A
securityA
licenseA
qualityAn MCP server that enables secure terminal command execution, directory navigation, and file system operations through a standardized interface for LLMs.
Last updated -
10
23
Python
MIT License
Integrations
Provides access to MLB Stats API tools for retrieving and analyzing baseball statistics
MCP Server SSH Client
A Model Context Protocol Server (Remote SSH client) that connects to remote MCP servers over SSH. This client enables accessing and utilizing MCP tools hosted on remote servers, providing a secure channel for MCP communication.
Features
- Connect to any MCP server over SSH
- Proxy all MCP protocol commands through a secure SSH channel
- Support for key-based authentication
- Support for MCP capabilities including tools, prompts, and resources
Installation
In a uv managed python project, add to dependencies by:
Copy
Alternatively, for projects using pip for dependencies:
Copy
To install directly from the source:
Copy
To run the server inside your project:
Copy
Common Use Cases
1. Quick Start with Demo Server
We maintain a public demo server with various MCP tools already configured and ready to use. (This server will be available until we release our open, decentralized registry.)
This demo server has multiple MCP servers including HackerNews, MLB Stats API, and Formula 1 API tools for you to experiment with.
Claude
To connect Claude to this server, simply add the following to Claude Desktop settings.
Copy
Command-line
Copy
2. Local Development Testing
For setting up your own SSH server, refer to m2m-mcp-server-ssh-server.
For local testing with your own MCP tools:
Copy
The above command will try to connect to a local SSH server listening on port 8022.
When testing locally, you can simplify key exchange by using the key server:
Copy
The above command will try to use the key server running on port 8000.
3. Remote Server Connection
Connect to your own hosted MCP server:
Copy
You can simplify key exchange by running the key server on your remote server and configuring it in client.
Usage with AI Platforms
Claude Desktop Integration
Add this to Claude Desktop settings:
Copy
MCP Inspector
For debugging or exploring available tools:
Copy
Usage
Command Line Options
--host: Remote SSH server host (default: "localhost")--port: Remote SSH server port (default: 8022)--username: SSH username (default: "mcp")--client-key: Client private key file (default: "~/.ssh/m2m_mcp_server_ssh_client")--known-hosts: Path to known hosts file (default: "~/.ssh/known_hosts")--passphrase: Passphrase for the private key (default: None)--disable-host-key-checking: Skip server signature verification (default: False)--log-level: Set logging level (default: INFO)
Detailed Examples
Basic Connection to a Remote Server
Connect to a remote MCP server (SSH server) running on port 8022:
Copy
Using a Custom SSH Key
Specify a particular SSH key for authentication:
Copy
If your key is passphrase-protected:
Copy
Debug Mode for Troubleshooting
Enable detailed logging for troubleshooting connection issues:
Copy
Key Server Integration
The MCP SSH Client can use a key server for dynamic key exchange and verification:
Copy
When using a key server:
- The client fetches the server's public key from
http://host:key-server-port/server_pub_key - The client registers its public key with the server at
http://host:key-server-port/register - A temporary
known_hostsfile is created for the SSH connection
This feature is mutually exclusive with --known-hosts and --disable-host-key-checking.
Disabling Host Key Checking
⚠️ Security Warning: Using
--disable-host-key-checkingmakes your connection vulnerable to man-in-the-middle attacks. Only use this option in trusted networks or for development/testing purposes.
Copy
Configure for Claude Desktop
Add to your Claude settings:
Copy
For a more secure configuration with a specific key:
Copy
How It Works
The MCP Server SSH Client establishes an SSH connection to a remote server running the MCP Server SSH Server for MCP tools, i.e., m2m-mcp-server-ssh-server. It then:
- Creates a local proxy server that mirrors the capabilities of the remote MCP server
- Forwards all MCP requests to the remote server through the SSH connection
- Returns responses from the remote server to the local client
This allows you to use tools running on remote machines as if they were installed locally.
Authentication Flow
Security Considerations
- Always use host key verification in production environments
- Use passphrase-protected SSH keys for stronger security
- Consider using dedicated SSH keys for MCP connections
- Set appropriate permissions (600) for your SSH key files
- Use a dedicated, limited-privilege user on the remote server
Troubleshooting Common Issues
Connection Refused
Copy
Solution: Verify the host and port are correct and that the SSH service is running.
Authentication Failure
Copy
Solution: Check the key file path. Ensure the remote server has your public key installed.
Host Key Verification Failed
Copy
Solution: Either add the host key to your known_hosts file or use --disable-host-key-checking (for testing only).
Dependencies
- anyio (>=4.5.0)
- asyncssh (>=2.20.0)
- mcp (>=1.1.3)
- pydantic (>=2.0.0)
Development
Setup Development Environment
Copy
Code Quality
Copy
Debugging
You can use the MCP inspector to debug the client:
Copy
For advanced debugging, use the following workflow:
- Start the client with
--log-level DEBUG - Check the SSH connection parameters and handshake process
- If using custom keys, verify correct paths and permissions
- Use
ssh -vdirectly to test basic connectivity first
Contributing
We welcome contributions to help expand and improve m2m-mcp-server-ssh-client. Whether you want to add new features, enhance existing functionality, or improve documentation, your input is valuable.
Pull requests are welcome! Feel free to contribute new ideas, bug fixes, or enhancements.
Contribution Guidelines
- Fork the repository
- Create a feature branch:
git checkout -b feature-name - Commit your changes:
git commit -am 'Add some feature' - Push to the branch:
git push origin feature-name - Submit a pull request
License
MIT License - See LICENSE file for details.
Authors
- Machine To Machine
This server cannot be installed
remote-capable server
The server can be hosted and run remotely because it primarily relies on remote services or has no dependency on the local environment.
The m2m-mcp-server-ssh-client provides a unified MCP server interface, securely connecting via SSH to the m2m-mcp-server-ssh-server back-end which aggregates MCP servers. This setup offers secure, single-point access to diverse remote tools using robust SSH key-based authentication.
Related MCP Servers
- -securityAlicense-qualityA secure MCP (Model Context Protocol) server hosted on Google Cloud Run that enables team collaboration by providing authenticated access via Google Cloud IAM, allowing teams to share custom MCP servers over the internet before official MCP authentication is implemented.Last updated -16TypeScriptMIT License
- -securityFlicense-qualityA personal MCP server for securely storing and accessing API keys across projects using the macOS Keychain, letting AI assistants and applications retrieve credentials through natural language.Last updated -10TypeScript
- -securityFlicense-qualityA server that enables remote command execution over SSH through the Model Context Protocol (MCP), supporting both password and private key authentication.Last updated -JavaScript