cnctd-service-ssh 0.1.8

SSH command execution service - library and MCP server
Documentation 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349

# cnctd-service-ssh

Secure SSH command execution MCP service for the cnctd ecosystem.

## Overview

This service provides SSH connectivity capabilities through the Model Context Protocol (MCP). It allows AI agents to securely execute commands on remote servers via SSH with **mandatory host key verification**, **whitelisted SSH keys**, and **public key authentication only**.

## Security Features

- **Mandatory Host Key Verification**: All SSH connections verify host keys - no bypass possible
-**Whitelisted SSH Keys**: Only pre-approved SSH keys can be used for authentication
-**Public Key Authentication Only**: Password authentication is completely disabled
-**No Target Overwrites**: Existing targets cannot be silently replaced - must explicitly unregister first
-**Comprehensive Logging**: All operations are logged with timestamps and details
-**Timeout Protection**: Commands have a 120-second timeout to prevent hanging connections

## Features

- **Secure Authentication**: Public key authentication with optional passphrase support
- **Mandatory Host Key Verification**: OpenSSH known_hosts verification always enforced
- **Target Management**: Register multiple SSH targets with unique identifiers
- **Command Execution**: Execute shell commands remotely with timeout support
- **Comprehensive Logging**: Detailed tracing for debugging and monitoring

## Setup Guide

### Complete SSH Keys Setup

Follow these steps to set up SSH access from the service to a target server:

#### 1. Create a dedicated SSH keypair (on the server running the SSH service)

```bash
# SSH into your MCP gateway/service host
ssh user@your-mcp-gateway.com

# Create a dedicated keypair for the SSH service
ssh-keygen -t ed25519 -f ~/.ssh/cnctd_ssh_service -C "cnctd-ssh-service"
# Press Enter for no passphrase (or add one for extra security)
```

#### 2. Copy the public key to your target servers

```bash
# View the public key
cat ~/.ssh/cnctd_ssh_service.pub

# Copy the output, then SSH to your target server
ssh user@target-server.com

# Add the public key to authorized_keys
echo "PASTE_PUBLIC_KEY_HERE" >> ~/.ssh/authorized_keys

# Ensure proper permissions
chmod 600 ~/.ssh/authorized_keys
```

Alternatively, use `ssh-copy-id`:
```bash
ssh-copy-id -i ~/.ssh/cnctd_ssh_service.pub user@target-server.com
```

#### 3. Add target servers to known_hosts

```bash
# Back on your MCP gateway, add the target server's host key
ssh-keyscan -H target-server.com >> ~/.ssh/known_hosts

# Or use the IP address
ssh-keyscan -H 192.168.1.100 >> ~/.ssh/known_hosts

# Verify the host was added
grep target-server.com ~/.ssh/known_hosts
```

#### 4. Mount SSH keys into the Docker container

Update your `docker-compose.yml`:

```yaml
ssh-service:
    image: kebtech/ssh-service:latest
    restart: unless-stopped
    volumes:
        - ~/.ssh:/root/.ssh:ro  # Mount SSH directory read-only
    networks:
      - mcp-network
    environment:
      - RUST_LOG=info
```

#### 5. Restart the service

```bash
docker-compose up -d ssh-service

# Verify it's running
docker ps | grep ssh-service
```

#### 6. Test the connection

Manually test SSH access first:
```bash
ssh -i ~/.ssh/cnctd_ssh_service user@target-server.com hostname
```

If that works, you're ready to use the MCP service!

### Quick Reference: Adding New Servers

For each new server you want to connect to:

```bash
# 1. Add public key to target server
ssh-copy-id -i ~/.ssh/cnctd_ssh_service.pub user@new-server.com

# 2. Add host key to known_hosts
ssh-keyscan -H new-server.com >> ~/.ssh/known_hosts

# 3. Test connection
ssh -i ~/.ssh/cnctd_ssh_service user@new-server.com hostname

# 4. Register via MCP (no restart needed)
# Use ssh_register_target tool with:
# - id: "new-server"
# - host: "new-server.com"
# - user: "user"
# - key_path: "/root/.ssh/cnctd_ssh_service"
```

## MCP Tools

### `ssh_register_target`

Register an SSH target configuration for later use.

**Parameters:**
- `id` (string, required): Unique identifier for this target
- `host` (string, required): Hostname or IP address
- `user` (string, required): SSH username
- `port` (number, optional): SSH port (default: 22)
- `key_path` (string, required): Path to whitelisted private key file
- `key_passphrase` (string, optional): Passphrase for encrypted private keys
- `known_hosts_path` (string, optional): Path to known_hosts file (default: `~/.ssh/known_hosts`)

**Whitelisted Key Paths:**
- `/root/.ssh/cnctd_ssh_service` (recommended dedicated key)
- `/root/.ssh/id_ed25519`
- `/root/.ssh/id_rsa`

**Example:**
```json
{
    "id": "my-server",
    "host": "example.com",
    "user": "ubuntu",
    "key_path": "/root/.ssh/cnctd_ssh_service"
}
```

**Security Notes:**
- Host key verification is **always enforced**. The target host must exist in your known_hosts file before registration.
- Target IDs cannot be overwritten - you must unregister a target before re-registering with the same ID.
- Only whitelisted key paths are accepted for additional security.

### `ssh_exec`

Execute a command on a registered target.

