mcp-ssh-orchestrator

This server exhibits an exceptionally strong commitment to security through a multi-layered defense-in-depth architecture. It actively prevents common attack vectors such as command injection (using `shlex.split`, explicit substring bans, command chain parsing, and normalization), path traversal (`os.path.abspath`, `os.path.isabs`, `os.path.normpath`, rejection of `..`, symlinks, and directories), DNS-based DoS (rate limiting, caching, timeouts), and MITM attacks (strict SSH host key verification with `paramiko.RejectPolicy`). Input validation is robustly applied to all user-controlled parameters, and all configuration files have size limits. The system enforces a 'deny-by-default' policy model, runs as a non-root user in Docker containers with read-only mounts, and provides comprehensive, structured JSON audit logs for security events and command execution. No `eval` or similar dangerous patterns are used without clear justification.