Skip to main content
Glama
mahathirmuh

MCP SSH Server

by mahathirmuh
OverviewSchemaRelated ServersScoreDiscussions
JavaScript
Local

ssh_connect_with_credential

Connect to SSH servers using saved credentials for secure remote access and management. Establishes authenticated connections with stored credential IDs and unique connection identifiers.

Instructions

Connect to SSH server using saved credentials

Input Schema

TableJSON Schema
NameRequiredDescriptionDefault
credentialIdYesStored credential ID to use
connectionIdYesUnique identifier for this connection

Implementation Reference

  • src/index.ts:1178-1248 (handler)
    Implements the core logic for the 'ssh_connect_with_credential' tool: parses arguments using ConnectWithCredentialSchema, retrieves stored credential, creates NodeSSH connection with appropriate auth (password or private key), adds to connection pool and context, updates credential lastUsed, returns success message.
    private async handleConnectWithCredential(args: unknown) {
  const params = ConnectWithCredentialSchema.parse(args);
  
  if (connectionPool.has(params.connectionId)) {
    throw new McpError(
      ErrorCode.InvalidParams,
      `Connection ID '${params.connectionId}' already exists`
    );
  }

  const credential = credentialStore.get(params.credentialId);
  if (!credential) {
    throw new McpError(
      ErrorCode.InvalidParams,
      `Credential ID '${params.credentialId}' not found`
    );
  }

  const ssh = new NodeSSH();
  
  try {
    const connectConfig: any = {
      host: credential.host,
      port: credential.port,
      username: credential.username,
    };

    if (credential.privateKeyPath) {
      const privateKey = await fs.readFile(credential.privateKeyPath, 'utf8');
      connectConfig.privateKey = privateKey;
      if (credential.passphrase) {
        connectConfig.passphrase = credential.passphrase;
      }
    } else if (credential.password) {
      connectConfig.password = credential.password;
    } else {
      throw new McpError(
        ErrorCode.InvalidParams,
        'Credential has neither password nor private key'
      );
    }

    await ssh.connect(connectConfig);
    connectionPool.set(params.connectionId, ssh);

    // Initialize connection context
    connectionContexts.set(params.connectionId, {
      ssh,
      currentWorkingDirectory: undefined,
      defaultWorkingDirectory: undefined
    });

    // Update last used timestamp
    credential.lastUsed = new Date().toISOString();
    credentialStore.set(params.credentialId, credential);

    return {
      content: [
        {
          type: 'text',
          text: `Successfully connected to ${credential.host}:${credential.port} as ${credential.username} using saved credential '${params.credentialId}' (Connection ID: ${params.connectionId})`,
        },
      ],
    };
  } catch (error) {
    throw new McpError(
      ErrorCode.InternalError,
      `SSH connection failed: ${error instanceof Error ? error.message : String(error)}`
    );
  }
}
  • src/index.ts:143-146 (schema)
    Zod schema defining input parameters for the ssh_connect_with_credential tool: credentialId (string, required) and connectionId (string, required). Used for validation in the handler.
    const ConnectWithCredentialSchema = z.object({
  credentialId: z.string().describe('Stored credential ID to use'),
  connectionId: z.string().describe('Unique identifier for this connection')
});
  • src/index.ts:408-419 (registration)
    Tool registration entry returned by ListToolsRequest handler. Defines name, description, and inputSchema matching the ConnectWithCredentialSchema. Dispatches to handleConnectWithCredential in the CallToolRequest switch statement (line 512).
    {
  name: 'ssh_connect_with_credential',
  description: 'Connect to SSH server using saved credentials',
  inputSchema: {
    type: 'object',
    properties: {
      credentialId: { type: 'string', description: 'Stored credential ID to use' },
      connectionId: { type: 'string', description: 'Unique identifier for this connection' }
    },
    required: ['credentialId', 'connectionId']
  },
},
  • src/index.ts:511-512 (registration)
    Switch case in CallToolRequest handler that routes 'ssh_connect_with_credential' calls to the handler function.
    case 'ssh_connect_with_credential':
  return await this.handleConnectWithCredential(args);

Tool Definition Quality

C2.9/5.0
Behavior2/5

Does the description disclose side effects, auth requirements, rate limits, or destructive behavior?

With no annotations provided, the description carries full burden but offers minimal behavioral insight. It implies a connection operation but doesn't disclose whether this creates a persistent session, requires specific permissions, has timeout/rate limits, or what happens on failure. For a security-sensitive SSH tool, this lack of transparency is a significant gap.

Agents need to know what a tool does to the world before calling it. Descriptions should go beyond structured annotations to explain consequences.

Conciseness5/5

Is the description appropriately sized, front-loaded, and free of redundancy?

The description is a single, efficient sentence with zero wasted words. It's front-loaded with the core purpose and uses clear terminology. Every word earns its place without being overly terse.

Shorter descriptions cost fewer tokens and are easier for agents to parse. Every sentence should earn its place.

Completeness2/5

Given the tool's complexity, does the description cover enough for an agent to succeed on first attempt?

For a tool that establishes SSH connections (a complex, security-sensitive operation with no output schema and no annotations), the description is incomplete. It doesn't explain what the tool returns, how connections are managed, error conditions, or integration with other SSH tools. The context demands more comprehensive guidance.

Complex tools with many parameters or behaviors need more documentation. Simple tools need less. This dimension scales expectations accordingly.

Parameters3/5

Does the description clarify parameter syntax, constraints, interactions, or defaults beyond what the schema provides?

Schema description coverage is 100%, so the schema already documents both parameters fully. The description adds no additional meaning about parameters beyond implying 'credentialId' refers to saved credentials and 'connectionId' identifies the connection. This meets the baseline for high schema coverage.

Input schemas describe structure but not intent. Descriptions should explain non-obvious parameter relationships and valid value ranges.

Purpose4/5

Does the description clearly state what the tool does and how it differs from similar tools?

The description clearly states the action ('Connect') and target ('SSH server') with the specific method ('using saved credentials'), which distinguishes it from the sibling 'ssh_connect' that likely uses different authentication. However, it doesn't explicitly mention what type of connection this establishes (e.g., persistent session vs. one-time command execution).

Agents choose between tools based on descriptions. A clear purpose with a specific verb and resource helps agents select the right tool.

Usage Guidelines2/5

Does the description explain when to use this tool, when not to, or what alternatives exist?

The description provides no guidance on when to use this tool versus alternatives like 'ssh_connect' or 'ssh_start_interactive_shell'. It doesn't mention prerequisites (e.g., needing saved credentials via 'ssh_save_credential') or typical use cases (e.g., establishing a background connection for subsequent commands).

Agents often have multiple tools that could apply. Explicit usage guidance like "use X instead of Y when Z" prevents misuse.

Install Server

Other Tools

Latest Blog Posts

MCP directory API

We provide all the information about MCP servers via our MCP API.

curl -X GET 'https://glama.ai/api/mcp/v1/servers/mahathirmuh/mcp-ssh-server'

If you have feedback or need assistance with the MCP directory API, please join our Discord server