This repository has been archived on 2026-06-09. You can view files and clone it. You cannot open issues or pull requests or push a commit.
Files
wiki/ssh-mcp/INSTALLATION.md
T
2026-05-09 19:09:43 -05:00

263 lines
7.0 KiB
Markdown

← [Home](Home)
# Installation Guide
---
## Prerequisites
| Requirement | Minimum Version | Notes |
|-------------|-----------------|-------|
| Node.js | 18.0.0 | LTS recommended |
| npm | 9.x | Ships with Node.js 18+ |
| SSH key pair | -- | Ed25519 recommended (`ssh-keygen -t ed25519`) |
| rsync | -- | Required only for `ssh_sync` |
| sshpass | -- | Required only for `ssh_sync` with password auth |
### Generating an SSH Key
If you do not already have an SSH key:
```bash
ssh-keygen -t ed25519 -C "your_email@example.com"
```
Copy the public key to each remote server:
```bash
ssh-copy-id -i ~/.ssh/id_ed25519.pub user@host
```
---
## Install
Clone the repository and install dependencies:
```bash
git clone https://git.mokoconsulting.tech/MokoConsulting/ssh-mcp.git
cd ssh-mcp
npm install
```
---
## Configuration
ssh-mcp reads server definitions from environment variables. The recommended approach is a `.env` file stored at `~/.ssh-manager/.env`.
### .env File Search Order
The server searches for `.env` in this order:
| Priority | Location | Description |
|----------|----------|-------------|
| 1 | `SSH_ENV_PATH` environment variable | Explicit override |
| 2 | `~/.ssh-manager/.env` | User config directory |
| 3 | `<cwd>/.env` | Current working directory |
| 4 | `~/.env` | Home directory |
| 5 | `<install-dir>/.env` | Backward compatibility |
### .env Format
Each server is defined by a set of variables sharing a common name prefix. The name is case-insensitive and is used to reference the server in tool calls.
```dotenv
# --- Required ---
SSH_SERVER_PRODUCTION_HOST=192.168.1.100
SSH_SERVER_PRODUCTION_USER=deploy
# --- Authentication (pick one) ---
SSH_SERVER_PRODUCTION_KEYPATH=~/.ssh/id_ed25519
# or
SSH_SERVER_PRODUCTION_PASSWORD=s3cret
# --- Optional ---
SSH_SERVER_PRODUCTION_PASSPHRASE=key_passphrase
SSH_SERVER_PRODUCTION_PORT=22
SSH_SERVER_PRODUCTION_DEFAULT_DIR=/var/www/myapp
SSH_SERVER_PRODUCTION_SUDO_PASSWORD=sudopass
SSH_SERVER_PRODUCTION_PLATFORM=linux # "linux" (default) or "windows"
SSH_SERVER_PRODUCTION_PROXYJUMP=bastion # Name of another configured server
SSH_SERVER_PRODUCTION_PROXYCOMMAND=ncat --proxy 127.0.0.1:1080 --proxy-type socks5 %h %p
```
### Field Reference
| Field | Required | Description |
|-------|----------|-------------|
| `HOST` | Yes | Hostname or IP address |
| `USER` | Yes | SSH username |
| `PASSWORD` | Auth | Password for password-based authentication |
| `KEYPATH` | Auth | Path to SSH private key file |
| `PASSPHRASE` | No | Passphrase for encrypted private keys |
| `PORT` | No | SSH port (default: 22) |
| `DEFAULT_DIR` | No | Default working directory for commands |
| `SUDO_PASSWORD` | No | Password for sudo operations |
| `PLATFORM` | No | `linux` (default) or `windows` |
| `PROXYJUMP` | No | Name of a configured server to use as a jump host |
| `PROXYCOMMAND` | No | Custom proxy command (supports `%h` and `%p` placeholders) |
### TOML Format (Alternative)
ssh-mcp also supports TOML configuration, useful for OpenAI Codex integration. Place the file at `~/.codex/ssh-config.toml` or set `SSH_CONFIG_PATH`:
```toml
[ssh_servers.production]
host = "192.168.1.100"
user = "deploy"
key_path = "~/.ssh/id_ed25519"
port = 22
default_dir = "/var/www/myapp"
```
Set `PREFER_TOML_CONFIG=true` to prefer TOML over `.env` when both exist.
