mcp-ssh-manager

Name: mcp-ssh-manager
Author: bvisible

Verified

MCP SSH Server: 37 tools for remote SSH management | Claude Code & OpenAI Codex | DevOps automation, backups, database operations, health monitoring

332stars

46forks

JavaScript

Installation

# Add to your Claude Code skills
git clone https://github.com/bvisible/mcp-ssh-manager

Getting Started

Guides for using mcp servers skills like mcp-ssh-manager.

Best MCP Servers in 2026
Category-by-category picks: databases, dev tools, productivity, browser automation.
What is an AI Skills Marketplace?
Definitions, how marketplaces work, and how to choose between them in 2026.
Getting Started with AI Skills
First-time install walkthrough for Claude Code, Codex CLI, and ChatGPT.

Security ReportVerified

Last scanned: 5/30/2026

{
  "issues": [],
  "status": "PASSED",
  "scannedAt": "2026-05-30T15:31:22.616Z",
  "npmAuditRan": true,
  "pipAuditRan": true
}

README.md

Frequently Asked Questions

What is mcp-ssh-manager?

mcp-ssh-manager is an open-source mcp servers skill for AI coding assistants such as Claude Code, Codex CLI, and ChatGPT, built by bvisible. MCP SSH Server: 37 tools for remote SSH management | Claude Code & OpenAI Codex | DevOps automation, backups, database operations, health monitoring. It has 332 GitHub stars.

Is mcp-ssh-manager safe to use?

Yes. mcp-ssh-manager passed SkillsLLM's automated security scan — a dependency vulnerability audit plus prompt-injection heuristics — with no high-severity issues. You can read the full report in the Security Report section on this page.

How do I install mcp-ssh-manager?

Clone the repository with "git clone https://github.com/bvisible/mcp-ssh-manager" and add it to your Claude Code skills directory (see the Installation section above).

What programming language is mcp-ssh-manager written in?

mcp-ssh-manager is primarily written in JavaScript. It is open-source under bvisible on GitHub, so you can review or fork the full source.

Are there alternatives to mcp-ssh-manager?

Yes. SkillsLLM lists many other MCP Servers skills you can browse and compare side by side. Open the MCP Servers category from the badge at the top of this page, or use the Related Skills and comparison links further down to weigh mcp-ssh-manager against similar tools.

MCP for Beginners

Build MCP servers that give AI assistants real capabilities

36 minBeginner

Comments (0)

to leave a comment.

No comments yet. Be the first to share your thoughts!

Related Skills

ECC

by affaan-m

The agent harness performance optimization system. Skills, instincts, memory, security, and research-first development for Claude Code, Codex, Opencode, Cursor and beyond.

223,611

Popular in MCP Servers

Top skills in this category by stars

Scrapling

by D4Vinci

🕷️ An adaptive Web Scraping framework that handles everything from a single request to a full-scale crawl!

67,227

mcp-documentation-server sec-edgar-mcp

MCP SSH Manager - SSH Remote Server Management via Model Context Protocol 🚀

A Model Context Protocol (MCP) server that enables Claude Code and OpenAI Codex to manage multiple SSH connections. Execute commands, transfer files, manage databases, create backups, monitor health, and automate DevOps tasks across your servers — directly from your AI assistant.

🎉 What's New in v3.6.4

Internal cleanup + a dead-code quality gate (Released: June 18, 2026)

🧹 Dead-code removal (−343 lines), zero behavioral change — removed 27 unused exports and 2 duplicate exports. The MCP server and CLI behave identically: command builders/parsers are byte-identical before/after, and all 37 tools were verified end-to-end against a live SSH server.
🛡️ Dead-code CI gate — a calibrated knip.json plus a blocking knip step in CI keep unused code and dependencies from creeping back. eslint src/ is now clean (0 errors, 0 warnings).

Read full changelog →

Previous Releases

v3.6.3 - `ssh_sync` reports the real transfer count (June 18, 2026)

📊 No more false "No files needed to be transferred" (#42 — thanks @MakksSh) — fixed rsync --stats parsing: --stats is always passed now, and rsync 2.x/3.x wording, openrsync's B suffix, and locale separators are all handled. Full changelog →

v3.6.2 - Richer tool descriptions (June 9, 2026)

📝 All 37 tool descriptions rewritten — every MCP tool now documents its real behavior (side effects, destructive vs read-only nature, idempotency, sudo/auth requirements, security-mode gating, parameter semantics) instead of a 4-to-10-word summary. Agents now know the consequences before invoking a tool; no behavioral change — only description strings changed. Full changelog →

v3.6.1 - Teardown hygiene follow-up (June 9, 2026)

🔌 Module-level timers no longer pin the event loop (follow-up to #41) — tunnel-manager.js and session-manager.js registered module-level setIntervals that were never unref()'d, so importing either module kept Node's event loop alive. Both are now unref()'d. Full changelog →

v3.6.0 - Live config hot reload + stdio lifecycle fix (June 9, 2026)

