ssh-shell-mcp
Provides tools to inspect and manage Docker containers on remote hosts via SSH, enabling operations like listing containers, viewing logs, and executing commands within containers.
Provides tools to create, list, send commands to, and kill tmux sessions on remote hosts, enabling persistent terminal multiplexing sessions managed by an AI agent.
Click on "Install Server".
Wait a few minutes for the server to deploy. Once ready, it will show a "Started" state.
In the chat, type
@followed by the MCP server name and your instructions, e.g., "@ssh-shell-mcpcheck disk usage on all hosts"
That's it! The server will respond to your query, and you can continue using it as needed.
Here is a step-by-step guide with screenshots.
ssh-shell-mcp
AI-native SSH orchestration for security engineers, DevSecOps, and sysadmins.
57+ MCP tools. Async. Audited. Built on AsyncSSH + FastMCP.
What it does
ssh-shell-mcp turns any SSH-accessible host into a fully agentic target. Connect Claude (or any MCP-compatible AI agent) to your infrastructure, then let the agent execute commands, triage incidents, orchestrate fleets, manage tunnels, and audit operations — all over SSH, with no credentials in prompts and a full audit trail.
┌─────────────┐ MCP (stdio/HTTP) ┌──────────────────┐
│ Claude / │ ◄──────────────────────────► │ ssh-shell-mcp │
│ AI Agent │ │ (this server) │
└─────────────┘ └────────┬─────────┘
│ AsyncSSH
┌───────────┼───────────┐
web01 db01 jump01Related MCP server: mcp-ssh-tool
Why ssh-shell-mcp?
Feature | ssh-shell-mcp | Ansible | Fabric | Paramiko |
AI agent / MCP native | ✅ | ❌ | ❌ | ❌ |
Async connection pool | ✅ | ❌ | ❌ | ❌ |
Built-in audit log | ✅ | partial | ❌ | ❌ |
Security policy gate | ✅ | ❌ | ❌ | ❌ |
Persistent shell sessions | ✅ | ❌ | ❌ | ❌ |
Live SOCKS5 / tunnel mgmt | ✅ | ❌ | ❌ | ❌ |
Zero-dependency config | ✅ | ❌ | ❌ | ✅ |
Fleet health checks | ✅ | ✅ | ❌ | ❌ |
Use Cases
🔵 Blue Team / Incident Response
Ask Claude to
ssh_journalctlacross all production hosts for a suspicious PID, thenssh_killitRun
ssh_health_check_fleetto instantly see which hosts went dark after an incidentUse
ssh_operation_history+ssh_audit_statsto reconstruct what an agent did during triagessh_playbook_on_groupto push a hardenedsshd_configto the entirelinuxhost group
🔴 Red Team / Authorized Testing (own systems only)
ssh_socks_proxythrough a jump host for proxychains-style traffic routingssh_port_forwardto expose internal services for enumeration during authorized assessmentsssh_reverse_tunnelto create C2-style callbacks on lab environmentsssh_tmux_sendto drive interactive sessions from an AI agent
⚙️ DevSecOps / Fleet Automation
Rolling deployments with
ssh_rolling— zero-downtime, stop-on-failurePush secrets via
ssh_run_with_env— never in command stringsssh_syncconfig directories, thenssh_playbookto restart affected servicesGroup hosts by
tags(e.g.web,database,staging) and broadcast commands to each tier
Quickstart
git clone https://github.com/jaguar999paw-droid/ssh-shell-mcp.git
cd ssh-shell-mcp
python3 -m venv .venv && source .venv/bin/activate
pip install -r requirements.txt
cp config.example.json config.json # fill in your hosts
python server.py --transport stdioAdd to claude_desktop_config.json:
{
"mcpServers": {
"ssh-shell": {
"command": "/path/to/ssh-shell-mcp/.venv/bin/python",
"args": ["server.py", "--transport", "stdio"],
"env": {
"SSH_HOSTS_YAML": "/path/to/ssh-shell-mcp/config/hosts.yaml"
}
}
}
}🚀 Non-Docker Setup (Complete Guide)
For users who prefer native installation without Docker, follow these step-by-step instructions.
Prerequisites
Before starting, ensure you have:
Python 3.10 or higher — Check:
python3 --versionpip (Python package manager) — Check:
pip3 --versionSSH client — Usually pre-installed on macOS/Linux; on Windows, install Git Bash or WSL2
SSH keys — Have an SSH public key in
~/.ssh/id_ed25519(orid_rsa). Generate one if needed.SSH-accessible hosts — At least one remote server you can connect to via SSH
Step 1: Clone the Repository
git clone https://github.com/jaguar999paw-droid/ssh-shell-mcp.git
cd ssh-shell-mcpStep 2: Create a Virtual Environment
Isolate dependencies in a virtual environment:
python3 -m venv .venvActivate it:
On macOS/Linux:
source .venv/bin/activateOn Windows (Git Bash):
source .venv/Scripts/activateOn Windows (PowerShell):
.\.venv\Scripts\Activate.ps1You should see (.venv) appear in your shell prompt.
