MCP SSH Server: 37 tools for remote SSH management | Claude Code & OpenAI Codex | DevOps automation, backups, database operations, health monitoring
Config is the same across clients — only the file and path differ.
{
"mcpServers": {
"ssh-manager": {
"args": [
"/path/to/mcp-ssh-manager/src/index.js"
],
"command": "node",
"autoApprove": [
"mcp__ssh-manager__ssh_execute",
"mcp__ssh-manager__ssh_list_servers",
"mcp__ssh-manager__ssh_upload",
"mcp__ssh-manager__ssh_download",
"mcp__ssh-manager__ssh_sync",
"mcp__ssh-manager__ssh_alias"
]
}
}
}Are you the author?
Add this badge to your README to show your security score and help users find safe servers.
A Model Context Protocol (MCP) server that enables Claude Code and OpenAI Codex to manage multiple SSH connections. Execute commands, transfer files, manage databases, create backups, monitor health, and automate DevOps tasks across your servers — directly from your AI assistant.
This server supports HTTP transport. Be the first to test it — help the community know if it works.
Five weighted categories — click any category to see the underlying evidence.
No known CVEs.
Checked support against OSV.dev.
Click any tool to inspect its schema.
Be the first to review
Have you used this server?
Share your experience — it helps other developers decide.
Sign in to write a review.
Others in devops
MCP server for using the GitLab API
MCP Server for kubernetes management commands
MCP server for Dynatrace Managed to access logs, events, and metrics.
MCP server for no-payment x402 surface triage, 402 Index health checks, and paid review handoff.
MCP Security Weekly
Get CVE alerts and security updates for Mcp Ssh Manager and similar servers.
Start a conversation
Ask a question, share a tip, or report an issue.
Sign in to join the discussion.
A Model Context Protocol (MCP) server that enables Claude Code and OpenAI Codex to manage multiple SSH connections. Execute commands, transfer files, manage databases, create backups, monitor health, and automate DevOps tasks across your servers — directly from your AI assistant.
🔗 Per-server SSH agent forwarding (ForwardAgent) (Released: July 13, 2026)
FORWARD_AGENT / forward_agent option (#53 — requested by @raphaelbahat in #52) — enable the equivalent of OpenSSH's ForwardAgent yes per server, so processes on the remote host can authenticate to other SSH hosts using the keys in your local ssh-agent (e.g. git clone over SSH on a remote server using your local GitHub key), without copying any private key to the server.SSH_AUTH_SOCK); the flag is ignored when no agent is present, so it never breaks a connection. Boolean parsing treats only true/1/yes/on as enabled — FORWARD_AGENT=false stays off.false — agent forwarding lets anyone with root on the remote host use your loaded keys for the life of the connection, so enable it only for servers you trust. See the new SSH Agent Forwarding section in the docs.SSH_SERVER_MYSERVER_FORWARD_AGENT=true
ssh_db_* argument is now shell-quoted (#51 — responsibly disclosed by Ugur Ozer, Aeon AI Risk Management (http://airiskmanagement.ca), see #48) — caller-controlled values (ssh_db_list most notably, which stayed allowed in readonly/restricted modes) were interpolated into shell-evaluated strings, allowing arbitrary command execution on the SSH target. A centralized shellQuote() now wraps every value across all 15 builders, guarded by a 648-combination injection test. Full changelog →SUDO_PASSWORD / DEFAULT_DIR / ssh_sync key auth work again (July 11, 2026)ssh_execute_sudo ignored SUDO_PASSWORD, DEFAULT_DIR was ignored by ssh_execute/ssh_group_execute/ssh_list_servers, and ssh_sync never passed the configured SSH key to rsync. All aligned with the loader's camelCase