PostgreSQL SSH MCP Server
Provides tools for executing SQL queries, listing schemas, tables, and databases, describing table structure, and getting database connection status and statistics.
Click on "Install Server".
Wait a few minutes for the server to deploy. Once ready, it will show a "Started" state.
In the chat, type
@followed by the MCP server name and your instructions, e.g., "@PostgreSQL SSH MCP Servershow me a list of all tables"
That's it! The server will respond to your query, and you can continue using it as needed.
Here is a step-by-step guide with screenshots.
PostgreSQL SSH MCP Server
A secure PostgreSQL MCP server with built-in SSH tunneling. Connect to databases through bastion hosts automatically — no manual ssh -L required.
Features
Dual Transport — STDIO for Claude Desktop, Streamable HTTP for ChatGPT
SSH Tunneling — Built-in tunnel with auto-reconnect and TOFU (trust on first use)
Read-Only by Default — Safe for production; enable writes explicitly
OAuth Support — Auth0 integration for secure ChatGPT connections
Connection Pooling — Efficient resource management with configurable limits
Related MCP server: Postgres MCP Pro
Architecture

Quick Start
Claude Desktop (STDIO)
Add to your Claude Desktop config:
Platform | Config Location |
macOS |
|
Windows |
|
{
"mcpServers": {
"postgres": {
"command": "npx",
"args": ["-y", "@zlash65/postgresql-ssh-mcp"],
"env": {
"DATABASE_URI": "postgresql://user:password@localhost:5432/mydb"
}
}
}
}ChatGPT (Streamable HTTP)
DATABASE_URI="postgresql://user:pass@localhost:5432/mydb" npx @zlash65/postgresql-ssh-mcp-httpThen configure ChatGPT to connect to https://your-subdomain.example.com/mcp.
Note: ChatGPT requires HTTPS. Use a tunnel (ngrok, Cloudflare Tunnel) for local testing.
Available Tools
Query Tools
Tool | Description |
| Execute SQL with parameterized queries. Results capped by |
| Get EXPLAIN plans in text, JSON, YAML, or XML format. Supports ANALYZE. |
Schema Tools
Tool | Description |
| List database schemas. Excludes system schemas by default. |
| List tables with row counts and sizes. Optionally include views. |
| Get columns, constraints, and indexes for a table. |
| List all databases with owner, encoding, and size. |
Admin Tools
Tool | Description |
| Get pool stats, tunnel state, and connection info. |
| Show active connections from |
| Find queries running longer than a threshold. |
| Get PostgreSQL server version. |
| Get database size and largest tables. |
| Get vacuum/analyze stats and scan counts for a table. |
Environment Variables
Database Connection
Variable | Required | Default | Description |
| Yes* | — | Full connection string (e.g., |
| Yes* | — | Database hostname |
| No |
| Database port |
| Yes* | — | Database name |
| Yes* | — | Database username |
| Yes* | — | Database password |
*Either DATABASE_URI or all individual connection variables are required.
SSL Configuration
Variable | Default | Description |
| Auto |
|
| — | Path to CA certificate bundle |
|
| Set |
SSH Tunnel
Variable | Required | Default | Description |
| No |
| Set |
| Yes* | — | SSH server hostname |
| No |
| SSH server port |
| Yes* | — | SSH username |
| Yes** | — | Path to private key file |
| No | — | Passphrase for encrypted keys |
| Yes** | — | SSH password (alternative to key) |
| No |
| Verify host key against known_hosts |
| No |
| Auto-add unknown hosts (when strict is enabled) |
| No |
| Custom known_hosts file |
| No |
| Keepalive interval in milliseconds |
| No |
| Max reconnect attempts ( |
*Required when SSH_ENABLED=true
**Either SSH_PRIVATE_KEY_PATH or SSH_PASSWORD is required
Query Behavior
Variable | Default | Description |
|
| Block data modifications. Set |
|
| Maximum rows returned per query |
|
| Query timeout in milliseconds |
|
| Maximum concurrent queries |
|
| Timeout for draining pool during reconnect |
HTTP Server (Streamable HTTP only)
Variable | Default | Description |
|
| HTTP server port |
|
| HTTP server bind address |
|
| Authentication mode: |
|
| Stateless mode (each request re-initializes) |
|
| Server instances for stateless mode |
|
| Session TTL for stateful mode |
|
| Session cleanup interval |
| — | Comma-separated allowed CORS origins ( |
| — | Comma-separated allowed Host headers |
OAuth (Auth0)
Variable | Required | Description |
| Yes* | Auth0 tenant domain (e.g., |
| Yes* | Auth0 API identifier / audience |
| No | URL to API documentation (RFC 9728) |
*Required when MCP_AUTH_MODE=oauth
Documentation
Guide | Description |
Claude Desktop and local development | |
HTTP server setup and configuration | |
Deploy to production with nginx and SSL | |
Complete Auth0 OAuth setup for ChatGPT |
Docker
STDIO Server
docker build --target runtime -t postgresql-mcp .
docker run -e DATABASE_URI="postgresql://..." postgresql-mcpHTTP Server
docker build --target runtime-http -t postgresql-mcp-http .
docker run -p 3000:3000 -e DATABASE_URI="postgresql://..." postgresql-mcp-httpDevelopment
# Install dependencies
npm install
# Build
npm run build
# Run tests
npm test
# Type check
npm run typecheck
# Lint
npm run lintMaintenance
Resources
Unclaimed servers have limited discoverability.
Looking for Admin?
If you are the server author, to access and configure the admin panel.
Latest Blog Posts
- Your AI Chatbot Just Exposed Your CEO's Salary to an InternBy Om-Shree-0709 on .Agent IdentityMCP SecurityOAuth Delegation
- Why MCP Servers Need Execution Sandboxing (And Why Your Current Stack Isn't Enough)By Om-Shree-0709 on .Agentic AiPrompt InjectionWebAssembly
MCP directory API
We provide all the information about MCP servers via our MCP API.
curl -X GET 'https://glama.ai/api/mcp/v1/servers/Zlash65/postgresql-ssh-mcp'
If you have feedback or need assistance with the MCP directory API, please join our Discord server