,"error_message_notes":null,"auth_complexity":55.0,"rate_limit_clarity":20.0,"tls_enforcement":85.0,"auth_strength":80.0,"scope_granularity":10.0,"dependency_hygiene":70.0,"secret_handling":75.0,"security_notes":"SSH transport is encrypted (not TLS, but provides confidentiality/integrity). Strong security is achievable with key-based auth and modern algorithm configuration; however, there is no fine-grained scope/authorization at the API level (access is primarily via accounts/permissions and SSHD configuration). Actual security posture is configuration- and environment-dependent (keys, ciphers, logging, patching).","uptime_documented":0.0,"version_stability":70.0,"breaking_changes_history":60.0,"error_recovery":30.0,"idempotency_support":"false","idempotency_notes":null,"pagination_style":"none","retry_guidance_documented":false,"known_agent_gotchas":["SSH is interactive by nature (prompts, TTY requirements) which can complicate automation if misconfigured.","Security depends heavily on sshd_config hardening; a misconfiguration can negate the security properties.","Host key verification and key management must be handled carefully in automated agents.","Rate limiting is not an API concern; connection limits and Fail2Ban-style tooling may be needed externally."]}}