Skip to main content
Glama

SSH Read-Only MCP Server

by kunwarmahen
GitHub
Python
OverviewInspectNewEndpointsSchemaRelated ServersReviewsScore
Need Help?View Source CodeReport Issue

SSH Read-Only MCP Server

A secure Model Context Protocol (MCP) server that enables remote SSH command execution with strict read-only enforcement. Perfect for safely delegating SSH access to Claude while preventing accidental or malicious write operations.

Features

Read-Only Command Enforcement – Only allows safe, read-only commands
SSH Connection Pooling – Support multiple simultaneous connections
Command Validation – Blocks dangerous patterns and write operations
Multicast Discovery – Auto-announces on network for easy discovery
Flexible Transport – Stdio, HTTP, or Streamable-HTTP modes
Comprehensive Logging – Full audit trail in ssh_mcp.log
Environment Configuration – Fully configurable via .env

Installation

Prerequisites

  • Python 3.8+

  • uv package manager

Setup

# Clone or create project directory mkdir ssh-mcp-server cd ssh-mcp-server # Initialize uv project (if needed) uv init # Install dependencies uv pip install fastmcp paramiko python-dotenv

Or use pyproject.toml:

[project] name = "ssh-mcp-server" version = "0.1.0" dependencies = [ "fastmcp>=0.1.0", "paramiko>=3.0.0", "python-dotenv>=1.0.0", ]

Then install:

uv sync

Configuration

Create a .env file in the project root:

# Transport mode: stdio (default), http, or streamable-http MCP_TRANSPORT=stdio # Server identification MCP_SERVER_NAME=SSH Read-Only MCP Server # HTTP mode settings (if using http/streamable-http) MCP_HOST=0.0.0.0 MCP_PORT=3000 # Multicast discovery MCP_ENABLE_BROADCAST=true MCP_BROADCAST_INTERVAL=30

Environment Variables

Variable

Default

Description

MCP_TRANSPORT

stdio

Communication transport:

stdio

,

http

, or

streamable-http

MCP_SERVER_NAME

SSH Read-Only MCP Server

Display name for the server

MCP_HOST

0.0.0.0

Bind address for HTTP mode

MCP_PORT

3000

Port for HTTP mode

MCP_ENABLE_BROADCAST

true

Enable multicast discovery announcements

MCP_BROADCAST_INTERVAL

30

Seconds between broadcast announcements

Usage

Start the Server

Stdio mode (default):

uv run ssh_readonly_fastmcp_mcast.py

HTTP mode with multicast discovery:

MCP_TRANSPORT=http MCP_PORT=3000 uv run ssh_readonly_fastmcp_mcast.py

HTTP mode without broadcasting:

MCP_ENABLE_BROADCAST=false MCP_TRANSPORT=http MCP_PORT=3000 uv run ssh_readonly_fastmcp_mcast.py

Available Tools

1. ssh_connect

Establish an SSH connection to a remote machine.

Parameters:

  • host (required) – Remote host IP or hostname

  • username (required) – SSH username

  • port (optional, default: 22) – SSH port

  • key_filename (optional) – Path to private key file (recommended)

  • password (optional) – SSH password (fallback)

Example:

Connect to 192.168.1.100 as user 'admin' with private key host: 192.168.1.100 username: admin key_filename: /home/user/.ssh/id_rsa

2. ssh_execute

Execute a read-only command on the connected remote machine.

Parameters:

  • host (required) – Remote host (must be connected first)

  • username (required) – SSH username

  • command (required) – Read-only command to execute

  • port (optional, default: 22) – SSH port

Example:

Run 'ls -la /home' on connected server host: 192.168.1.100 username: admin command: ls -la /home

3. ssh_disconnect

Close an SSH connection.

Parameters:

  • host (required) – Remote host

  • username (required) – SSH username

  • port (optional, default: 22) – SSH port

4. ssh_list_connections

View all active SSH connections.

Parameters: None

5. ssh_get_allowed_commands

Retrieve the list of allowed read-only commands.

Parameters: None

Allowed Commands

The server permits the following read-only operations:

  • File operations: cat, ls, file, head, tail, find, locate

  • System info: ps, top, df, du, free, uname, hostname, uptime

  • Network: netstat, ss, ifconfig, ip, curl, wget, dig, nslookup, ping, traceroute

  • Process management: lsof, systemctl, service

  • Text processing: grep, awk, sed, wc

  • And many more read-only utilities

Blocked operations: rm, mv, cp, chmod, chown, mkdir, touch, kill, shutdown, reboot, sudo, and any write/modify commands.