Step 3: Install Dependencies
pip install --upgrade pip setuptools wheel
pip install -r requirements.txtThis installs:
asyncssh— Async SSH librarymcp&fastmcp— Model Context Protocol frameworkpyyaml— Configuration file parsingpytest— Testing framework
Step 4: Configure Your SSH Hosts
Create a configuration file defining which SSH targets to connect to:
cp config.example.json config.jsonEdit config.json with your SSH hosts:
{
"hosts": {
"web01": {
"host": "192.168.1.100",
"port": 22,
"user": "deploy",
"key_path": "~/.ssh/id_ed25519",
"tags": ["web", "production"]
},
"db01": {
"host": "192.168.1.200",
"port": 22,
"user": "deploy",
"key_path": "~/.ssh/id_ed25519",
"tags": ["database", "production"]
},
"localhost": {
"host": "127.0.0.1",
"port": 22,
"user": "$(whoami)",
"key_path": "~/.ssh/id_ed25519",
"tags": ["local", "testing"]
}
}
}Key fields:
host— IP address or domain of the SSH serverport— SSH port (default: 22)user— SSH usernamekey_path— Path to your SSH private key (e.g.~/.ssh/id_ed25519)tags— Arbitrary labels for grouping hosts (e.g. web, database, production)
Step 5: Test SSH Connectivity
Before connecting via MCP, verify SSH works:
ssh -i ~/.ssh/id_ed25519 deploy@192.168.1.100 'echo "✓ SSH works!"'If you get Permission denied, check:
SSH key file permissions:
chmod 600 ~/.ssh/id_ed25519SSH server is running on the target host
User credentials are correct in
config.jsonFirewall isn't blocking port 22
Step 6: Start the Server
Run the server in stdio mode (for Claude Desktop):
python server.py --transport stdioYou should see:
[ssh-shell-mcp] INFO Starting MCP server in stdio mode
[ssh-shell-mcp] INFO Loaded config from config.json
[ssh-shell-mcp] INFO Registered 3 hosts: web01, db01, localhostThe server is now ready to accept MCP connections. Leave this terminal open.
Step 7: Connect to Claude Desktop
In a new terminal, find the full path to your Python executable:
which python # or 'python' depending on your setup
# Output: /Users/you/projects/ssh-shell-mcp/.venv/bin/pythonCopy the path (e.g., /Users/you/projects/ssh-shell-mcp/.venv/bin/python).
Edit your Claude Desktop configuration file:
On macOS:
nano ~/Library/Application\ Support/Claude/claude_desktop_config.jsonOn Linux:
nano ~/.config/Claude/claude_desktop_config.jsonOn Windows:
notepad %APPDATA%\Claude\claude_desktop_config.jsonAdd or update the mcpServers section:
{
"mcpServers": {
"ssh-shell": {
"command": "/Users/you/projects/ssh-shell-mcp/.venv/bin/python",
"args": ["server.py", "--transport", "stdio"],
"env": {
"SSH_HOSTS_YAML": "/Users/you/projects/ssh-shell-mcp/config/hosts.yaml"
}
}
}
}Replace /Users/you/projects/ssh-shell-mcp/ with your actual repository path.
Step 8: Restart Claude Desktop
Fully restart Claude Desktop for the new MCP server to load:
Quit Claude completely
Wait 2 seconds
Reopen Claude
You should see a hammer icon (🔨) or settings gear in the Claude interface — click it to verify the server loaded.
Step 9: Test a Tool
In Claude, try:
Can you list the files in /tmp on web01?Claude will use the ssh_ls tool to run ls /tmp on web01 via SSH. Watch the terminal running server.py to see the command executed with full audit logging.
Troubleshooting
Issue | Solution |
| Ensure venv is activated: |
| Check SSH key permissions: |
| Verify |
MCP server not showing in Claude | Restart Claude Desktop completely (not just app minimize) |
| Verify SSH server is running on target: |
| SSH host unknown. Accept the key: |
Next Steps
Read the tool reference for all 57 available tools
Review SECURITY.md for production hardening
Check CONTRIBUTING.md if you want to extend the server
Tool Categories (57 tools)
# | Category | Tools |
1 | Shell execution |
|
2 | Persistent sessions |
|
3 | File management |
|
4 | Process management |
|
5 | System inspection |
|
6 | Fleet orchestration |
|
7 | Tunnels & proxies |
|
8 | Security controls |
|
9 | Host registry |
|
10 | Health & observability |
|
11 | tmux |
|
Configuration
config/hosts.yaml — registers your SSH targets:
hosts:
web01:
host: 192.168.1.100
port: 22
user: deploy
key: ~/.ssh/id_ed25519
tags: [web, production]
db01:
host: 192.168.1.200
port: 22
user: deploy
key: ~/.ssh/id_ed25519
tags: [database, production]config/policies.yaml — security policy (host allowlist + command blocklist):
policies:
host_allowlist: [] # empty = all registered hosts permitted
command_blocklist:
- "rm -rf /"
- "rm -rf /*"
- "mkfs*"
- ":(){:|:&};:" # fork bombNever commit
hosts.yaml— it contains real credentials. It is already in.gitignore. Usehosts.example.yamlas a template.
