SSH MCP

ssh_connect

Establish SSH connections to remote servers using hostname, username, and authentication credentials for secure remote access.

Instructions

Connect to a remote server via SSH

Input Schema

TableJSON Schema

Name	Required	Description
`host`	Yes	Hostname or IP address of the remote server
`port`	No	SSH port (default: 22)
`username`	Yes	SSH username
`password`	No	SSH password (if not using key-based authentication)
`privateKeyPath`	No	Path to private key file (if using key-based authentication)
`passphrase`	No	Passphrase for private key (if needed)
`connectionId`	No	Unique identifier for this connection

Implementation Reference

src/index.ts:302-381 (handler)

Implements the ssh_connect tool by creating an SSH connection using the ssh2 Client, supporting password or private key authentication, storing the connection in a map for later use, and returning appropriate success or error responses.

private async handleSSHConnect(params: any) {
  const {
    host,
    port = 22,
    username,
    password,
    privateKeyPath,
    passphrase,
    connectionId = `ssh-${Date.now()}`
  } = params;

  // Verify we have either a password or a private key
  if (!password && !privateKeyPath) {
    return {
      content: [{ type: "text", text: "Either password or privateKeyPath must be provided" }],
      isError: true
    };
  }

  // Create SSH connection options
  const sshConfig: any = {
    host,
    port,
    username,
    readyTimeout: 30000, // 30 seconds timeout for connection
  };

  // Add authentication method
  if (privateKeyPath) {
    try {
      // Expand tilde if present in the path
      const expandedPath = privateKeyPath.replace(/^~/, os.homedir());
      sshConfig.privateKey = fs.readFileSync(expandedPath);
      
      if (passphrase) {
        sshConfig.passphrase = passphrase;
      }
    } catch (error: any) {
      return {
        content: [{ type: "text", text: `Failed to read private key: ${error.message}` }],
        isError: true
      };
    }
  } else if (password) {
    sshConfig.password = password;
  }

  // Create a new SSH client
  const conn = new Client();
  
  try {
    // Connect to the server and wait for the "ready" event
    await new Promise((resolve, reject) => {
      conn.on("ready", () => {
        resolve(true);
      });
      
      conn.on("error", (err: Error) => {
        reject(new Error(`SSH connection error: ${err.message}`));
      });
      
      conn.connect(sshConfig);
    });
    
    // Store the connection for future use
    this.connections.set(connectionId, { conn, config: { host, port, username } });
    
    return {
      content: [{ 
        type: "text", 
        text: `Successfully connected to ${username}@${host}:${port}\nConnection ID: ${connectionId}` 
      }]
    };
  } catch (error: any) {
    return {
      content: [{ type: "text", text: `Failed to connect: ${error.message}` }],
      isError: true
    };
  }
}

src/index.ts:37-73 (schema)

Primary input schema definition for the ssh_connect tool, declared in server capabilities.

ssh_connect: {
  description: "Connect to a remote server via SSH",
  inputSchema: {
    type: "object",
    properties: {
      host: {
        type: "string",
        description: "Hostname or IP address of the remote server"
      },
      port: {
        type: "number",
        description: "SSH port (default: 22)"
      },
      username: {
        type: "string",
        description: "SSH username"
      },
      password: {
        type: "string",
        description: "SSH password (if not using key-based authentication)"
      },
      privateKeyPath: {
        type: "string",
        description: "Path to private key file (if using key-based authentication)"
      },
      passphrase: {
        type: "string",
        description: "Passphrase for private key (if needed)"
      },
      connectionId: {
        type: "string",
        description: "Unique identifier for this connection (to reference in future commands)"
      }
    },
    required: ["host", "username"]
  }
},

src/index.ts:276-277 (registration)
Dispatches ssh_connect tool calls to the handleSSHConnect handler in the CallToolRequestSchema switch statement.
```
case 'ssh_connect':
  return this.handleSSHConnect(request.params.arguments);
```

src/index.ts:186-202 (schema)

Duplicate input schema for ssh_connect returned by the ListToolsRequestSchema handler.

