Assistencia-Familiar-Francana/remote-mcp
3.1
If you are the rightful owner of remote-mcp and would like to certify it and/or have it hosted online, please leave a comment on the right or send an email to henry@mcphub.com.
A robust, SOLID-compliant Multi-Context Protocol (MCP) server for remote SSH operations with advanced password management and security features.
MCP Remote SSH Server
A robust, SOLID-compliant Multi-Context Protocol (MCP) server for remote SSH operations with advanced password management and security features.
๐ Features
- SOLID Architecture: Clean, maintainable code following SOLID principles
- Advanced Password Management: Environmental, interactive, and session-specific password handling
- Security-First: Comprehensive security patterns and command validation
- Session Management: Persistent SSH sessions with automatic cleanup
- Tool Handlers: Extensible tool system for SSH operations
- Timeout Management: Intelligent timeout handling to prevent hanging commands
- ๐ Permissibility Levels: Configurable security levels (low, medium, high) for fine-grained access control
๐ Permissibility Levels
The MCP Remote SSH server supports three configurable permissibility levels that control which commands and operations are allowed:
Low Permissibility (Read-Only Operations)
- Description: Basic read-only operations only
- Allowed: File viewing, system information, network diagnostics
- Blocked: File modifications, sudo, command chaining, system changes
- Use Case: Monitoring, diagnostics, read-only access
Example Commands:
ls -la # โ
Allowed
cat /etc/hostname # โ
Allowed
ps aux # โ
Allowed
df -h # โ
Allowed
sudo apt update # โ Denied
cp file1 file2 # โ Denied
ls && echo 'success' # โ Denied
Medium Permissibility (Safe Operations)
- Description: Read operations + safe write operations
- Allowed: File operations, system administration (non-destructive), package management
- Blocked: Sudo operations, dangerous system modifications, command chaining
- Use Case: Development, testing, safe administrative tasks
Example Commands:
ls -la # โ
Allowed
cp file1 file2 # โ
Allowed
systemctl status ssh # โ
Allowed
journalctl -u ssh # โ
Allowed
sudo apt update # โ Denied
sudo reboot # โ Denied
ls && echo 'success' # โ Denied
High Permissibility (Administrative Access)
- Description: Full administrative access with sudo
- Allowed: All operations including sudo, command chaining, system control
- Blocked: Only the most dangerous operations (rm -rf /, disk wiping, etc.)
- Use Case: System administration, deployment, full access scenarios
Example Commands:
ls -la # โ
Allowed
sudo apt update # โ
Allowed
sudo systemctl restart ssh # โ
Allowed
ls && echo 'success' # โ
Allowed
ps aux | grep ssh # โ
Allowed
rm -rf / # โ Denied (always blocked)
dd if=/dev/zero of=/dev/sda # โ Denied (always blocked)
Configuration
Environment Variable
export MCP_SSH_PERMISSIBILITY_LEVEL=high
JSON Configuration File
security:
permissibility_level: high # low, medium, or high
MCP Configuration
{
"mcpServers": {
"production-ssh": {
"env": {
"MCP_SSH_PERMISSIBILITY_LEVEL": "high"
}
}
}
}
Getting Permissibility Information
Use the ssh_get_permissibility_info tool to check current settings:
# This will return information about the current permissibility level
# and what operations are allowed/blocked
๐ Project Structure
remote-mcp/
โโโ mcp_remote_ssh/ # Main package
โ โโโ __init__.py
โ โโโ server.py # MCP server implementation
โ โโโ session.py # SSH session management
โ โโโ session_manager.py # Session lifecycle management
โ โโโ tool_handlers.py # Tool handler implementations
โ โโโ config.py # Configuration management
โ โโโ security.py # Security validation
โ โโโ security_patterns.py # Security pattern management
โ โโโ password_handler.py # Password handling system
โ โโโ interactive_password_service.py # Interactive password service
โ โโโ tests/ # Unit and integration tests
โโโ docs/ # Documentation
โโโ demos/ # Example demonstrations
โโโ scripts/ # Utility scripts
โโโ configs/ # Configuration files
