How to add MCP SSH Manager to Windsurf
Manage multiple SSH servers from Claude Code or OpenAI Codex — execute commands, transfer files, backups, DB ops, health monitoring. Paste the config into ~/.codeium/windsurf/mcp_config.json and restart Windsurf.
Last updated June 14, 2026 · 278★ · stdio · no auth
Windsurf config for MCP SSH Manager
npm install -g mcp-ssh-manager{
"mcpServers": {
"mcp-ssh-manager": {
"command": "node",
"args": [
"/path/to/mcp-ssh-manager/src/index.js"
]
}
}
}Setup steps
- 1Open Windsurf → Cascade → the hammer/MCP icon → Configure (or edit ~/.codeium/windsurf/mcp_config.json).
- 2Paste the MCP SSH Manager config below.
- 3Fill in placeholder secrets, then save.
- 4Click Refresh in the MCP panel.
- 5MCP SSH Manager's tools become available to Cascade.
Before you start
- Node.js v18 or higher
- npm
- Claude Code CLI (for Claude Code) or Codex CLI (for OpenAI Codex)
- Bash 4.0+ for the optional CLI management tools
- rsync for file synchronization (ssh_sync)
- sshpass (optional, for rsync with password authentication)
- SSH access and credentials for the remote servers you want to manage
What MCP SSH Manager can do in Windsurf
ssh_list_serversList all configured SSH servers with their details.
ssh_executeExecute a command on a remote server. Params: server, command, cwd (optional; falls back to the server's default directory).
ssh_uploadUpload a file to a remote server. Params: server, local_path, remote_path.
ssh_downloadDownload a file from a remote server. Params: server, remote_path, local_path.
ssh_syncBidirectional file synchronization between local and remote using rsync.
ssh_backup_createCreate a backup of a database (MySQL/PostgreSQL/MongoDB) or files on a remote server, with compression and metadata. Params: server, type, name, database, paths, retention.
ssh_backup_listList available backups on a remote server with size, date, and retention info. Params: server, type (optional filter).
ssh_backup_restoreRestore from a previous backup, with cross-database support. Params: server, backupId, database, targetPath.
Security
Grants an AI assistant the ability to run arbitrary shell commands, transfer files, and operate databases over SSH on remote servers. Store SSH credentials in a `.env` file that is never committed; prefer SSH keys or ssh-agent over inline passwords. Use the optional per-server security modes (v3.5.0+): `readonly` blocks mutating tools and destructive commands, `restricted` requires every `ssh_execute` command to match an `ALLOW_PATTERNS` regex and no `DENY_PATTERNS` (DENY wins, fail-closed). An opt-in JSONL audit log records each invocation and redacts sensitive args (password, passphrase, sudoPassword, token, secret, apikey). `autoApprove` in the client config is all-or-nothing per tool, so enabling it for ssh_execute trusts any command.
MCP SSH Manager + Windsurf FAQ
Where is the Windsurf config file?
Windsurf reads MCP servers from ~/.codeium/windsurf/mcp_config.json. Paste the MCP SSH Manager config there under the "mcpServers" key and restart the client.
Is MCP SSH Manager safe to use with Windsurf?
Grants an AI assistant the ability to run arbitrary shell commands, transfer files, and operate databases over SSH on remote servers. Store SSH credentials in a `.env` file that is never committed; prefer SSH keys or ssh-agent over inline passwords. Use the optional per-server security modes (v3.5.0+): `readonly` blocks mutating tools and destructive commands, `restricted` requires every `ssh_execute` command to match an `ALLOW_PATTERNS` regex and no `DENY_PATTERNS` (DENY wins, fail-closed). An opt-in JSONL audit log records each invocation and redacts sensitive args (password, passphrase, sudoPassword, token, secret, apikey). `autoApprove` in the client config is all-or-nothing per tool, so enabling it for ssh_execute trusts any command.
Which AI clients does it support?
Claude Code (configured via .env and `claude mcp add` / an mcpServers JSON block) and OpenAI Codex (configured via a `[mcp_servers.ssh-manager]` block in ~/.codex/config.toml plus a TOML ssh-config). Both expose the same set of MCP tools.
How are SSH servers configured?
For Claude Code, add `SSH_SERVER_<NAME>_HOST/_USER/_PASSWORD/_KEYPATH/_PASSPHRASE/_PORT/_DEFAULT_DIR/...` entries to a `.env` file. For Codex, define `[ssh_servers.<name>]` tables in a TOML file. The `ssh-manager` CLI can convert between the two formats, and config changes are hot-reloaded without restarting the server (v3.6.0+).
Can I limit which tools or commands the AI can run?
Yes. Tool activation lets you enable only specific tool groups (minimal mode is 5 tools, ~92% less context). Per-server security modes (v3.5.0+) add server-side filtering: `readonly` blocks mutating tools and destructive commands, and `restricted` requires each command to match an ALLOW_PATTERNS regex with DENY_PATTERNS taking precedence. An opt-in JSONL audit log records and redacts each invocation.