postgres-ssh-mcp
Provides tools to query and introspect PostgreSQL databases with support for SSH tunnels, including running SQL queries, explaining query plans, listing schemas and tables, describing table columns, and checking connection status.
Click on "Install Server".
Wait a few minutes for the server to deploy. Once ready, it will show a "Started" state.
In the chat, type
@followed by the MCP server name and your instructions, e.g., "@postgres-ssh-mcpList all tables in the public schema"
That's it! The server will respond to your query, and you can continue using it as needed.
Here is a step-by-step guide with screenshots.
postgres-ssh-mcp
Cross-platform MCP server for PostgreSQL with SSH tunnel support. Works on macOS, Linux, and Windows.
Overview
postgres-ssh-mcp exposes MCP tools that allow AI tools to query and introspect PostgreSQL databases. It supports three connection modes:
Related MCP server: PostgreSQL Read-Only MCP Server
Connection Modes
Mode | When it activates | How it connects |
Direct | No SSH vars set | Connects to Postgres directly (no tunnel) |
SSH config |
| Reads |
Explicit SSH |
| Opens an SSH tunnel using the values from environment variables |
Using with AI Tools
Any MCP-Compatible Tool
Tools such as Claude Desktop, Cursor, and Windsurf use a JSON config file. Add an entry under mcpServers:
{
"mcpServers": {
"postgres-ssh-mcp": {
"command": "npx",
"args": ["-y", "postgres-ssh-mcp"],
"env": {
"DB_HOST": "localhost",
"DB_NAME": "mydb",
"DB_USER": "dbuser",
"DB_PASSWORD": "dbpassword",
// If you have an SSH config alias:
"SSH_HOST": "my-bastion",
// Or if you need explicit SSH:
"SSH_HOSTNAME": "127.0.0.1",
"SSH_USER": "mybastionuser",
"SSH_IDENTITY_FILE": "~/.ssh/mybastionkey", // optional if you use the default key path
"SSH_KEY_PASSPHRASE": "mypassphrase", // optional, if your private key is encrypted
"SSH_PORT": "1234", // defaults to 22
}
}
}
}For SSH tunnel connections, add SSH_HOST (SSH config alias) or SSH_HOSTNAME + SSH_USER (explicit credentials) to the env block.
Claude Code
Use claude mcp add to register the server. All environment variables must be passed via --env flags.
claude mcp add --transport stdio postgres-ssh-mcp \
--env DB_HOST=localhost \
--env DB_NAME=mydb \
--env DB_USER=dbuser \
--env DB_PASSWORD=dbpassword \
-- npx -y postgres-ssh-mcpHint: You can include --scope project to add the server only to the current project.
Tools
Tool | Description |
| Execute a SQL query (read-only by default; see |
| Get the execution plan for a SQL query. Supports all PostgreSQL EXPLAIN options (ANALYZE, BUFFERS, TIMING, etc) and output formats (text, JSON, YAML, XML) |
| List all schemas in the database |
| List tables in a schema (default: |
| Show columns, types, and nullability for a table |
| Show connection pool stats, database version, size, and server configuration |
Defense-in-Depth Query Safety
This is the key feature that sets postgres-ssh-mcp apart from other PostgreSQL MCP servers. It is the only one that enforces multi-layered protection against unintended data modifications through a combination of safety mechanisms.
AST-level SQL validation using
pgsql-parserand@pgsql/traverse— parses SQL into an abstract syntax tree and walks it to detect mutations, including hidden ones in CTEs,SELECT INTO, and locking clauses. OnlySELECTandEXPLAINstatements are allowed.Dangerous function denylist — blocks 250+ PostgreSQL functions that can cause side effects even inside read-only transactions, including
pg_sleep,nextval,pg_notify, file I/O functions, advisory locks, and replication controls.Read-only transaction wrapping — all queries execute inside
BEGIN TRANSACTION READ ONLYwith automaticROLLBACK.Single-statement enforcement — multi-statement queries are rejected before execution.
Note: Disabling these safety mechanisms is not recommended, however, you can do so by setting DB_READ_ONLY=false, which grants AI tools full write access to the database.
Environment Variables
These are all environment variables that can be used to configure this MCP server.
Required
Variable | Description |
| Postgres host or RDS endpoint |
| Database name |
| Database user |
| Database password |
Optional
Variable | Default | Description |
| (all) | Comma-separated list of tools to register. When unset, all tools are available. Case-sensitive. Example: |
|
| Postgres port |
|
| Set to |
|
| Set to |
| — | Path to a custom CA certificate file (PEM) for SSL verification |
|
| Set to |
|
| Maximum rows returned per query. Uses cursor-based fetching in read-only mode |
|
| Maximum number of connections in the pool |
|
| Milliseconds to wait for a connection from the pool |
|
| Milliseconds before a query is forcibly cancelled |
|
| Milliseconds to wait for old pool to drain during reconnection (0 to never wait) |
| — | SSH config alias (reads |
| — | Bastion hostname or IP |
| — | SSH login user |
|
| SSH port |
|
| Enables or disables strict host checking |
| — | Absolute path or |
| — | Passphrase for an encrypted private key |
| — | SSH password (alternative to key-based auth) |
| disabled | Milliseconds between SSH keepalive probes (if set: minimum 1000) |
|
| Max unanswered keepalive probes before dropping the connection |
|
| Auto-accept and save unknown SSH host keys on first connection |
| — | Path to custom known_hosts file (default: |
|
| Max SSH reconnection attempts (-1 for unlimited, 0 to disable) |
Development
Copy the example env file and fill in your values:
git clone https://github.com/SecretX33/postgres-ssh-mcp.git
cd postgres-ssh-mcp
npm install
npm run buildThe compiled server is written to dist/index.js.
Copy the example env file and fill in your values:
cp .env.example .env
# edit .envThen run in watch mode (automatically loads .env):
npm run devLicense
MIT
This server cannot be installed
Maintenance
Resources
Unclaimed servers have limited discoverability.
Looking for Admin?
If you are the server author, to access and configure the admin panel.
Latest Blog Posts
- Your AI Chatbot Just Exposed Your CEO's Salary to an InternBy Om-Shree-0709 on .Agent IdentityMCP SecurityOAuth Delegation
- Why MCP Servers Need Execution Sandboxing (And Why Your Current Stack Isn't Enough)By Om-Shree-0709 on .Agentic AiPrompt InjectionWebAssembly
MCP directory API
We provide all the information about MCP servers via our MCP API.
curl -X GET 'https://glama.ai/api/mcp/v1/servers/SecretX33/postgres-ssh-mcp'
If you have feedback or need assistance with the MCP directory API, please join our Discord server