mcp-ssh-tool
Server Configuration
Describes the environment variables required to run the server.
| Name | Required | Description | Default |
|---|---|---|---|
| LOG_LEVEL | No | Logging level for the server (error, warn, info, debug). | |
| KNOWN_HOSTS_PATH | No | Custom path to the known_hosts file for host key verification. | |
| SSH_DEFAULT_KEY_DIR | No | Custom directory to search for SSH keys. | |
| STRICT_HOST_KEY_CHECKING | No | Enable strict host key checking. Set to 'true' and optionally provide KNOWN_HOSTS_PATH to enforce verification. |
Capabilities
Features and capabilities supported by this server
| Capability | Details |
|---|---|
| tools | {} |
| prompts | {} |
| resources | {} |
Tools
Functions exposed to the LLM to take actions
| Name | Description |
|---|---|
| connector_statusA | Use this when ChatGPT or Claude needs to understand the remote connector profile, authentication mode, and credential broker readiness without exposing secrets. |
| ssh_hosts_listA | Use this when ChatGPT or Claude needs a safe list of SSH host aliases that may be inspected through the remote connector. Sensitive login material is omitted. |
| ssh_policy_explainA | Use this when ChatGPT or Claude needs to explain whether a requested SSH inspection or mutation would be allowed. This is explain-only and does not execute commands or open tunnels. |
| ssh_host_inspectA | Use this when ChatGPT or Claude needs read-only host inspection through the server-side credential broker. The user supplies only a configured host alias and selected checks; no secret material or login details are accepted. |
| ssh_mutation_planA | Use this when ChatGPT or Claude needs a non-executing plan for a remote SSH change. It never runs commands, writes files, uploads data, starts tunnels, or escalates privileges. |
| ssh_open_sessionB | Opens a new SSH session with authentication |
| ssh_close_sessionB | Closes an SSH session |
| ssh_list_sessionsA | Lists all active SSH sessions with their details |
| ssh_pingA | Checks if an SSH session is still alive and responsive |
| ssh_list_configured_hostsA | Lists all hosts configured in ~/.ssh/config |
| ssh_resolve_hostA | Resolves a host alias from ~/.ssh/config to connection parameters |
| proc_execA | Executes a non-interactive command on the remote system after policy and safety checks |
| proc_sudoA | Executes a command with sudo privileges only when allowRawSudo policy permits it |
| proc_exec_streamA | Executes a command and returns streaming output chunks |
| fs_readB | Reads a file from the remote system |
| fs_writeB | Writes data to a file on the remote system |
| fs_statA | Gets file or directory statistics |
| fs_listC | Lists directory contents |
| fs_mkdirpA | Creates directories recursively |
| fs_rmrfA | Removes files or directories recursively |
| fs_renameB | Renames or moves a file/directory |
| ensure_packageC | Ensures a package is installed or removed |
| ensure_serviceB | Ensures a service is in the desired state |
| ensure_lines_in_fileA | Ensures specific lines are present or absent in a file |
| patch_applyB | Applies a patch to a file |
| os_detectA | Detects operating system and environment information |
| get_metricsA | Returns server metrics including session counts, command statistics, and uptime |
| file_uploadB | Uploads a local file to the remote host over SFTP |
| file_downloadA | Downloads a remote file to the local machine over SFTP |
| tunnel_local_forwardC | Creates a local SSH port forward |
| tunnel_remote_forwardC | Creates a remote SSH port forward |
| tunnel_closeB | Closes an active tunnel |
| tunnel_listA | Lists active tunnels, optionally filtered by session |
Prompts
Interactive templates invoked by user choice
| Name | Description |
|---|---|
| safe-connect | Open an SSH session using strict host-key verification and explain the safety posture. |
| inspect-host-capabilities | Detect OS, package manager, init system, SFTP availability, and active policy. |
| plan-mutation | Use explain mode and policy resources to summarize a risky remote change first. |
| managed-config-change | Read a config, produce a minimal patch, dry-run it, and apply only if policy allows it. |
Resources
Contextual data attached and managed by the client
| Name | Description |
|---|---|
| Active SSH sessions | Current in-memory SSH sessions tracked by the session manager |
| Metrics snapshot | Current runtime metrics in JSON format |
| Prometheus metrics | Prometheus-formatted metrics export |
| Configured SSH hosts | Parsed host aliases from the local ~/.ssh/config cache |
| Effective safety policy | Current command, path, host, and privilege policy after env/file overrides |
| Recent audit events | Recent policy and high-risk operation audit events |
| Support matrix | Supported and experimental host capabilities for this server |
Latest Blog Posts
MCP directory API
We provide all the information about MCP servers via our MCP API.
curl -X GET 'https://glama.ai/api/mcp/v1/servers/oaslananka/mcp-ssh-tool'
If you have feedback or need assistance with the MCP directory API, please join our Discord server