# mcp-ssh

> A Model Context Protocol (MCP) server for managing and controlling SSH connections.

- **URL**: https://www.freshcrate.ai/projects/mcp-ssh
- **Author**: AiondaDotCom
- **Category**: MCP Servers
- **Latest version**: `v1.3.8` (2026-04-14)
- **License**: MIT
- **Source**: https://github.com/AiondaDotCom/mcp-ssh
- **Language**: JavaScript
- **GitHub**: 65 stars, 17 forks
- **Registry**: github
- **Tags**: `javascript`, `linux`, `mcp`, `ssh`

## Description

A Model Context Protocol (MCP) server for managing and controlling SSH connections.

## Recent releases

| Version | Date | Urgency | Changes |
| --- | --- | --- | --- |
| `v1.3.8` | 2026-04-14 | High | Fix startup regression: start.sh, start-silent.sh, npm scripts and DXT manifest now invoke bin/mcp-ssh.js. Since 1.3.6 server.mjs no longer auto-runs main(), so these entry points exited immediately. |
| `1.3.7` | 2026-04-11 | High | ## Security maintenance  Resolves all open `npm audit` advisories by bumping transitive dependencies. `npm audit --audit-level=high` now reports **zero vulnerabilities**.  ### GHSAs resolved  **Production dependency chain** (`@modelcontextprotocol/sdk → express → router → path-to-regexp`):  - `path-to-regexp` DoS via sequential optional groups (GHSA-j3q9-mxjg-w52f) - `path-to-regexp` ReDoS via multiple wildcards (GHSA-27v5-c462-wpq7)  These were not exploitable in practice because `mcp-ssh` uses |
| `1.3.6` | 2026-04-11 | Medium | ## Bug fix  Fixes a silent startup failure when launching the server via `bin/mcp-ssh.js` on Windows MCP clients (e.g. Antigravity), which manifested as a `failed to initialize: EOF` error in the client.  ### Cause  `server.mjs` had an `isMainModule` heuristic that compared `process.argv[1]` against forward-slash path suffixes (`/mcp-ssh.js`, `/server.mjs`, `/mcp-ssh`). On Windows, `process.argv[1]` uses backslashes, so none of those `endsWith` checks matched and `main()` was never called. The p |
| `1.3.5` | 2026-04-11 | Medium | ## Security fix (high severity)  This release fixes a high-severity local RCE in the MCP server and ships several related hardenings. **All users should upgrade.**  ### What was vulnerable  A crafted `hostAlias` such as `-oProxyCommand=...` was passed to `ssh`/`scp` without an argument terminator. SSH interprets arguments starting with `-` as options regardless of position, so the option-injection caused SSH to execute the attacker-supplied `ProxyCommand` **locally** on the machine running the M |
| `v1.0.3` | 2025-07-15 | Low | ## MCP SSH Agent v1.0.3 - Desktop Extension  ### What's New - **Desktop Extension Support**: One-click installation for Claude Desktop - **Fixed Configuration**: Corrected manifest.json for reliable extension loading - **Improved Stability**: Native SSH command integration for maximum compatibility  ### Installation Options  #### Option 1: Desktop Extension (Recommended) 1. Download the `mcp-ssh-1.0.3.dxt` file below 2. Open Claude Desktop 3. Go to Settings > Extensions 4. Click "Install from fi |

## Citation

- HTML: https://www.freshcrate.ai/projects/mcp-ssh
- Markdown: https://www.freshcrate.ai/projects/mcp-ssh.md
- Dependencies JSON: https://www.freshcrate.ai/api/projects/mcp-ssh/deps

_Generated by freshcrate.ai. Indexes github releases for AI-agent ecosystem packages._