mcp-ssh-orchestrator
Verified Safeby samerfarida
Overview
Provides secure, policy-driven SSH orchestration for AI agents to manage server infrastructure with audit logging, enforcing zero-trust principles.
Installation
docker run -i --rm -v "$(pwd)/config:/app/config:ro" -v "$(pwd)/keys:/app/keys:ro" -v "$(pwd)/secrets:/app/secrets:ro" ghcr.io/samerfarida/mcp-ssh-orchestrator:latestEnvironment Variables
- MCP_SSH_CONFIG_DIR
- MCP_SSH_KEYS_DIR
- MCP_SSH_SECRETS_DIR
Security Notes
The server implements a robust defense-in-depth security model. Critical features include: extensive input validation (length limits, null byte/control character rejection), command normalization and chain parsing to prevent obfuscation/chaining bypasses, hard-banned dangerous shell patterns, strict file path validation (no path traversal, no symlinks/directories for secrets/keys), file size limits for configurations, mandatory SSH host key verification (CWE-295 mitigated), IP allowlists/blocklists, DNS rate limiting and caching for DoS prevention, non-root container execution, and comprehensive structured JSON audit logging for all policy decisions and executions. Sensitive information is sanitized from user-facing error messages.
Similar Servers
ssh-mcp-server
Bridging AI assistants to remote SSH server operations for command execution, file transfer, and server status retrieval via the Model Context Protocol (MCP).
agent-identity-management
A production-ready identity verification and security platform for AI agents and Model Context Protocol (MCP) servers, providing cryptographic identity, access control, and real-time threat detection.
PowerShell.MCP
Enables AI assistants to execute arbitrary PowerShell commands and CLI tools for system automation, development tasks, and data analysis in a persistent, shared console environment.
mcp-ssh-manager
Manages remote SSH servers via the Model Context Protocol (MCP), enabling AI assistants like Claude Code and OpenAI Codex to execute commands, transfer files, monitor health, and automate DevOps tasks.