MCP SSH Manager
Manage multiple SSH servers from Claude Code or OpenAI Codex — execute commands, transfer files, backups, DB ops, health monitoring.
Add to your client
Copy the config for your MCP client and paste it into its config file.
npm install -g mcp-ssh-managerPaste into ~/Library/Application Support/Claude/claude_desktop_config.json
{
"mcpServers": {
"mcp-ssh-manager": {
"command": "node",
"args": [
"/path/to/mcp-ssh-manager/src/index.js"
]
}
}
}Step-by-step guides: Add to Claude Desktop · Add to Cursor · Add to Windsurf
Before you start
- Node.js v18 or higher
- npm
- Claude Code CLI (for Claude Code) or Codex CLI (for OpenAI Codex)
- Bash 4.0+ for the optional CLI management tools
- rsync for file synchronization (ssh_sync)
- sshpass (optional, for rsync with password authentication)
- SSH access and credentials for the remote servers you want to manage
About MCP SSH Manager
A Model Context Protocol server that turns Claude Code or OpenAI Codex into an SSH operations console: it connects to multiple remote servers and exposes 37 tools for command execution, file transfer, database management, backup/restore, and health monitoring. Configuration is via .env (Claude Code) or TOML (Codex), with support for password / SSH key / ssh-agent auth, ProxyJump bastions, ProxyCommand/SOCKS5 proxies, persistent sessions, server groups, and SSH tunnels. Optional per-server security modes and an audit log add a server-side authorization layer on top of the client's autoApprove.
Tools & capabilities (24)
ssh_list_serversList all configured SSH servers with their details.
ssh_executeExecute a command on a remote server. Params: server, command, cwd (optional; falls back to the server's default directory).
ssh_uploadUpload a file to a remote server. Params: server, local_path, remote_path.
ssh_downloadDownload a file from a remote server. Params: server, remote_path, local_path.
ssh_syncBidirectional file synchronization between local and remote using rsync.
ssh_backup_createCreate a backup of a database (MySQL/PostgreSQL/MongoDB) or files on a remote server, with compression and metadata. Params: server, type, name, database, paths, retention.
ssh_backup_listList available backups on a remote server with size, date, and retention info. Params: server, type (optional filter).
ssh_backup_restoreRestore from a previous backup, with cross-database support. Params: server, backupId, database, targetPath.
ssh_backup_scheduleSchedule automatic backups via cron with retention-based cleanup. Params: server, schedule (cron), type, name.
ssh_health_checkRun a comprehensive health check (CPU, memory, disk, network, uptime, load) and return healthy/warning/critical status.
ssh_service_statusCheck the running/stopped status of services (nginx, mysql, docker, etc.) via systemd or sysv. Params: server, services (array).
ssh_process_managerList, monitor, or kill processes on a remote server; sort by CPU or memory and filter by name. Actions: list, kill, info.
ssh_alert_setupConfigure health-monitoring alerts and thresholds for CPU, memory, and disk. Actions: set, get, check.
ssh_db_dumpCreate a database dump (MySQL/PostgreSQL/MongoDB) on a remote server, optionally compressed and limited to specific tables. Params: server, type, database, outputFile, dbUser, dbPassword, dbHost, dbPort, compress, tables.
ssh_db_importImport a SQL dump or restore a database, auto-decompressing .gz files. Params: server, type, database, inputFile, dbUser, dbPassword, dbHost, dbPort, drop (MongoDB).
ssh_db_listList databases (filtering system DBs) or, when a database is given, its tables/collections. Params: server, type, database (optional), dbUser, dbPassword, dbHost, dbPort.
ssh_db_queryExecute a read-only SQL query (SELECT only) on a remote database; use the collection param for MongoDB finds. Params: server, type, database, query, dbUser, dbPassword, dbHost, dbPort.
ssh_deployDeploy files with automatic permission handling and backups. Params: server, files (array), options (owner, permissions, backup, restart).
