74
/ 100
13 days ago
glama

ssh-mcp-pro

ssh-mcp-pro is a secure Model Context Protocol (MCP) server for SSH automation, enabling clients to open SSH sessions, run commands, manage files, transfer artifacts, create tunnels, and perform package/service operations under policy control.

Is this your MCP?

Claim it to get a verified publisher badge, a free copy of our full audit findings, and direct contact for any high-priority issues we find.

Install from

M8ven verifies MCPs across every public registry — install directly from whichever one you prefer.

// key findings
No credential exfiltration, no sensitive file access, no obfuscation
Static analysis found nothing flowing your secrets to unexpected places.
Open source with a license and README
Anyone can audit the code, the license is declared, and the publisher documents what it does.
🔐
You'll be asked for 3 credentials: GITHUB_CLIENT_SECRET, SSH_MCP_HTTP_BEARER_TOKEN, SSH_MCP_STRICT_HOST_KEY
These are read from process.env at runtime. Make sure you trust where they’ll be sent.
// required environment variables
This server reads these from process.env. You'll be asked to provide them before it can run.
configACCESS_TOKEN_TTL_SECONDS
configAGENT_WS_PATH
configAUTH_ALLOWED_GITHUB_IDS
configAUTH_ALLOWED_GITHUB_LOGINS
configAUTH_ALLOW_ALL_USERS
configAUTH_CODE_TTL_SECONDS
configCOMMIT_RANGE
configCONTROL_PLANE_SIGNING_KEY_PATH
configComSpec
configDATABASE_URL
configENROLLMENT_TOKEN_TTL_SECONDS
configGITHUB_CALLBACK_URL
configGITHUB_CLIENT_ID
🔐 secretGITHUB_CLIENT_SECRET
configGITHUB_PR_TITLE
configGITHUB_STEP_SUMMARY
configJWT_SIGNING_KEY_PATH
configKNOWN_HOSTS_PATHThe parser also accepts non-SSH_MCP_ compatibility aliases PORT, , and STRICT_HOST_KEY_CHECKING.
configLOG_FORMAT
configLOG_LEVEL
configMAX_ACTION_TIMEOUT_SECONDS
configMAX_OUTPUT_BYTES
configMCP_RESOURCE_URL
configOAUTH_DCR_MAX_CLIENTS
configPORTThe parser also accepts non-SSH_MCP_ compatibility aliases , KNOWN_HOSTS_PATH, and STRICT_HOST_KEY_CHECKING.
configPR_TITLE
configPUBLIC_BASE_URL
configRUN_SSH_E2E
configRUN_SSH_INTEGRATION
configSSHAUTOMATOR_AGENT_CONFIG
configSSHAUTOMATOR_DATABASE_URL
configSSHAUTOMATOR_GITHUB_CALLBACK_URL
configSSHAUTOMATOR_MCP_RESOURCE_URL
configSSHAUTOMATOR_PUBLIC_BASE_URL
configSSHAUTOMATOR_REMOTE_AGENT_CONTROL_PLANE
configSSHAUTOMATOR_TEST_GITHUB_ID
configSSHAUTOMATOR_TEST_GITHUB_LOGIN
configSSH_AUTH_SOCK
configSSH_DEFAULT_KEY_DIR
configSSH_FIXTURE_TIMEOUT_MS
configSSH_FIXTURE_UP_ATTEMPTS
configSSH_FIXTURE_UP_RETRY_DELAY_MS
configSSH_MCP_ALLOWED_CIPHERSempty Optional SSH cipher allowlist.
configSSH_MCP_ALLOWED_HOSTSempty Host allowlist for policy and remote connector safety checks.
configSSH_MCP_ALLOW_DESTRUCTIVE_COMMANDSfalse Allows commands matching destructive command policy.
configSSH_MCP_ALLOW_DESTRUCTIVE_FSfalse Allows destructive filesystem operations such as fs_rmrf.
configSSH_MCP_ALLOW_RAW_SUDOfalse Allows raw proc_sudo; prefer ensure_ tools.
configSSH_MCP_ALLOW_ROOT_LOGINfalse Allows SSH login as root and mirrors into policy.