Multicast Discovery

When running in HTTP mode with broadcasting enabled, the server announces itself on the multicast group:

  • Address: 239.255.255.250

  • Port: 5353

  • Interval: Configurable (default: 30 seconds)

Discovery announcement includes:

  • Server UUID

  • Server name

  • Local IP and port

  • Transport type

  • Protocol version

Logging

All activity is logged to ssh_mcp.log:

2025-10-17 10:30:45,123 [INFO] ssh_mcp - Starting MCP server with transport=http 2025-10-17 10:30:46,456 [INFO] ssh_mcp - Starting multicast broadcaster on 239.255.255.250:5353 2025-10-17 10:30:47,789 [INFO] ssh_mcp - Successfully connected to admin@192.168.1.100:22

Security Considerations

🔒 Read-Only Enforcement:

  • Only whitelisted commands are allowed

  • Dangerous patterns (pipes, redirects, subshells) are blocked

  • Write operations are prevented at the command level

⏱️ Timeouts:

  • 30-second execution timeout per command

  • Prevents hanging commands from blocking the server

🔐 Authentication:

  • SSH key authentication recommended over passwords

  • Passwords stored in memory only, never persisted

📋 Audit Trail:

  • All connections and commands are logged

  • Review ssh_mcp.log for security audits

Troubleshooting

Connection Refused

Error: Connection failed: [Errno 111] Connection refused

  • Verify the remote host is reachable: ping <host>

  • Check SSH is running on the remote machine

  • Verify port number (default 22)

Authentication Failed

Error: Connection failed: Authentication failed

  • Verify username is correct

  • For key auth: check key file path and permissions (chmod 600)

  • For password auth: verify credentials

  • Ensure SSH public key is authorized on remote (~/.ssh/authorized_keys)

Command Not Allowed

Error: Command not allowed for security reasons

  • The command contains a blocked pattern or is not in the allowed list

  • Use ssh_get_allowed_commands to see permitted commands

  • For write operations, use SSH directly instead

Broadcast Not Working

  • Verify MCP_ENABLE_BROADCAST=true

  • Check network supports multicast (most corporate networks block it)

  • Verify firewall allows UDP on port 5353

  • Check ssh_mcp.log for broadcast errors

Development

Running in Debug Mode

DEBUG=true uv run ssh_readonly_fastmcp_mcast.py

Testing

# Test connection uv run -c "from ssh_readonly_fastmcp_mcast import is_command_safe; print(is_command_safe('ls -la'))" # Should print: True # Test blocked command uv run -c "from ssh_readonly_fastmcp_mcast import is_command_safe; print(is_command_safe('rm -rf /'))" # Should print: False

Project Structure

ssh-mcp-server/ ├── ssh_readonly_fastmcp_mcast.py # Main server implementation ├── .env # Configuration file ├── .env.example # Configuration template ├── ssh_mcp.log # Server logs (auto-generated) ├── pyproject.toml # Project metadata └── README.md # This file

API Response Format

All tools return consistent JSON responses:

Success:

{ "status": "success", "host": "192.168.1.100", "command": "ls -la /home", "exit_code": 0, "output": "total 24\ndrwxr-xr-x 3 root root 4096...", "error": null }

Error:

{ "status": "error", "message": "Command not allowed for security reasons", "reason": "Only read-only commands are permitted" }

License

MIT

Contributing

Contributions welcome! Please ensure:

  • All changes maintain read-only enforcement

  • Code is logged appropriately

  • Tests pass for security validations

Support

For issues or questions:

  1. Check ssh_mcp.log for error details

  2. Review the Troubleshooting section

  3. Verify environment configuration

  4. Check network connectivity to remote hosts

This server cannot be installed

-
security - not tested
F
license - not found
-
quality - not tested

How are these scores calculated?

remote-capable server

The server can be hosted and run remotely because it primarily relies on remote services or has no dependency on the local environment.

Enables secure remote SSH command execution with strict read-only enforcement, allowing safe delegation of SSH access to Claude while preventing write operations. Supports connection pooling, command validation, and comprehensive logging for audit trails.

  1. Features
    1. Installation
      1. Prerequisites
      2. Setup
    2. Configuration
      1. Environment Variables
    3. Usage
      1. Start the Server
      2. Available Tools
    4. Allowed Commands
      1. Multicast Discovery
        1. Logging
          1. Security Considerations
            1. Troubleshooting
              1. Connection Refused
              2. Authentication Failed
              3. Command Not Allowed
              4. Broadcast Not Working
            2. Development
              1. Running in Debug Mode
              2. Testing
            3. Project Structure
              1. API Response Format
                1. License
                  1. Contributing
                    1. Support

                      New MCP Servers

                      MCP directory API

                      We provide all the information about MCP servers via our MCP API.

                      curl -X GET 'https://glama.ai/api/mcp/v1/servers/kunwarmahen/ssh-mcp-server'

                      If you have feedback or need assistance with the MCP directory API, please join our Discord server