ssh_execute_sudoExecute a command with sudo privileges, handling the sudo password without exposing it in logs. Params: server, command, password (optional), cwd (optional).
ssh_aliasManage server aliases for easier access. Params: action (add/remove/list), alias, server.
ssh_command_aliasManage command aliases for frequently used commands, loaded from the active profile. Params: action (add/remove/list/suggest), alias, command.
ssh_hooksManage automation hooks for SSH operations, loaded from the active profile. Params: action (list/enable/disable/status), hook.
ssh_profileManage configuration profiles for different project types (default, frappe, docker, nodejs). Params: action (list/switch/current), profile.
ssh_connection_statusCheck connection status and force reconnection of pooled/stale SSH connections (reconnect action).
What this server can do
MCP SSH Manager provides tools for these capabilities — tap one to see every MCP server that does the same:
When to use it
- Run commands and inspect logs across multiple production/staging servers from Claude Code or Codex
- Deploy files and restart services with automatic permission handling and backups
- Create, schedule, and restore database and file backups (MySQL, PostgreSQL, MongoDB)
- Monitor server health (CPU, RAM, disk, services) and manage processes
- Reach servers behind bastion/jump hosts or SOCKS5 proxies via ProxyJump/ProxyCommand
- Safely delegate SSH access to a CI bot or third-party agent using readonly/restricted security modes and an audit log
Security notes
Grants an AI assistant the ability to run arbitrary shell commands, transfer files, and operate databases over SSH on remote servers. Store SSH credentials in a `.env` file that is never committed; prefer SSH keys or ssh-agent over inline passwords. Use the optional per-server security modes (v3.5.0+): `readonly` blocks mutating tools and destructive commands, `restricted` requires every `ssh_execute` command to match an `ALLOW_PATTERNS` regex and no `DENY_PATTERNS` (DENY wins, fail-closed). An opt-in JSONL audit log records each invocation and redacts sensitive args (password, passphrase, sudoPassword, token, secret, apikey). `autoApprove` in the client config is all-or-nothing per tool, so enabling it for ssh_execute trusts any command.
MCP SSH Manager FAQ
Which AI clients does it support?
Claude Code (configured via .env and `claude mcp add` / an mcpServers JSON block) and OpenAI Codex (configured via a `[mcp_servers.ssh-manager]` block in ~/.codex/config.toml plus a TOML ssh-config). Both expose the same set of MCP tools.
How are SSH servers configured?
For Claude Code, add `SSH_SERVER_<NAME>_HOST/_USER/_PASSWORD/_KEYPATH/_PASSPHRASE/_PORT/_DEFAULT_DIR/...` entries to a `.env` file. For Codex, define `[ssh_servers.<name>]` tables in a TOML file. The `ssh-manager` CLI can convert between the two formats, and config changes are hot-reloaded without restarting the server (v3.6.0+).
Can I limit which tools or commands the AI can run?
Yes. Tool activation lets you enable only specific tool groups (minimal mode is 5 tools, ~92% less context). Per-server security modes (v3.5.0+) add server-side filtering: `readonly` blocks mutating tools and destructive commands, and `restricted` requires each command to match an ALLOW_PATTERNS regex with DENY_PATTERNS taking precedence. An opt-in JSONL audit log records and redacts each invocation.
What authentication methods are supported?
Password, SSH key, and ssh-agent (including passphrase-protected keys, either via SSH_AUTH_SOCK or a stored passphrase field). It also supports ProxyJump bastion chains and ProxyCommand/SOCKS5 proxies, and works against Linux, macOS, and Windows OpenSSH hosts.
Alternatives to MCP SSH Manager
Compare all alternatives →
GitHub's official server for repos, issues, PRs, and Actions — local Docker or hosted remote.
Official AWS Labs server that lets agents call any AWS API via the AWS CLI surface.
Bulk Kubernetes port forwarding with an MCP server that lets AI assistants forward services, inspect pods, and monitor traffic.
Compare MCP SSH Manager with: