mcp-server-sftp
Click on "Install Server".
Wait a few minutes for the server to deploy. Once ready, it will show a "Started" state.
In the chat, type
@followed by the MCP server name and your instructions, e.g., "@mcp-server-sftplist files in /var/www/html"
That's it! The server will respond to your query, and you can continue using it as needed.
Here is a step-by-step guide with screenshots.
mcp-server-sftp
A fast Model Context Protocol (MCP) server that exposes an SFTP connection as tools — read, write, delete, list, mkdir, rmdir, rename, upload, download, stat, exists — plus pipelined batch tools (write_many, delete_many, upload_many, download_many) and a sync_dir for folder deploys.
It speaks SFTP over raw ssh2, so it works even against chrooted, SFTP-only accounts (ForceCommand internal-sftp, i.e. hosts with no shell exec). An optional write-path guard restricts mutating operations to a subtree.
Features
Full file ops over SFTP — including
delete/rmdir, which many SSH MCP servers omit.Batch + concurrent —
*_manytools andsync_dirissue many requests in flight on a single channel, so bulk operations collapse from N × round-trips to ~1 × round-trip. On a high-latency link this is an order of magnitude faster (see Performance).Works on shell-less hosts — no
execrequired; pure SFTP subsystem.Write guard —
SFTP_ALLOWED_PREFIXrefuses writes/deletes/renames outside a chosen subtree (reads stay unrestricted). Applied per item in batch tools.Warm, reused connection — one
ssh2client + SFTP channel is opened at startup and reused, with automatic reconnect on drop, so the first tool call doesn't pay the SSH handshake.Credentials via env only — nothing is hard-coded; supports password or private-key auth.
Related MCP server: Filesystem MCP Server
Requirements
Node.js >= 18
An SSH/SFTP account on the target host
Installation
git clone https://github.com/wpfyorg/mcp-server-sftp.git
cd mcp-server-sftp
npm installConfiguration
The server is configured entirely through environment variables:
Variable | Required | Default | Description |
| yes | — | Hostname or IP of the SFTP server |
| yes | — | SSH/SFTP username |
| * | — | Password auth (required unless using a key) |
| no |
| SSH port |
| * | — | Path to a private key file (alternative to password) |
| no | — | Passphrase for the private key, if any |
| no | (none) | If set, writes/deletes/renames must be under this absolute path |
| no |
|
|
| no |
| SSH handshake timeout (ms) |
| no |
| Max in-flight operations per batch/ |
| no |
| Parallel chunks for |
| no |
| Chunk size in bytes for |
* Provide at least one of SFTP_PASSWORD or SFTP_PRIVATE_KEY.
MCP client configuration
Add the server to your MCP client config (e.g. Cursor .cursor/mcp.json, Claude Desktop, etc.):
{
"mcpServers": {
"sftp": {
"command": "node",
"args": ["/absolute/path/to/mcp-server-sftp/index.mjs"],
"env": {
"SFTP_HOST": "203.0.113.10",
"SFTP_PORT": "22",
"SFTP_USER": "deploy",
"SFTP_PASSWORD": "••••••••",
"SFTP_ALLOWED_PREFIX": "/var/www/html/wp-content"
}
}
}
}Tools
Tool | Arguments | Notes |
|
| List a directory (read-only) |
|
| Read a text file; refuses files > |
|
| Write/overwrite a text file |
|
| Delete a file |
|
| Create a directory |
|
| Remove a directory |
|
| Rename/move (destination is guarded) |
|
| Upload a local file (binary-safe) |
|
| Download to a local path |
|
| Stat a path (read-only) |
|
| Returns |
|
| Write many text files in parallel |
|
| Delete many files in parallel |
|
| Upload many local files in parallel |
|
| Download many files in parallel |
|
| Sync a local folder to remote (upload missing/changed/newer; optional delete of orphans) |
All paths must be absolute. Mutating tools (write, delete, mkdir, rmdir, rename, upload, all *_many, sync_dir) are subject to SFTP_ALLOWED_PREFIX when set; reads are always allowed. Batch tools return a per-item PASS/FAIL summary and report isError if any item failed.
Performance
The physical floor on a remote host is network round-trip time (RTT), and every SFTP operation costs several sequential round-trips. Against a host ~311 ms away, issuing operations one at a time is what makes a "deploy" feel slow — not the byte count.
SFTP allows many requests in flight on a single channel, so the batch tools and sync_dir pipeline their work over the one warm connection. Measured on the ~311 ms host (10 tiny files, raw ssh2):
Workload | Sequential | Pipelined (batch tool) | Speed-up |
write × 10 | ~25.6 s | ~2.2 s | ~11× |
stat × 10 | ~8.9 s | ~0.9 s | ~10× |
delete × 10 | ~6 s | ~2.0 s | ~3× |
Rule of thumb: N files done sequentially ≈ N × RTT; done in one batch ≈ 1 × RTT. For a real folder deploy, prefer sftp_sync_dir (or a *_many tool) over a loop of single calls.
Notes:
The warm connection means the one-time SSH handshake is paid at startup, not on your first tool call.
Beyond pipelining, the only way past the RTT floor is to run the server near the host (same region/datacenter, RTT → ~1 ms) — an infrastructure change, out of scope for this server.
Security notes
Credentials are read from the environment — keep them in your MCP client config or a secrets manager, not in source.
SFTP_ALLOWED_PREFIXis defense-in-depth on top of the server's own filesystem permissions; set it to the narrowest writable subtree you need.The server never invokes a shell; it uses the SFTP subsystem only.
License
MIT
This server cannot be installed
Maintenance
Resources
Unclaimed servers have limited discoverability.
Looking for Admin?
If you are the server author, to access and configure the admin panel.
Latest Blog Posts
- Your AI Chatbot Just Exposed Your CEO's Salary to an InternBy Om-Shree-0709 on .Agent IdentityMCP SecurityOAuth Delegation
- Why MCP Servers Need Execution Sandboxing (And Why Your Current Stack Isn't Enough)By Om-Shree-0709 on .Agentic AiPrompt InjectionWebAssembly
MCP directory API
We provide all the information about MCP servers via our MCP API.
curl -X GET 'https://glama.ai/api/mcp/v1/servers/wpfyorg/mcp-server-sftp'
If you have feedback or need assistance with the MCP directory API, please join our Discord server