Read-only server monitoring and diagnostic tools for Linux and Unraid systems.
MCP SSH SRE
An MCP server providing read-only server monitoring tools to AI assistants. Runs predefined diagnostic commands over SSH and passes only the results to the LLM - your server credentials and shell are never exposed.
Quick Start (Docker)
Pre-built images available on GitHub Container Registry.
docker run -d \
-p 3000:3000 \
-e SSH_HOST=server.local \
-e SSH_USERNAME=mcp-readonly \
-e SSH_KEY_PATH=/keys/id_ed25519 \
-v ~/.ssh/id_ed25519_mcp:/keys/id_ed25519:ro \
ghcr.io/ohare93/mcp-ssh-sre:latest
Then add to your MCP client:
{
"mcpServers": {
"ssh-sre": {
"url": "http://your-server:3000/mcp"
}
}
}
See DEPLOYMENT.md for Docker Compose, local installation, authentication setup, and security configuration.
Why Use This?
Managing a Linux server involves SSH-ing in, running commands, correlating logs, and interpreting metrics. This MCP server lets AI assistants do that work using natural language.
Ask questions like:
- "Why is my Plex container crashing?"
- "Is my array healthy and are there any drives showing signs of failure?"
- "Which containers are consuming the most resources?"
- "Help me debug network connectivity between my nginx and database containers"
Instead of manually running docker logs, smartctl, docker inspect, and correlating outputs, your AI assistant does it in seconds.
Supported Platforms
| Platform | Status | Tools |
|---|---|---|
| Unraid | Full support | 12 modules (10 core + 2 Unraid-specific) |
| Generic Linux | Full support | 10 core modules |
| TrueNAS | Untested (PRs welcome) | Core tools should work |
| Proxmox | Untested (PRs welcome) | Core tools should work |
The server auto-detects your platform at startup and loads appropriate tools.
Features
- 12 tool modules with 79+ actions for comprehensive server management
- Dual transport - Stdio (local) or HTTP/SSE (network-accessible)
- Read-only by design - Zero risk of accidental modifications
- Docker management - Logs, stats, environment, ports, network topology
- Storage & array - Parity checks, SMART data, temperatures, mover logs (Unraid)
- Health diagnostics - Aggregated status with automatic issue detection
- System monitoring - Processes, disk I/O, network connections
- Log analysis - Search across containers and system logs
- VM management - List, inspect, VNC details, libvirt logs
- Security auditing - Port scanning, login monitoring, permission audits
Why SSH Instead of Platform APIs?
| Feature | APIs | SSH |
|---|---|---|
| Docker container logs | ❌ | ✅ |
| SMART disk health data | ❌ | ✅ |
| Real-time CPU/load averages | ❌ | ✅ |
| Network bandwidth monitoring | ❌ | ✅ |
| Process monitoring (ps/top) | ❌ | ✅ |
| Log file analysis | ❌ | ✅ |
SSH provides unrestricted access to system tools without API rate limiting.
Architecture
src/
├── platforms/
│ ├── linux/ # Generic Linux (baseline)
│ └── unraid/ # Unraid-specific tools
├── tools/core/ # 10 core tool modules
├── index.ts # Stdio transport
└── http-server.ts # HTTP transport
Adding New Platforms
- Create
src/platforms//index.tsimplementingPlatform - Add detection logic
- Create platform-specific tool modules
- Register in
src/platforms/index.ts
Development
npm run dev # Development with auto-reload
npm test # Run tests
npm run build # Build for production
License
ISC
Support
For issues and questions, open an issue on the GitHub repository.
Tools (7)
docker_managementManage logs, stats, environment, ports, and network topology for containers.storage_and_arrayCheck parity, SMART data, temperatures, and mover logs for Unraid systems.health_diagnosticsAggregated status with automatic issue detection.system_monitoringMonitor processes, disk I/O, and network connections.log_analysisSearch across containers and system logs.vm_managementList, inspect, and view VNC details or libvirt logs for virtual machines.security_auditingPerform port scanning, login monitoring, and permission audits.Environment Variables
SSH_HOSTrequiredThe hostname or IP of the server to monitor.SSH_USERNAMErequiredThe username for SSH authentication.SSH_KEY_PATHrequiredPath to the SSH private key inside the container.Configuration
{"mcpServers": {"ssh-sre": {"url": "http://your-server:3000/mcp"}}}