generic-ssh-mcp
Verified Safeby BlockSecCA
Overview
Execute commands on remote SSH servers with configurable wrappers for sandboxing, timeouts, or direct execution, integrated into Claude Desktop.
Installation
node server/index.js --host <SSH_HOST> --user <SSH_USER> --key <SSH_PRIVATE_KEY_PATH> --timeout <TIMEOUT_SECONDS> --wrapper "<COMMAND_WRAPPER>" --tool-name "<TOOL_NAME>"Security Notes
The server uses the `ssh2` library for persistent connections, and incorporates features like interactive command rejection to enhance security. No 'eval' or obfuscation found. Critical security depends heavily on user configuration, especially when using the `srt` wrapper. The documentation explicitly warns that the default `srt` configuration is vulnerable to sandbox escape if `~/.srt-settings.json` is not explicitly protected (denied read/write access), which is a manual user step. SSH private key management (storage and permissions) is external to the MCP server. Misconfiguration of the `srt` wrapper is the primary potential security weakness.
Similar Servers
mcp-ssh-manager
Manages remote SSH servers via the Model Context Protocol (MCP), enabling AI assistants like Claude Code and OpenAI Codex to execute commands, transfer files, monitor health, and automate DevOps tasks.
ssh-mcp-server
Provides secure remote server management capabilities, including SSH connection, command execution, and SFTP file transfers, via the MCP protocol for integration with AI agents.
terminal-mcp-server
Provides a Model Context Protocol (MCP) interface for executing commands locally or remotely via SSH, enabling AI models to interact with system terminals.
mcp-remote-access
Provides SSH and Serial port access for MCP-compatible AI clients to control remote devices like Raspberry Pi, embedded systems, and IoT devices.