โโโ start_mcp_server.py # Server startup script
โโโ pyproject.toml # Project configuration
โโโ README.md # This file
๐ ๏ธ Quick Start
Installation
# Clone the repository
git clone <repository-url>
cd remote-mcp
# Install dependencies
pip install -r requirements.txt
Configuration
Environment Variables
Set up environment variables:
export MCP_SSH_HOST="your-host.com"
export MCP_SSH_USER="your-username"
export MCP_SSH_KEY="/path/to/your/ssh/key"
export MCP_SSH_SUDO_PASSWORD="your-sudo-password" # Optional
export MCP_SSH_INTERACTIVE_PASSWORD="true" # Optional
# Password Configuration
export MCP_PASSWORD="your-default-password" # Fallback for both SSH and sudo
export MCP_SSH_PASSWORD="your-ssh-password" # SSH-specific password
export MCP_SSH_SUDO_PASSWORD="your-sudo-password" # Sudo-specific password
Password Priority Order:
MCP_SSH_PASSWORD/MCP_SSH_SUDO_PASSWORD(specific passwords)MCP_PASSWORD(fallback for both)- No password (interactive prompt if enabled)
MCP Configuration File
For Cursor IDE integration, create a .cursor/mcp.json file:
{
"mcpServers": {
"production-ssh": {
"command": "/usr/bin/python3",
"args": ["/path/to/remote-mcp/start_mcp_server.py"],
"cwd": "/path/to/remote-mcp",
"env": {
"MCP_SSH_HOST": "your-production-host.com",
"MCP_SSH_USER": "admin",
"MCP_SSH_KEY": "/path/to/your/ssh/private_key",
"MCP_SSH_PORT": "22",
"MCP_SSH_PROXY_COMMAND": "cloudflared access ssh --hostname %h",
"MCP_SERVER_NAME": "production-ssh",
"MCP_SERVER_DESCRIPTION": "Production Server - Enhanced Permissions for Admin",
"MCP_SSH_SUDO_PASSWORD": "your-sudo-password",
"MCP_SSH_INTERACTIVE_PASSWORD": "true",
"DEBUG": "false",
"LOG_LEVEL": "INFO"
}
},
"staging-ssh": {
"command": "/usr/bin/python3",
"args": ["/path/to/remote-mcp/start_mcp_server.py"],
"cwd": "/path/to/remote-mcp",
"env": {
"MCP_SSH_HOST": "staging.example.com",
"MCP_SSH_USER": "deploy",
"MCP_SSH_KEY": "/path/to/your/ssh/staging_key",
"MCP_SSH_PORT": "2222",
"MCP_SERVER_NAME": "staging-ssh",
"MCP_SERVER_DESCRIPTION": "Staging Server - Safe Operations Only",
"MCP_SSH_PERMISSIBILITY_LEVEL": "medium",
"MCP_PASSWORD": "your-default-password",
"DEBUG": "true",
"LOG_LEVEL": "DEBUG"
}
}
}
}
Security Note: Replace sensitive values like passwords, hostnames, and file paths with your actual configuration. Never commit real credentials to version control.
Running the Server
python start_mcp_server.py
๐ Documentation
- - Comprehensive guide to password handling
- - Deployment and configuration instructions
- - Detailed API documentation
๐งช Testing
Run the test suite:
# Run all tests
python -m pytest mcp_remote_ssh/tests/
# Run specific test categories
python -m pytest mcp_remote_ssh/tests/test_tool_handlers.py
python -m pytest mcp_remote_ssh/tests/test_password_functionality.py
๐ง Development
Architecture Overview
The project follows SOLID principles with clear separation of concerns:
- Tool Handlers: Each MCP tool has its own handler class
- Session Management: Centralized session lifecycle management
- Security Patterns: Extensible security pattern system
- Password Management: Multi-strategy password handling
Adding New Tools
- Create a new handler class in
tool_handlers.py - Implement the
ToolHandlerinterface - Add the handler to
ToolHandlerFactory - Register the tool in
server.py - Add tests in
tests/
Adding New Security Patterns
- Create a new pattern class in
security_patterns.py - Implement the
SecurityPatterninterface - Add the pattern to
SecurityPatternManager - Add tests for the new pattern
๐ Security
- Command Validation: All commands are validated against security patterns
- Password Security: Secure password handling with timeouts
- Session Isolation: Each session is isolated and managed separately
- Audit Logging: Comprehensive logging for security auditing
๐ค Contributing
- Follow SOLID principles
- Write comprehensive tests
- Update documentation
- Use meaningful commit messages
๐ License
๐ Support
For issues and questions:
- Check the documentation in
docs/ - Review the test examples in
mcp_remote_ssh/tests/ - Check the demo scripts in
demos/