**Parameters:**
- `id` (string, required): Target ID previously registered
- `command` (string, required): Shell command to execute
- `timeout_secs` (number, optional): Execution timeout in seconds (default: 120)

**Returns:**
- `exec_id`: Unique execution identifier
- `exit_code`: Command exit code (0 = success)
- `stdout`: Standard output
- `stderr`: Standard error
- `duration_ms`: Execution duration in milliseconds

**Example:**
```json
{
    "id": "my-server",
    "command": "docker ps --format '{{.Names}}'"
}
```

### `ssh_unregister_target`

Remove a registered SSH target.

**Parameters:**
- `id` (string, required): Target ID to unregister

**Returns:**
- `id`: The target ID that was unregistered
- `existed`: Boolean indicating whether the target existed

## Common Use Cases

### Server Monitoring
```bash
# Check disk space
command: "df -h"

# View recent logs
command: "docker-compose logs --tail=50"

# Check running containers
command: "docker ps"

# System uptime and load
command: "uptime"
```

### Service Management
```bash
# Restart a service
command: "docker-compose restart service-name"

# View service status
command: "systemctl status nginx"

# Check resource usage (snapshot)
command: "docker stats --no-stream"
```

### File Operations
```bash
# Read a config file
command: "cat /etc/nginx/nginx.conf"

# List directory contents
command: "ls -la /var/www"

# Check file permissions
command: "stat /path/to/file"
```

**Note:** Streaming commands (`tail -f`, `docker logs -f`) won't work due to the request-response nature of MCP. Use snapshot commands instead.

## Troubleshooting

### "key_path not in whitelist"
- Only use one of the whitelisted key paths:
  - `/root/.ssh/cnctd_ssh_service`
  - `/root/.ssh/id_ed25519`
  - `/root/.ssh/id_rsa`

### "target already exists"
- A target with that ID is already registered
- Unregister it first with `ssh_unregister_target` before re-registering

### "Host key verification failed"
- Ensure you've added the host to known_hosts: `ssh-keyscan -H hostname >> ~/.ssh/known_hosts`
- The ~/.ssh directory must be mounted into the container
- Restart the container after updating known_hosts

### "Permission denied (publickey)"
- Verify the public key is in the target's `~/.ssh/authorized_keys`
- Check key permissions: `chmod 600 ~/.ssh/cnctd_ssh_service`
- Test manually: `ssh -i ~/.ssh/cnctd_ssh_service user@host`

### "Host not found in known_hosts file"
- Add the host: `ssh-keyscan -H hostname >> ~/.ssh/known_hosts`
- Restart the container to pick up the updated known_hosts file

### "Cannot read key_path"
- Ensure the SSH directory is mounted: `-v ~/.ssh:/root/.ssh:ro`
- Check the key exists: `docker exec container-name ls -la /root/.ssh`

## Security Architecture

### Defense in Depth

1. **Whitelist-Only Keys**: Only pre-approved SSH keys from `/root/.ssh/` can be used. Attackers cannot use arbitrary keys even if they gain MCP access.

2. **Mandatory Host Verification**: Every connection verifies the target server's host key against known_hosts. MITM attacks are prevented.

3. **No Password Auth**: Password authentication is completely removed from the codebase. Credential stuffing and brute force attacks on passwords are impossible.

4. **No Target Hijacking**: Existing target configurations cannot be silently replaced. An attacker must explicitly unregister before re-registering with different settings.

5. **Read-Only Mounts**: SSH keys are mounted read-only in the container, preventing modification even if the container is compromised.

### Attack Surface Analysis

**What attackers CANNOT do** (even with MCP access):
- ❌ Use password authentication
- ❌ Use arbitrary SSH keys outside the whitelist
- ❌ Bypass host key verification
- ❌ Silently replace existing target configurations
- ❌ Connect to hosts not in known_hosts

**What attackers CAN do** (with MCP access):
- ⚠️ Register new targets to servers in known_hosts using whitelisted keys
- ⚠️ Execute commands on registered targets
- ⚠️ Unregister targets

**Mitigation**: Treat MCP access as privileged. Only allow trusted AI agents or users to access the SSH MCP service.

## Security Considerations

1. **Host Key Verification**: Host key verification is **always enforced** and cannot be disabled. This protects against man-in-the-middle attacks.

2. **Dedicated Keys**: Use a separate keypair (`cnctd_ssh_service`) for the SSH service rather than personal keys. This makes key rotation and access control easier.

3. **Key File Permissions**: SSH private keys should have restrictive permissions (600). The Docker container should mount them read-only.

4. **No Password Authentication**: Password auth has been completely removed from the code for security.

5. **Timeout Protection**: Commands have a default 120-second timeout to prevent hanging connections.

6. **Least Privilege**: Only add the service's public key to servers it needs to access. Use different keys for different environments if needed.

7. **Whitelist Maintenance**: Review and update the key whitelist in `src/operations.rs` if you need to add or remove allowed keys.

## Development

### Building

```bash
cargo build --release
```

### Running Locally

```bash
RUST_LOG=info cargo run
```

### Docker

```bash
docker build -t cnctd-service-ssh .
docker run -i -v ~/.ssh:/root/.ssh:ro cnctd-service-ssh
```

## Environment Variables

- `RUST_LOG`: Log level (default: `info`, options: `trace`, `debug`, `info`, `warn`, `error`)

## License

See repository root for license information.