--- license: mit tags: - mcp - claude - shell - ssh - windows - dotnet language: - en --- # Shell MCP Server Terminal access for Claude with two security modes, plus SSH bridge for remote servers. ## Features - **Local shell** with safe/dangerous command separation - **SSH Bridge** - GUI app for secure remote server access - **Lift Pen** - Pause Claude's command execution instantly - **Sudo support** - Auto-send password for sudo commands (opt-in) - **Full visibility** - See every command Claude runs in real-time - **Background processes** - Spawn and manage long-running tasks - **File operations** - Write files without shell escaping issues ## Quick Start (Pre-built Binaries) Download from the `release/` folder: - `shell-mcp.dll` - MCP server for Claude Desktop - `ssh-bridge.exe` - GUI for SSH connections No build required - just configure Claude Desktop (see below). ## Components ### 1. Shell MCP (`shell-mcp.dll`) Local Windows terminal access with configurable command allowlists. ### 2. SSH Bridge (`ssh-bridge.exe`) WinForms GUI that: - You authenticate with password (held in memory only) - Claude sends commands through it - Real-time output display with syntax highlighting - **Lift Pen** button to pause Claude instantly - **Sudo** button to enable auto-password for sudo commands - **Pin** button to keep window on top - Right-click context menu: Copy, Copy All, Clear ## Installation ### Option 1: Use Pre-built Binaries 1. Download files from `release/` folder 2. Configure Claude Desktop (see below) ### Option 2: Build from Source **Prerequisites:** - .NET 8.0 SDK - Windows 10/11 ```bash git clone https://github.com/FreeOnlineUser/shell-mcp.git cd shell-mcp dotnet restore dotnet build ShellMcp.csproj -c Release dotnet build SshBridge.csproj -c Release ``` ### Configure Claude Desktop Edit `%APPDATA%\Claude\claude_desktop_config.json`: ```json { "mcpServers": { "shell_safe": { "command": "dotnet", "args": ["C:\\path\\to\\release\\shell-mcp.dll"], "env": { "SHELL_MCP_MODE": "safe", "SHELL_MCP_START_DIR": "C:\\your\\workspace", "SSH_BRIDGE_PATH": "C:\\path\\to\\release\\ssh-bridge.exe" } }, "shell_dangerous": { "command": "dotnet", "args": ["C:\\path\\to\\release\\shell-mcp.dll"], "env": { "SHELL_MCP_MODE": "dangerous", "SHELL_MCP_START_DIR": "C:\\your\\workspace", "SSH_BRIDGE_PATH": "C:\\path\\to\\release\\ssh-bridge.exe" } } } } ``` **Approval settings:** - `shell_safe` → "Allow always" - `shell_dangerous` → "Allow once" (asks every time) ## Tools ### Local Shell | Tool | Description | |------|-------------| | `Shell` | Execute a local command with optional timeout | | `Pwd` | Get current working directory | | `ShellInfo` | Show mode and list of allowed commands | | `ShellBatch` | Run multiple commands in sequence | ### SSH Tools | Tool | Description | |------|-------------| | `SshCommand` | Execute command on remote server | | `SshStatus` | Check if SSH Bridge is connected | | `SshPrefill` | Pre-fill connection details and optionally auto-connect | | `SshPenStatus` | Check if user has paused execution (pen lifted) | | `SshPenDown` | Request to resume execution | | `SshAbort` | Send Ctrl+C to abort running command | | `SshIsRunning` | Check if a command is currently executing | | `SshSetTimeout` | Set timeout for next command (1-3600 seconds) | | `SshTail` | Get last 50 lines of terminal output | | `SshKillPort` | Kill process listening on a specific port | | `SshSpawn` | Start a background process with a trackable name | | `SshListSpawned` | List all tracked background processes | | `SshKillSpawned` | Kill a background process by name | | `SshWriteFile` | Write content to file without shell escaping | | `SshAppendFile` | Append content to file without shell escaping | ## SSH Bridge Features ### Lift Pen (Pause Claude) Click **Lift Pen** to immediately pause Claude's command execution. Any running command is aborted, and new commands are blocked until you click again to resume. Perfect for: - Reviewing what Claude is doing - Taking manual control temporarily - Emergency stop ### Sudo Support Click **Sudo** to enable auto-password entry for sudo commands. When enabled: - Claude can run `sudo` commands without prompting - Your password is sent automatically when sudo asks - Password is only held in memory while connected ### Pin Window Click **Pin** to keep the SSH Bridge window always on top. ### Interactive Command Blocking The bridge automatically blocks interactive commands that would break the shell: - **Editors:** vim, nano, emacs (use `echo` or `SshWriteFile` instead) - **Pagers:** less, more (use `cat`, `head`, `tail` instead) - **TUI apps:** htop, top (use `top -b -n 1` or `ps aux`) - **Databases:** mysql, psql (use `-e` or `-c` flags for queries) - **Multiplexers:** tmux, screen (not supported) Each blocked command shows helpful alternatives. ## Security Model ### shell_safe (approve once) Read-only and build commands: - `dir`, `ls`, `type`, `cat`, `head`, `tail`, `find`, `grep`, `pwd`, `cd`, `tree` - `echo`, `date`, `time`, `whoami`, `hostname` - `git status`, `git log`, `git diff`, `git branch`, `git remote`, `git fetch`, `git show` - `dotnet build`, `dotnet run`, `dotnet test`, `dotnet restore` - `npm install`, `npm run`, `npm test`, `npm list`, `npm ci` - `node --version`, `yarn install`, `yarn build`, `yarn test` ### shell_dangerous (approve each time) Modifying commands: - `del`, `rm`, `rmdir`, `move`, `copy`, `mkdir` - `git push`, `git pull`, `git merge`, `git rebase`, `git reset`, `git commit`, `git add` - `taskkill`, `shutdown` - `npm install -g`, `npm uninstall` ### Always blocked - `format`, `diskpart`, `reg`, `regedit` - `net user`, `net localgroup` - `powershell -enc`, `rm -rf /`, `del /s /q c:\` ### SSH Bridge Security - Password held in memory only - never written to disk - Lift Pen for instant pause - Disconnect for instant revoke - All commands visible in real-time - Sudo disabled by default ## Output Handling - Large outputs are automatically truncated (last 150 lines returned to Claude) - Maximum 500KB per response - Real-time streaming display in SSH Bridge window - ANSI escape codes stripped for clean output ## Dependencies - [ModelContextProtocol](https://www.nuget.org/packages/ModelContextProtocol) - MCP SDK for .NET - [SSH.NET](https://www.nuget.org/packages/SSH.NET) - SSH client library - [BouncyCastle](https://www.nuget.org/packages/BouncyCastle.Cryptography) - Cryptography (SSH.NET dependency) ## License MIT