{
  name: 'ssh_connect',
  description: 'Connect to a remote server via SSH',
  inputSchema: {
    type: 'object',
    properties: {
      host: { type: 'string', description: 'Hostname or IP address of the remote server' },
      port: { type: 'number', description: 'SSH port (default: 22)' },
      username: { type: 'string', description: 'SSH username' },
      password: { type: 'string', description: 'SSH password (if not using key-based authentication)' },
      privateKeyPath: { type: 'string', description: 'Path to private key file (if using key-based authentication)' },
      passphrase: { type: 'string', description: 'Passphrase for private key (if needed)' },
      connectionId: { type: 'string', description: 'Unique identifier for this connection' }
    },
    required: ['host', 'username']
  }
},

Tool Definition Quality

C2.9/5.0

Behavior2/5

Does the description disclose side effects, auth requirements, rate limits, or destructive behavior?

With no annotations provided, the description carries the full burden of behavioral disclosure. 'Connect' implies establishing a persistent session, but the description doesn't specify what happens after connection (e.g., whether it maintains state, returns a connection handle, or has timeout behavior). It mentions SSH but doesn't detail security implications, error handling, or what constitutes a successful connection.

Agents need to know what a tool does to the world before calling it. Descriptions should go beyond structured annotations to explain consequences.

Conciseness5/5

Is the description appropriately sized, front-loaded, and free of redundancy?

The description is a single, clear sentence that efficiently conveys the core function without unnecessary words. It's front-loaded with the essential action and resource, making it easy for an agent to parse. Every word earns its place in this minimal but complete statement.

Shorter descriptions cost fewer tokens and are easier for agents to parse. Every sentence should earn its place.

Completeness2/5

Given the tool's complexity, does the description cover enough for an agent to succeed on first attempt?

For a tool with 7 parameters, no annotations, and no output schema, the description is insufficient. It doesn't address what the tool returns (e.g., connection status, session ID), error conditions, or behavioral details like persistence. Given the complexity of SSH connections and the lack of structured metadata, the description should provide more operational context.

Complex tools with many parameters or behaviors need more documentation. Simple tools need less. This dimension scales expectations accordingly.

Parameters3/5

Does the description clarify parameter syntax, constraints, interactions, or defaults beyond what the schema provides?

Schema description coverage is 100%, so all parameters are documented in the schema. The description adds no additional parameter semantics beyond the basic action of connecting. It doesn't explain parameter interactions (e.g., password vs privateKeyPath) or provide context beyond what the schema already specifies. Baseline 3 is appropriate given high schema coverage.

Input schemas describe structure but not intent. Descriptions should explain non-obvious parameter relationships and valid value ranges.

Purpose4/5

Does the description clearly state what the tool does and how it differs from similar tools?

The description clearly states the action ('connect') and target ('to a remote server via SSH'), making the purpose immediately understandable. It distinguishes from siblings like ssh_disconnect or ssh_exec by specifying the connection establishment function. However, it doesn't explicitly differentiate from all SSH-related siblings beyond the basic verb.

Agents choose between tools based on descriptions. A clear purpose with a specific verb and resource helps agents select the right tool.

Usage Guidelines2/5

Does the description explain when to use this tool, when not to, or what alternatives exist?

The description provides no guidance on when to use this tool versus alternatives. It doesn't mention prerequisites like needing authentication credentials, nor does it explain when to choose this over other SSH tools like ssh_exec (which might handle both connection and command execution). The context is implied but not articulated.

Agents often have multiple tools that could apply. Explicit usage guidance like "use X instead of Y when Z" prevents misuse.

Install Server

Other Tools

Latest Blog Posts

Tool Definition Quality Score (TDQS)
By punkpeye on April 3, 2026.
mcp
The Hackers Who Tracked My Sleep Cycle
By punkpeye on March 26, 2026.
security
Open Source Has a Bot Problem
By punkpeye on March 19, 2026.
open source

MCP directory API

We provide all the information about MCP servers via our MCP API.

curl -X GET 'https://glama.ai/api/mcp/v1/servers/mixelpixx/SSH-MCP'

If you have feedback or need assistance with the MCP directory API, please join our Discord server