{"id":"linuxserver-openssh-server","name":"openssh-server","homepage":"https://hub.docker.com/r/linuxserver/openssh-server","repo_url":"https://hub.docker.com/r/linuxserver/openssh-server","category":"security","subcategories":[],"tags":["infrastructure","security","authentication","remote-access","ssh"],"what_it_does":"OpenSSH Server (sshd) provides secure remote access to machines using the SSH protocol (e.g., interactive shell, command execution, and SFTP). It handles authentication, encryption, key exchange, and session management for inbound SSH connections.","use_cases":["Remote administration of servers over encrypted connections","Secure file transfer (e.g., SFTP/SCP) to and from hosts","Automation/CI systems needing SSH-based access to infrastructure","Jump hosts/bastions for controlled access to private networks"],"not_for":["Exposing a public API for programmatic client requests (HTTP/REST use-case mismatch)","Browser-based or token-based auth workflows intended for web applications","Untrusted environments without hardening and monitoring"],"best_when":"When you can properly harden sshd (key-based auth, restricted users, secure ciphers/KEX, MFA where applicable) and manage network exposure and logging.","avoid_when":"Avoid running sshd directly on the public internet without appropriate firewalling/rate limiting, strong authentication, and vigilant monitoring; avoid if you require application-layer API semantics rather than SSH access.","alternatives":["OpenSSH client (for initiating connections)","Dropbear SSH server (lightweight alternative)","Windows Remote Management (WinRM) for Windows-centric admin","Nginx/Apache with app-level authentication (for web apps requiring HTTP access)"],"af_score":22.8,"security_score":71.8,"reliability_score":45.0,"package_type":"mcp_server","discovery_source":["docker_mcp"],"priority":"high","status":"evaluated","version_evaluated":null,"last_evaluated":"2026-03-30T13:42:21.320019+00:00","interface":{"has_rest_api":false,"has_graphql":false,"has_grpc":false,"has_mcp_server":false,"mcp_server_url":null,"has_sdk":false,"sdk_languages":[],"openapi_spec_url":null,"webhooks":false},"auth":{"methods":["Public key authentication (authorized_keys)","Password authentication (if enabled)","Keyboard-interactive (if configured)","Host-based authentication (if configured)","GSSAPI/Kerberos (if configured)","Certificate-based SSH (if configured)"],"oauth":false,"scopes":false,"notes":"SSH authorization is primarily based on Unix user accounts and SSH authentication methods configured in sshd_config; there is no OAuth-like scoped token model."},"pricing":{"model":null,"free_tier_exists":false,"free_tier_limits":null,"paid_tiers":[],"requires_credit_card":false,"estimated_workload_costs":null,"notes":"Open-source software; operational costs are typically infrastructure/maintenance rather than licensing."},"requirements":{"requires_signup":false,"requires_credit_card":false,"domain_verification":false,"data_residency":[],"compliance":[],"min_contract":null},"agent_readiness":{"af_score":22.8,"security_score":71.8,"reliability_score":45.0,"mcp_server_quality":0.0,"documentation_accuracy":20.0,"error_message_quality":0.0,"error_message_notes":null,"auth_complexity":40.0,"rate_limit_clarity":10.0,"tls_enforcement":100.0,"auth_strength":85.0,"scope_granularity":30.0,"dependency_hygiene":70.0,"secret_handling":70.0,"security_notes":"Security largely depends on sshd configuration and operational controls. SSH provides strong cryptography when modern algorithms are used and keys/password handling is secure. There are limited/no built-in concepts of fine-grained OAuth scopes; authorization is typically coarse (user/account-level) unless additional controls (e.g., forced commands, chroot, restrictions) are configured. Proper logging/monitoring and key management are critical.","uptime_documented":0.0,"version_stability":70.0,"breaking_changes_history":70.0,"error_recovery":40.0,"idempotency_support":"false","idempotency_notes":null,"pagination_style":"none","retry_guidance_documented":false,"known_agent_gotchas":["No standardized API contracts (agents would need to use SSH protocol tooling directly).","Behavior depends heavily on sshd_config, enabled auth methods, and client capabilities.","Hardening changes (disable password, enforce key algorithms) can break agent access if not aligned."]}}