configSSH_MCP_CHATGPT_EXTRA_TOOLS
configSSH_MCP_CLAUDE_EXTRA_TOOLS
configSSH_MCP_COMMAND_ALLOWempty Command allow patterns.
configSSH_MCP_COMMAND_DENYempty Command deny patterns.
configSSH_MCP_COMMAND_TIMEOUT30000 Default remote command timeout in milliseconds.
configSSH_MCP_CONNECTOR_CREDENTIAL_COMMANDunset External credential command when provider is command.
configSSH_MCP_CONNECTOR_CREDENTIAL_COMMAND_ARGSempty Arguments passed to the external credential command.
configSSH_MCP_CONNECTOR_CREDENTIAL_COMMAND_TIMEOUT_MS5000 Credential command timeout in milliseconds.
configSSH_MCP_CONNECTOR_CREDENTIAL_PROVIDERnone Credential provider: none, agent, or command.
configSSH_MCP_CONNECTOR_DEFAULT_USERNAMEunset Default username for connector broker flows.
configSSH_MCP_CONNECTOR_PROFILEfull Alias for SSH_MCP_TOOL_PROFILE.
configSSH_MCP_DAEMON
configSSH_MCP_DEBUGfalse Enables debug-oriented configuration behavior.
configSSH_MCP_ENABLE_LEGACY_SSEfalse Enables legacy SSE compatibility.
configSSH_MCP_HOST_KEY_POLICYstrict Host-key mode: strict, accept-new, or insecure.
configSSH_MCP_HTTP_ALLOWED_ORIGINS
configSSH_MCP_HTTP_AUTH_MODEbearer HTTP auth mode: bearer or oauth.
🔐 secretSSH_MCP_HTTP_BEARER_TOKEN
configSSH_MCP_HTTP_BEARER_TOKEN_FILEunset Bearer token file for HTTP transport. Required for non-loopback bearer deployments.
configSSH_MCP_HTTP_HOST127.0.0.1 Streamable HTTP bind host.
configSSH_MCP_HTTP_MAX_REQUEST_BODY_BYTES1048576 Maximum HTTP request body size.
configSSH_MCP_HTTP_MAX_SESSIONS
configSSH_MCP_HTTP_PORT3000 Streamable HTTP bind port.
configSSH_MCP_HTTP_PUBLIC_URLunset Stable public HTTPS MCP URL for protected resource metadata.
configSSH_MCP_HTTP_SESSION_IDLE_TTL_MS900000 HTTP MCP session idle timeout in milliseconds. Use 300000 for ChatGPT/Cloudflare production deployments where clients may abandon sessions without DELETE.
configSSH_MCP_HTTP_TRUST_PROXYfalse Trust reverse proxy forwarded headers.
configSSH_MCP_KNOWN_HOSTS_PATH~/.ssh/known_hosts Known hosts file used for strict host-key verification.
configSSH_MCP_LOCAL_PATH_ALLOW_PREFIXESOS temp directory Local paths allowed for transfer operations.
configSSH_MCP_LOCAL_PATH_DENY_PREFIXESempty Local paths denied for transfer operations.
configSSH_MCP_MAX_COMMAND_OUTPUT_BYTES1048576 Maximum buffered stdout/stderr bytes per command result.
configSSH_MCP_MAX_FILE_SIZE10485760 Maximum bytes returned by text-focused file reads.
configSSH_MCP_MAX_FILE_WRITE_BYTES10485760 Maximum accepted write payload before buffering.
configSSH_MCP_MAX_SESSIONS20 Maximum concurrent SSH sessions.
configSSH_MCP_MAX_STREAM_CHUNKS4096 Maximum retained streaming chunks.
configSSH_MCP_MAX_TRANSFER_BYTES52428800 Maximum upload or download transfer size.
configSSH_MCP_OAUTH_ALLOWED_ALGORITHMSunset Optional comma-separated JWT algorithm allowlist, for example RS256,ES256. When unset, the built-in OAuth verifier defaults are used.
configSSH_MCP_OAUTH_AUDIENCEunset Expected OAuth audience.
configSSH_MCP_OAUTH_ISSUERunset Expected OAuth issuer.
