SEP-2325: SSH Custom Transport#2325
Open
tobert wants to merge 13 commits intomodelcontextprotocol:mainfrom
Open
SEP-2325: SSH Custom Transport#2325tobert wants to merge 13 commits intomodelcontextprotocol:mainfrom
tobert wants to merge 13 commits intomodelcontextprotocol:mainfrom
Conversation
Informational SEP documenting SSH as a custom transport for MCP. Covers embedded SSH server architecture, subsystem-based connection establishment, stdio-compatible message framing, and public key authentication. Includes comparison with stdio-over-SSH approach and reference implementation links. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
- Cut sections that restated other sections (mTLS rationale, transport burden, no resumability, backward compat, server config) - Simplify authorization to implementation guidance, defer to future SEP - Soften MUST/SHOULD to plain English except at security boundary - Shorten Architecture, Message Framing, Authentication, Error Handling - Fix diagram label to match simplified auth model - Note _meta namespace needs MCP project approval - Net -256 lines Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Everything to this point was from passes of Claude and Gemini. Now I've gone over most of the doc and cleaned up. Next will be another pass to clean up a couple things I noticed. Claude commits will follow.
Drop named subsystems (mcp-db, mcp-files) from the spec — separate ports are the simple answer for now, noted as a future possibility in open questions. Add sshAgent and keyFingerprint client config fields for agent control and key selection. De-emphasize username since identity is by key fingerprint, not SSH username. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Restructure Architecture to lead with sshd subsystem model — any existing stdio MCP server works immediately with one sshd_config line. Add diagram, multi-subsystem sshd_config examples (useful for containers and shared hosts), and deployment model tradeoffs in Rationale. Restore subsystem to client config for sshd subsystem routing. Scope embedded server MUSTs to embedded model only. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Assign PR number, set PR link, regenerate SEP docs, run formatter. Drop email from author line (angle brackets break MDX rendering). Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Author
|
I intend to keep this as a draft until everything it mentions has been prototyped. I am working on several now and will add them to the SEP as they become viable. Earlier versions proposed an authorization model. I opted to leave it out, but might bring it back after exploring the surface in go-sdk and rmcp. |
SDKs should make the authenticated key identity available to tool handlers through their standard request context, aligning with how HTTP transport surfaces token information. Transport provides identity, not policy. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Contributor
|
This likely needs to be a custom transport extension rather than be part of the core spec. Per #2321:
|
Stdio-to-SSH bridge for clients without native SSH transport. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Link to the Custom Transports section of the MCP specification in the abstract. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Author
Cool, makes sense. I clarified the doc a bit to make it clear it's a custom transport extension. It's already marked as informational in the front matter. |
Contributor
|
@modelcontextprotocol/transport-wg - something for the team to assess the viability of for extensions. |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
3 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
Status
This is an Informational SEP (not Standards Track). Early draft for discussion.
Reference implementations:
Errata