| Version | Supported |
|---|---|
| 1.8.x | Yes |
| < 1.8 | No |
If you discover a security vulnerability in MCP SSH Bridge, please report it responsibly.
Do NOT open a public GitHub issue for security vulnerabilities.
- Email: Send details to the project maintainer (see git log for contact)
- GitHub: Use GitHub Security Advisories to report privately
- Description of the vulnerability
- Steps to reproduce
- Potential impact
- Suggested fix (if any)
- Acknowledgment: Within 48 hours
- Initial assessment: Within 1 week
- Fix and release: Depends on severity
- Critical: Within 72 hours
- High: Within 1 week
- Medium/Low: Next release cycle
MCP SSH Bridge acts as a security boundary between an AI client (Claude Code) and remote SSH hosts. See docs/THREAT_MODEL.md for the full threat analysis.
| Control | Description |
|---|---|
| Command Validation | Whitelist/blacklist with regex patterns (CommandValidator) |
| Shell Escaping | Single-quote wrapping for all user-supplied parameters |
| Output Sanitization | 56 patterns masking secrets in command output (Sanitizer) |
| Rate Limiting | Per-host token bucket rate limiter (RateLimiter) |
| Audit Logging | Async JSON-lines audit trail (AuditLogger) |
| Host Key Verification | Strict mode by default (MITM protection) |
| Memory Safety | #![forbid(unsafe_code)], Zeroizing<String> for credentials |
| Path Validation | Traversal prevention on file operations |
| Dependency Auditing | cargo-deny + cargo-audit in CI |
- Strict (default): Only explicitly whitelisted commands are allowed
- Permissive: All commands except blacklisted patterns
- Compromise of the MCP client (Claude Code) itself
- Compromise of the SSH host being connected to
- Physical access to the machine running the bridge
- Side-channel attacks on the SSH transport (handled by the SSH library)