MCP SSH SRE

Provides read-only server diagnostics over SSH, returning structured results to an MCP client.
  • typescript

11

GitHub Stars

typescript

Language

5 months ago

First Indexed

2 months ago

Catalog Refreshed

Documentation & install

Readme and setup notes from the catalogue, plus a client-ready config you can copy for your MCP host.

Installation

Add the following to your MCP client configuration file.

Configuration

View docs

You run an MCP server that connects to a target Linux host over SSH and exposes read-only diagnostic results to an AI assistant. It keeps credentials and shell access private, so your system remains secure while you get fast, actionable insights from natural language queries.

How to use

You work with an MCP client to ask questions like: Why is a container failing to start? Which processes are consuming the most CPU? Is a disk showing signs of trouble? The MCP server executes predefined diagnostic commands over SSH and returns structured results to the client, enabling you to investigate issues in seconds without manual command hunting.

How to install

Prerequisites you need on your host: a supported container runtime and network access to the MCP server. You also need SSH credentials configured on the target machine that you authorize for read-only diagnostics.

Step 1. Run the MCP server with Docker. Copy and paste this command:

docker run -d \
  -p 3000:3000 \
  -e SSH_HOST=server.local \
  -e SSH_USERNAME=mcp-readonly \
  -e SSH_KEY_PATH=/keys/id_ed25519 \
  -v ~/.ssh/id_ed25519_mcp:/keys/id_ed25519:ro \
  ghcr.io/ohare93/mcp-ssh-sre:latest

Step 2. Point your MCP client to the server endpoint. Use the following MCP configuration snippet in your client setup to register the remote MCP server.

{
  "mcpServers": {
    "ssh-sre": {
      "url": "http://your-server:3000/mcp"
    }
  }
}

Additional setup notes

For production deployments, you may want to set up authentication, TLS, and proper SSH key management. The server automatically uses SSH to run diagnostic commands on the target host and returns only the results, keeping your credentials and shell access private.

Security and design notes

This MCP server is designed to be read-only. It does not modify the remote system, and it avoids exposing shell access or credentials beyond the diagnostic outputs. Review access controls on the MCP client to ensure only authorized users can query diagnostics.

Built by
VeilStrat
AI signals for GTM teams
© 2026 VeilStrat. All rights reserved.All systems operational