Metadata-Version: 2.4
Name: safe-ssh-mcp
Version: 0.1.8
Summary: A secure and scoped SSH MCP server for executing safe read-only diagnostic commands over SSH
Author-email: Anton Areso Gladyshev <returnstrike@yandex.com>
License-Expression: AGPL-3.0-or-later
Project-URL: Homepage, https://github.com/Areso/safe-ssh-mcp
Classifier: Programming Language :: Python :: 3
Classifier: Operating System :: POSIX :: Linux
Requires-Python: >=3.11
Description-Content-Type: text/markdown
License-File: LICENSE
Requires-Dist: paramiko<5,>=4.0.0
Requires-Dist: fastmcp<4,>=3.1.1
Dynamic: license-file

# Safe SSH MCP Server
A secure and scoped SSH MCP server for executing read-only diagnostic commands over SSH.  
In this project, "safe" refers specifically to host safety: the server is designed to prevent modifications to the remote system and reduce the risk of operational harm. It does NOT attempt to guarantee that command output cannot be misused by external agents.

## Badges
[![Snyk Vulnerability Database report](https://snyk.io/advisor/images/snyk-poweredby.svg)](https://security.snyk.io/package/pip/safe-ssh-mcp) - security check  
[![PyPI Downloads](https://static.pepy.tech/personalized-badge/safe-ssh-mcp?period=total&units=ABBREVIATION&left_color=BLACK&right_color=GREEN&left_text=downloads)](https://pepy.tech/projects/safe-ssh-mcp)  

## Overview

The core philosophy behind this MCP server is safety first. Instead of providing an AI agent with an unrestricted bash shell, this server exposes only carefully curated, read-only commands for system diagnostics and monitoring.

## Available Tools (Partial List)
1. get_disk_free : `df -h`
2. get_disk_usage : `find <path> -mindepth 1 -maxdepth 1 -exec du -sh -- {} + 2>/dev/null | sort -rh | head -n 20`
3. get_dmesg : `dmesg`
4. get_uptime : `uptime`
5. get_current_datetime : `date`
6. get_distroname_version : `cat /etc/os-release`
7. get_systemd_list_all : `systemctl list-units --all --no-pager`
8. get_systemd_list_failed : `systemctl list-units --state=failed --no-pager`
9. get_systemd_list_timers : `systemctl list-timers --no-pager`
10. get_crontab_tasks: `crontab -l`
11. get_systemd_status : `systemctl status {daemon}`
12. get_top : `top -b -n 1 -c`

## Example of invocation
`okay, could u check disk usage on /root/ path with help of safe-ssh-mcp server on a remote myserver.mydomain.pro using root and /Users/myUser/.ssh/id_rsa to login?`

## Project Contents
1. mcp_ssh.py - the SSH MCP server
2. mcp_config.ini - the server's config
3. check_tools.py - check the server's tools with schemas, and list them
4. check_health.py - check the server's tools and either it's up

## Compatibility
Tested only on Python3.11 running on MacOS

## The MCP Registry
mcp-name: io.github.Areso/safe-ssh-mcp

## The License
This project is licensed under the GNU AGPLv3 License.

### Why AGPL?
This server acts as core infrastructure and contains no business logic. By using the AGPL license, we ensure that any security improvements, bug fixes, or new diagnostic tools added to the server are shared back with the open-source community.

### Note for Client Developers 
Because MCP clients communicate with this server via standard Inter-Process Communication (IPC) or network protocols (like HTTP/SSE), the AGPL license does not "infect" or restrict the client applications connecting to it.   
You can safely connect proprietary, closed-source, or permissively licensed (e.g., MIT, Apache 2.0) AI agents to this server without violating the license terms.