Environment Variables
Variable | Description | Default |
| Path to hosts config |
|
| Path to security policy config |
|
| Directory for audit logs |
|
| Bearer token for HTTP transport | (none) |
Security Design
Key-based auth only — password auth is intentionally unsupported.
Policy gate on every tool —
_gate()checks host allowlist and command blocklist before any execution.Full audit log — every operation is recorded with host, command, result, and timestamp.
No outbound telemetry — the server connects only to your configured SSH targets.
stdio default — no network port opened on the MCP host by default.
Running targets behind a VPN (e.g. Tailscale) is strongly recommended.
See SECURITY.md for vulnerability reporting.
Running Tests
# Integration tests — requires SSH server on localhost
TEST_USER=$USER TEST_KEY_PATH=~/.ssh/id_ed25519 pytest tests/ -vTests cover: exec, file transfer, persistent sessions, fleet orchestration, and tunnels.
They use real SSH connections — no mocking.
HTTP Transport (remote agents)
MCP_AUTH_TOKEN=your-secret python server.py --transport streamable_http --port 8000The server exposes /mcp with Bearer token authentication. Suitable for remote AI agents over a private network.
Alternative Interfaces
Beyond stdio/HTTP MCP transport, this repo also includes:
web_server.py— a FastAPI wrapper exposing all tools as a REST API (/api/tools,/api/ssh-shell-mcp/call,/api/ssh-shell-mcp/exec), with Swagger docs at/docs. Useful for browser-based or non-MCP integrations.copilot_bridge.py— a lightweight FastMCP bridge exposing a curated subset of tools (ssh_exec,ssh_list_hosts,ssh_register_host,ssh_process_list,ssh_system_info) for GitHub Copilot Chat / VS Code, routed throughweb_server.pyover HTTP.
Both are optional — the primary interface remains the stdio MCP server (server.py). See ARCHITECTURE.md for the full startup-performance redesign (lazy connection loading, concurrent-startup fixes, and a recommended fast/slow server split for Claude Desktop configs).
Project Structure
ssh-shell-mcp/
├── server.py # MCP entrypoint — all 57 tools
├── server/
│ ├── connection_manager.py # AsyncSSH connection pool
│ ├── session_manager.py # Persistent shell sessions
│ ├── shell_engine.py # Core command execution
│ ├── file_ops.py # SFTP file operations
│ ├── process_manager.py # Process lifecycle
│ ├── system_inspector.py # System info, logs, Docker
│ ├── network_tools.py # Tunnel manager
│ ├── orchestrator.py # Multi-host execution
│ ├── audit.py # Audit log
│ └── security.py # Policy enforcement
├── config.example.json
├── requirements.txt
├── Dockerfile
├── docker-compose.yml
└── SECURITY.mdFor per-tool parameter documentation see docs/tools.md.
⚠️ Legal Notice
This tool provides programmatic SSH access to remote systems. Use only on systems you own or have explicit written authorization to access. Unauthorized access to computer systems is illegal in most jurisdictions.
🔐 Cryptography Notice
This software uses the SSH protocol, which relies on cryptographic algorithms. Export, import, and use may be restricted in some jurisdictions. See the Wassenaar Arrangement for reference.
License
This server cannot be installed
Maintenance
Resources
Unclaimed servers have limited discoverability.
Looking for Admin?
If you are the server author, to access and configure the admin panel.
Latest Blog Posts
- Your AI Chatbot Just Exposed Your CEO's Salary to an InternBy Om-Shree-0709 on .Agent IdentityMCP SecurityOAuth Delegation
- Why MCP Servers Need Execution Sandboxing (And Why Your Current Stack Isn't Enough)By Om-Shree-0709 on .Agentic AiPrompt InjectionWebAssembly
MCP directory API
We provide all the information about MCP servers via our MCP API.
curl -X GET 'https://glama.ai/api/mcp/v1/servers/jaguar999paw-droid/ssh-shell-mcp'
If you have feedback or need assistance with the MCP directory API, please join our Discord server