♻️ Configuration hot reload (#40 — thanks @EnjoySR) — add or edit a server in your .env/TOML and the running MCP server picks it up on the next call, no restart. A ServerConfigManager reloads lazily on file-signature change (path + mtime + size); a failed reload keeps the last known-good config; real process.env vars keep top priority. No watcher, no polling.
🔌 No more orphaned stdio processes (#41 — thanks @LegendaryGatz) — a stdio MCP server is torn down by stdin EOF / SIGTERM, not SIGINT; with only a SIGINT handler every session leaked a ~83 MB node process. Shutdown is now idempotent across SIGINT/SIGTERM/SIGHUP/stdin-close, timers are unref()'d, and the process exits ~10 ms after teardown instead of never. Full changelog →

v3.5.1 - Robust SSH ping health-check on Windows/OpenSSH (May 26, 2026)

🪟 Healthy Windows sessions no longer reported as Dead (#39 — thanks @username77) — the liveness probe ran echo "ping" and cmd.exe echoed the quotes literally, failing a strict === 'ping' check and needlessly rebuilding live connections. Now uses echo ping parsed by a null-safe isPingAlive(stdout) helper (CRLF/quote/case-normalized), covered by tests/test-ssh-ping.js. Full changelog →

v3.5.0 - Per-server security modes — `readonly` / `restricted` + audit log (May 18, 2026)

A second authorization layer that filters tool invocations inside the MCP server, complementing the existing client-side autoApprove. Useful when sharing the MCP with a third-party agent, a CI bot, or any client where ssh_execute shouldn't be unconditionally trusted.

🔒 Three modes, opt-in per server (no MODE field = identical to v3.4.x):
- unrestricted (default) — strict no-op. evaluatePolicy() early-returns on the first line, zero overhead.
- readonly — blocks mutating tools (ssh_upload, ssh_deploy, ssh_sync, ssh_execute_sudo, ssh_backup_*, ssh_db_import/dump, plus action-gated ssh_key_manage accept|remove, ssh_alert_setup set, ssh_process_manager kill) AND applies a built-in denylist on ssh_execute (rm, mv, dd, mkfs, chmod, chown, sudo, systemctl restart/stop, docker rm/stop, pipe-to-sh, redirect outside /tmp, curl|sh, etc.).
- restricted — every command must match at least one ALLOW_PATTERNS regex AND no DENY_PATTERNS regex. DENY wins. With no ALLOW_PATTERNS everything is refused (fail-closed).
📝 Audit log — opt-in JSONL per server (SSH_SERVER_<N>_AUDIT_LOG=/path/to/audit.jsonl). Records ts, server, tool, args, allowed, reason on denial, exitCode/success on execution. Sensitive arg fields (password, passphrase, sudoPassword, token, secret, apikey) are replaced with ***.
🪄 Command aliases expanded BEFORE policy evaluation — a DENY pattern can't be bypassed via an alias.
♻️ Backward-compatible by design — a v3.4.x .env or TOML loads identically. No MODE field → zero behavior change. The interactive wizard (ssh-manager server add) defaults all three new prompts to skip. All 13 pre-existing tests pass unmodified. New tests/test-policy.js adds 26 tests covering modes, DENY > ALLOW precedence, invalid-regex handling, redaction, and the backward-compat fast path. Full reference →

v3.4.1 - Modern OpenSSH 9.x compatibility (May 16, 2026)

🔐 Expanded SSH algorithm list — handshake against OpenSSH 9.x out of the box (#32)
- KEX: curve25519-sha256 (+@libssh.org), diffie-hellman-group15-sha512, diffie-hellman-group16-sha512
- Server host key: rsa-sha2-512, rsa-sha2-256 (RFC 8332)
- Cipher: aes128-gcm@openssh.com, aes256-gcm@openssh.com
- HMAC: hmac-sha2-256-etm@openssh.com, hmac-sha2-512-etm@openssh.com, hmac-sha1-etm@openssh.com
- Backward-compatible — legacy algorithms preserved at lower preference, older servers (CentOS 7, Debian 10) keep working. Thanks @YoungHong1992.

v3.4.0 - Windows OpenSSH support + shell-agnostic session sync (May 7, 2026)

🪟 Windows OpenSSH encoding & syntax fixes — UTF-16LE base64 PowerShell payloads (Ansible-style) + Set-Location replacing cd && (#31, thanks @WenKingSu)
🎯 Marker-based SSH session sync — UUID v4 protocol boundaries with ECHO: 0 PTY, real $? exit codes, no more "Timeout waiting for shell prompt" on custom/slow/AIX shells (#30, thanks @MakksSh)

v3.3.0 - ProxyCommand & Critical Fixes (May 2, 2026)

🔌 ProxyCommand support for SOCKS5 / custom proxy commands (#24)
⏱️ ssh_execute timeout silently capped at 30 s — fixed (#28, #29)
🪟 Windows global install /bin/bash shim error — fixed (#22, #23)
🔧 server add blocked by missing rsync — rsync now optional (#26)
🔡 Hyphenated server names silently dropped — validation hardened (#25, #27)

v3.2.2 - Global Install Fix & CLI Binary (April 7, 2026)

🔧 Global install fixed: .env path resolution now uses a fallback chain instead of hardcoded __dirname — works correctly with npm install -g (#16, #19)
- Fallback chain: ~/.ssh-manager/.env → cwd/.env → ~/.env → project .env
- Auto-creates ~/.ssh-manager/.env on first ssh-manager server add
**📦 ssh-manager CLI registered a