---
## Claude Code Registration
Register the MCP server with Claude Code:
```bash
claude mcp add ssh-manager node /absolute/path/to/ssh-mcp/src/index.js
```
The configuration is stored in `~/.config/claude-code/claude_code_config.json`.
After registration, Claude Code will list the ssh-mcp tools automatically. You can verify by asking Claude Code to run `ssh_list_servers`.
---
## Multiple Server Setup
Define as many servers as you need by repeating the variable block with different names:
```dotenv
# Production
SSH_SERVER_PRODUCTION_HOST=prod.example.com
SSH_SERVER_PRODUCTION_USER=deploy
SSH_SERVER_PRODUCTION_KEYPATH=~/.ssh/id_ed25519
# Staging
SSH_SERVER_STAGING_HOST=staging.example.com
SSH_SERVER_STAGING_USER=deploy
SSH_SERVER_STAGING_KEYPATH=~/.ssh/id_ed25519
# Database server
SSH_SERVER_DB_HOST=db.internal
SSH_SERVER_DB_USER=dba
SSH_SERVER_DB_KEYPATH=~/.ssh/id_ed25519
SSH_SERVER_DB_DEFAULT_DIR=/var/lib/mysql
# Bastion / jump host
SSH_SERVER_BASTION_HOST=bastion.example.com
SSH_SERVER_BASTION_USER=admin
SSH_SERVER_BASTION_KEYPATH=~/.ssh/id_ed25519
# Server behind bastion
SSH_SERVER_INTERNAL_HOST=10.0.0.5
SSH_SERVER_INTERNAL_USER=deploy
SSH_SERVER_INTERNAL_KEYPATH=~/.ssh/id_ed25519
SSH_SERVER_INTERNAL_PROXYJUMP=bastion
```
### Server Groups
After defining servers, you can organize them into groups using the `ssh_group_manage` tool:
```
ssh_group_manage action=create name=web-servers servers=["production","staging"]
```
Then execute commands across the group:
```
ssh_execute_group group=web-servers command="uptime"
```
---
## Tool Management
By default all 37 tools are enabled. To reduce context usage in Claude Code, use the CLI to disable groups you do not need:
```bash
ssh-manager tools configure # Interactive wizard
ssh-manager tools disable monitoring
ssh-manager tools disable database
ssh-manager tools list # Verify
```
See [Tool Management](TOOL_MANAGEMENT) for details.
---
## Development Setup
Install pre-commit hooks for secret scanning:
```bash
./scripts/setup-hooks.sh
```
Run tests:
```bash
npm test
```
Run the validation suite:
```bash
./scripts/validate.sh
```
---
## Troubleshooting
### "Server not found" errors
- Server names are case-insensitive. `PRODUCTION`, `production`, and `Production` all resolve to the same entry.
- Verify the `.env` file is in one of the searched locations (see table above).
- Run `ssh_list_servers` to see which servers are loaded.
### Connection timeouts
- Check that the remote host is reachable: `ssh -v user@host`
- Ensure port 22 (or your custom port) is open in firewalls.
- Idle connections are closed after 30 minutes. The server will reconnect automatically on the next tool call.
### Permission denied (publickey)
- Confirm the key path in `KEYPATH` points to the correct private key.
- Verify the public key is in `~/.ssh/authorized_keys` on the remote server.
- Check key file permissions: `chmod 600 ~/.ssh/id_ed25519`
### rsync / ssh_sync failures
- `ssh_sync` requires `rsync` installed on both local and remote machines.
- Password-based auth additionally requires `sshpass` on the local machine.
### Host key verification failed
- Use `ssh_key_manage action=verify server=name` to inspect the key.
- If the server was reinstalled, use `ssh_key_manage action=accept server=name` to trust the new key.
### Logs
Set `SSH_LOG_LEVEL=DEBUG` in your environment for verbose logging. Logs are written to stderr.
```bash
SSH_LOG_LEVEL=DEBUG node src/index.js 2>debug.log
```
---
*Repo: [ssh-mcp](https://git.mokoconsulting.tech/MokoConsulting/ssh-mcp) · [MokoStandards](https://git.mokoconsulting.tech/MokoConsulting/moko-platform/wiki/Home)*
| Revision | Date | Author | Description |
|---|---|---|---|
| 1.0 | 2026-05-09 | Moko Consulting | Initial version |