ubuntu-shell-mcp

The server (`server/index.js`) uses the well-vetted `ssh2` Node.js library for persistent SSH connections. Sensitive configuration (host, user, private key path) is provided by the user via arguments, not hardcoded. It includes a robust mechanism to detect and reject common interactive commands (e.g., `sudo` without arguments, `vim`, `top`, `python` without script files), which helps prevent hanging sessions and potential misuse. Direct command execution is its core function, and while this always carries inherent risk, the tool's design mitigates common pitfalls. The SSH client configuration in `server/index.js` does not disable host key checking, relying on standard SSH security practices. A significant vulnerability (`-o StrictHostKeyChecking=no`) was identified in an older, non-primary entry point (`ubuntu_server_js.js`), but this is not used by the current `2.0.0` version based on `package.json` and `manifest.json` configuration. Therefore, the security score reflects the active `server/index.js` implementation.