{"id":"dockerbase-openssh-server","name":"openssh-server","homepage":"https://hub.docker.com/r/dockerbase/openssh-server","repo_url":"https://hub.docker.com/r/dockerbase/openssh-server","category":"infrastructure","subcategories":[],"tags":["ssh","server","remote-access","infrastructure","sftp"],"what_it_does":"Provides the OpenSSH server (sshd) for accepting inbound SSH connections and serving SSH features such as user authentication and remote command execution/file transfer over SSH.","use_cases":["Enable secure remote shell access to Linux/Unix servers","Support SSH-based automation (e.g., remote commands, backups, deployments)","Provide secure tunnels/port forwarding over SSH","Serve as the SSH endpoint for SFTP/SCP file transfers"],"not_for":["Providing a programmatic HTTP/GraphQL/gRPC API to agents","Multi-tenant application authentication/authorization beyond SSH user accounts/keys","Use as a public-facing service without careful hardening and monitoring"],"best_when":"You need standard, widely supported SSH server functionality for infrastructure access and can apply SSH hardening and key management best practices.","avoid_when":"You only need a web API interface, or you cannot manage SSH host keys, user accounts, and access controls securely.","alternatives":["Dropbear SSH server","Tectia/other commercial SSH servers","Using a managed SSH service (where applicable by your cloud/provider) instead of self-hosting"],"af_score":24.0,"security_score":41.8,"reliability_score":48.8,"package_type":"mcp_server","discovery_source":["docker_mcp"],"priority":"low","status":"evaluated","version_evaluated":null,"last_evaluated":"2026-04-04T19:54:23.409791+00:00","interface":{"has_rest_api":false,"has_graphql":false,"has_grpc":false,"has_mcp_server":false,"mcp_server_url":null,"has_sdk":false,"sdk_languages":[],"openapi_spec_url":null,"webhooks":false},"auth":{"methods":["Public key authentication (authorized_keys)","Password authentication (if enabled)","Keyboard-interactive (if configured)","Host-based authentication (if configured)"],"oauth":false,"scopes":false,"notes":"Authentication is handled via SSH mechanisms (user accounts and/or keys). There is no OAuth/web-token scope model."},"pricing":{"model":null,"free_tier_exists":false,"free_tier_limits":null,"paid_tiers":[],"requires_credit_card":false,"estimated_workload_costs":null,"notes":"Self-hosted open-source software; cost is operational (hosting, maintenance, security hardening)."},"requirements":{"requires_signup":false,"requires_credit_card":false,"domain_verification":false,"data_residency":[],"compliance":[],"min_contract":null},"agent_readiness":{"af_score":24.0,"security_score":41.8,"reliability_score":48.8,"mcp_server_quality":0.0,"documentation_accuracy":30.0,"error_message_quality":0.0,"error_message_notes":null,"auth_complexity":50.0,"rate_limit_clarity":10.0,"tls_enforcement":0.0,"auth_strength":70.0,"scope_granularity":10.0,"dependency_hygiene":55.0,"secret_handling":70.0,"security_notes":"Security depends heavily on configuration and patch level. SSH can be strong when using key-based authentication, disabling password auth, restricting users/groups, and hardening ciphers/KEX and logging. There is no TLS layer (SSH transport is separate), no OAuth scope model, and operational protections (e.g., firewalls, rate limiting, Fail2ban, least privilege) are typically required.","uptime_documented":20.0,"version_stability":75.0,"breaking_changes_history":60.0,"error_recovery":40.0,"idempotency_support":"false","idempotency_notes":null,"pagination_style":"none","retry_guidance_documented":false,"known_agent_gotchas":["No API surface for agent workflows beyond making SSH connections; agents must implement SSH client logic.","Misconfiguration (weak ciphers/MACs/KEX, enabling passwords, permissive auth) can severely reduce security.","Connection retries can trigger SSH rate limiting/lockouts depending on configuration (e.g., Fail2ban).","Host key verification and known_hosts handling must be managed to avoid MITM risks."]}}