{"id":"ssh-mcp-server-copilot","name":"ssh-mcp-server-copilot","homepage":"https://pypi.org/project/ssh-mcp-server-copilot/","repo_url":"https://github.com/bhayanak/ssh-mcp-server","category":"infrastructure","subcategories":[],"tags":["mcp","ssh","vscode","copilot","security","automation","remote-operations","python"],"what_it_does":"Provides an MCP server (stdio transport) that lets VS Code Copilot Chat manage remote Linux hosts over SSH using natural-language queries mapped to a fixed set of template-based, policy-scoped tools (read-only, controlled mutation, and privileged operations requiring approval).","use_cases":["Read-only operational queries on remote Linux hosts (host discovery, system facts, audit log viewing).","Controlled execution of whitelisted command templates (e.g., disk usage, log tails) with regex-validated parameters.","File transfer and SFTP operations constrained by allowed paths/extensions and download justification requirements.","Privileged SSH key and certificate lifecycle actions gated by an approval workflow and HMAC-verified one-time tokens."],"not_for":["Arbitrary remote command execution or interactive shell access.","Environments where approval workflows and audit logging cannot be enforced/operationally supported.","Use as a general-purpose API server for non-SSH workflows (it is specialized for SSH/MCP tool operations)."],"best_when":"When you want an LLM/agent workflow to operate remote servers under strict guardrails (no raw shell, parameter validation, path policies, and auditable/approvable privileged actions).","avoid_when":"When you cannot restrict templates and roles appropriately, or when operational procedures for approvals and audit review are not feasible.","alternatives":["Raw SSH with human-run scripts/automation (Ansible, Fabric, Salt).","Agentic MCP/LLM tools that integrate with existing RBAC and policy engines (enterprise workflow tools).","Dedicated CI/CD or runbook systems with templated commands and approvals (e.g., Terraform/Ansible with approval gates)."],"af_score":53.3,"security_score":77.2,"reliability_score":26.2,"package_type":"mcp_server","discovery_source":["pypi"],"priority":"low","status":"evaluated","version_evaluated":null,"last_evaluated":"2026-04-04T21:43:49.725765+00:00","interface":{"has_rest_api":false,"has_graphql":false,"has_grpc":false,"has_mcp_server":true,"mcp_server_url":null,"has_sdk":false,"sdk_languages":[],"openapi_spec_url":null,"webhooks":false},"auth":{"methods":["SSH key/ssh-agent usage for SSH connectivity","Optional bearer token via SSH_MCP_AUTH_TOKEN (not clearly production-grade in docs)","Two-party approval workflow for Tier 2 (request/approve/consume approval tokens)"],"oauth":false,"scopes":false,"notes":"The docs describe role-based access (developer/operator/admin/auditor) and a Tier 2 approval flow with HMAC-verified one-time approval tokens. It also mentions SSH_MCP_AUTH_TOKEN for bearer-token auth (empty = dev mode), but does not clearly document how roles map to that token or how scopes are enforced for Tier 0/1."},"pricing":{"model":null,"free_tier_exists":false,"free_tier_limits":null,"paid_tiers":[],"requires_credit_card":false,"estimated_workload_costs":null,"notes":"No commercial pricing information provided; package appears open-source (MIT) based on provided metadata."},"requirements":{"requires_signup":false,"requires_credit_card":false,"domain_verification":false,"data_residency":[],"compliance":[],"min_contract":null},"agent_readiness":{"af_score":53.3,"security_score":77.2,"reliability_score":26.2,"mcp_server_quality":78.0,"documentation_accuracy":70.0,"error_message_quality":0.0,"error_message_notes":null,"auth_complexity":62.0,"rate_limit_clarity":0.0,"tls_enforcement":85.0,"auth_strength":78.0,"scope_granularity":72.0,"dependency_hygiene":55.0,"secret_handling":90.0,"security_notes":"Security posture is heavily guardrailed per README: no raw shell (template-only), regex-validated parameters, path traversal blocking, secret redaction in outputs, approval workflow for privileged Tier 2 operations with HMAC-verified one-time tokens, and tamper-evident hash-chained audit logging. TLS is not directly discussed (SSH transport typically encrypted, but docs focus on SSH, not HTTPS/TLS). Dependency hygiene is not evidenced in provided material (scores are estimate-based from dependency list, not from CVE scanning results). Rate limiting and explicit error-handling guidance are not described.","uptime_documented":0.0,"version_stability":35.0,"breaking_changes_history":40.0,"error_recovery":30.0,"idempotency_support":"false","idempotency_notes":null,"pagination_style":"none","retry_guidance_documented":false,"known_agent_gotchas":["MCP tools only work when Copilot Chat is switched to \"Agent\" mode (explicitly called out).","Long-running work uses background jobs and polling/cancellation; agents may need guidance to choose sync vs background tools.","Approval tokens appear one-time/consumed; agents must not retry Tier 2 tool calls without re-issuing approval if token is expired/consumed.","Template-only execution means agents must select/fit requests to existing templates/regex constraints; otherwise operations may fail due to validation/path policy restrictions."]}}