configSSH_MCP_OAUTH_JWKS_URLunset OAuth JWKS URL.
configSSH_MCP_OAUTH_REQUIRED_SCOPESssh-mcp-pro.read Required OAuth scopes.
configSSH_MCP_OAUTH_RESOURCEunset OAuth protected resource identifier.
configSSH_MCP_ONESHOT
configSSH_MCP_PATH_ALLOW_PREFIXES/tmp,/var/tmp,/home,/Users Remote path prefixes allowed by filesystem policy.
configSSH_MCP_PATH_DENY_PREFIXES/etc/sudoers,/etc/shadow,/etc/passwd,/boot,/dev,/proc Remote path prefixes denied by filesystem policy.
configSSH_MCP_POLICY_FILEunset JSON file containing partial policy overrides.
configSSH_MCP_POLICY_MODEenforce Policy decision mode: enforce or explain.
configSSH_MCP_RATE_LIMITtrue Enables the global MCP request rate limiter.
configSSH_MCP_RATE_LIMIT_MAX100 Maximum requests per rate-limit window.
configSSH_MCP_RATE_LIMIT_PER_SESSIONtrue Enables per-session MCP request rate limiting when tool arguments include sessionId.
configSSH_MCP_RATE_LIMIT_PER_SESSION_MAX50 Maximum requests per SSH session per rate-limit window.
configSSH_MCP_RATE_LIMIT_PER_SESSION_WINDOW_MS60000 Per-session rate-limit window in milliseconds.
configSSH_MCP_RATE_LIMIT_WINDOW_MS60000 Rate-limit window in milliseconds.
configSSH_MCP_REMOTE_AGENT_CONTROL_PLANE
configSSH_MCP_REMOTE_AGENT_MCP_PASSTHROUGHunset When enabled with 1, true, yes, or on, lets /mcp requests bypass the remote control plane and reach the Streamable HTTP MCP handler. Use only for connector routing migrations.
configSSH_MCP_SESSION_TTL900000 Session time-to-live in milliseconds.
🔐 secretSSH_MCP_STRICT_HOST_KEYunset Legacy boolean alias for strict vs insecure host-key checking.
configSSH_MCP_TOOL_PROFILEfull Active tool exposure profile.
configSSH_MCP_TUNNEL_ALLOW_BIND_HOSTS127.0.0.1,localhost,::1 Local bind hosts allowed for tunnels.
configSSH_MCP_TUNNEL_ALLOW_PORTSempty Optional tunnel port allowlist.
configSSH_MCP_TUNNEL_ALLOW_REMOTE_HOSTSempty Optional remote tunnel target host allowlist.
configSSH_MCP_TUNNEL_DENY_BIND_HOSTS0.0.0.0,:: Local bind hosts denied for tunnels.
configSSH_MCP_TUNNEL_DENY_PORTSempty Optional tunnel port denylist.
configSSH_MCP_TUNNEL_DENY_REMOTE_HOSTSempty Optional remote tunnel target host denylist.
configSTRICT_HOST_KEY_CHECKINGThe parser also accepts non-SSH_MCP_ compatibility aliases PORT, KNOWN_HOSTS_PATH, and .
// full audit trail
The full breakdown of what we checked, the deductions that landed, the network hosts, the dependency advisories, and concrete fix guidance is available to verified publishers.
// improvement guidance — verified publishers only
We have 1 concrete improvement we can share with the publisher of this MCP. Each comes with specific guidance to raise the trust score.
// embed badge in your README
[![M8ven Score](https://m8ven.ai/badge/mcp/oaslananka-ssh-mcp-pro-1lwwxm)](https://m8ven.ai/mcp/oaslananka-ssh-mcp-pro-1lwwxm)
commit: 58f0104122d7ee17e72dd3eb35064e6e55cd35db
code hash: aa2815ae264ac81700099cce339219e8967e1aea1f5caca6efb0564ef6be1ce3
verified: 6/29/2026, 11:18:56 AM
view raw JSON →