[GH-ISSUE #3] is it possible to have standrard way to hide critical info from agents? #2

New issue

Closed

opened 2026-03-02 03:44:32 +03:00 by kerem · 1 comment

kerem commented 2026-03-02 03:44:32 +03:00

Owner

Copy link

Originally created by @Saifullah336 on GitHub (Jan 22, 2026).
Original GitHub issue: https://github.com/devnullvoid/mcp-ssh-session/issues/3

Originally assigned to: @devnullvoid on GitHub.

Hello there,
thanks a lot for this awesome hidden gem.it helps me manage and automate many things on prod server. Really grateful for this. I haven't seen much stable ssh MCP lately, rather than this and https://github.com/tufantunc/ssh-mcp .so I wanted some privacy features of the later one's inside this one. This way we would have best of both worlds. I actually have it done using a minimal but hacky way>> github.com/devnullvoid/mcp-ssh-session@0733c0ae5f . it works just nicely. Can you give me suggestions regarding how I can make this better? Afterward, I am willing to send a pull request .

Originally created by @Saifullah336 on GitHub (Jan 22, 2026). Original GitHub issue: https://github.com/devnullvoid/mcp-ssh-session/issues/3 Originally assigned to: @devnullvoid on GitHub. Hello there, thanks a lot for this awesome hidden gem.it helps me manage and automate many things on prod server. Really grateful for this. I haven't seen much stable ssh MCP lately, rather than this and https://github.com/tufantunc/ssh-mcp .so I wanted some privacy features of the later one's inside this one. This way we would have best of both worlds. I actually have it done using a minimal but hacky way>> https://github.com/devnullvoid/mcp-ssh-session/commit/0733c0ae5f8ce6a5cb357b2a9dc5c4df485710fb . it works just nicely. Can you give me suggestions regarding how I can make this better? Afterward, I am willing to send a pull request .

kerem closed this issue 2026-03-02 03:44:32 +03:00

kerem commented 2026-03-02 03:44:33 +03:00

Author

Owner

Copy link

@devnullvoid commented on GitHub (Feb 22, 2026):

Hi @Saifullah336,

Thank you for this excellent feature request and for sharing your implementation! This is a valuable addition for production environments where credential privacy is crucial.

I've implemented the environment variable override system based on your proposal, with a few improvements:

✅ What's Implemented

Core Features:

• Environment variable override system with OVRD_{host}_* prefix
• Support for all connection parameters: HOST, PORT, USER, PASS, KEY, SUDO_PASS, ENABLE_PASS
• Centralized _get_env_override() helper method in session_manager.py
• Fully backward compatible - works without env vars

Improvements from your implementation:

1. Cleaner code: Split the complex walrus operator one-liner into readable, maintainable statements
2. Type safety: Added integer validation for PORT with graceful fallback
3. Enable password support: Added OVRD_{host}_ENABLE_PASS for network devices (routers/switches)
4. Centralized logic: Single helper method that can be reused across the codebase

📁 Changes Made

File	Changes
session_manager.py	Added _resolve_connection() override logic and _get_env_override() helper
server.py	Added sudo_password and enable_password overrides
file_manager.py	Added sudo_password override for read_file/write_file
AGENTS.md	Added security documentation
README.md	Added usage examples
tests/test_env_override.py	Added comprehensive unit tests

🧪 Tests

Added 10 unit tests covering:

• Individual parameter overrides
• All parameters overridden together
• Invalid port handling
• Backward compatibility
• Host-specific isolation

All tests pass ✅

📖 Documentation

Updated both AGENTS.md and README.md with:

• Environment variable format
• Supported parameters table
• Configuration examples
• Security benefits explanation

---

Thanks again for this great contribution! The feature is now available and will help users keep their production credentials secure while still benefiting from AI-powered server management.

Closing this issue as implemented.

<!-- gh-comment-id:3940253191 --> @devnullvoid commented on GitHub (Feb 22, 2026): Hi @Saifullah336, Thank you for this excellent feature request and for sharing your implementation! This is a valuable addition for production environments where credential privacy is crucial. I've implemented the environment variable override system based on your proposal, with a few improvements: ### ✅ What's Implemented **Core Features:** - Environment variable override system with `OVRD_{host}_*` prefix - Support for all connection parameters: `HOST`, `PORT`, `USER`, `PASS`, `KEY`, `SUDO_PASS`, `ENABLE_PASS` - Centralized `_get_env_override()` helper method in `session_manager.py` - Fully backward compatible - works without env vars **Improvements from your implementation:** 1. **Cleaner code**: Split the complex walrus operator one-liner into readable, maintainable statements 2. **Type safety**: Added integer validation for PORT with graceful fallback 3. **Enable password support**: Added `OVRD_{host}_ENABLE_PASS` for network devices (routers/switches) 4. **Centralized logic**: Single helper method that can be reused across the codebase ### 📁 Changes Made | File | Changes | |------|---------| | `session_manager.py` | Added `_resolve_connection()` override logic and `_get_env_override()` helper | | `server.py` | Added sudo_password and enable_password overrides | | `file_manager.py` | Added sudo_password override for read_file/write_file | | `AGENTS.md` | Added security documentation | | `README.md` | Added usage examples | | `tests/test_env_override.py` | Added comprehensive unit tests | ### 🧪 Tests Added 10 unit tests covering: - Individual parameter overrides - All parameters overridden together - Invalid port handling - Backward compatibility - Host-specific isolation All tests pass ✅ ### 📖 Documentation Updated both `AGENTS.md` and `README.md` with: - Environment variable format - Supported parameters table - Configuration examples - Security benefits explanation --- Thanks again for this great contribution! The feature is now available and will help users keep their production credentials secure while still benefiting from AI-powered server management. Closing this issue as implemented.

kerem referenced this issue 2026-03-02 03:44:34 +03:00

[PR #2] [MERGED] Fix exit codes, shell escaping, validation, and logging #3

Sign in to join this conversation.

No Branch/Tag specified

Branches Tags

main

develop

fix-command-status-bugs-7172406866896967046

feature/interactive-pty

mikrotik-pager-fix-15611294975548920506

ssh-session-improvements

claude/enhance-test-action-01LrXF7hRXZVwhYUC6R4c3K5

claude/improve-prompt-detection-01B7fuzojimFXZHwF6wdSxuL

v0.2.2

v0.2.1

v0.1.9

v0.1.8

v0.1.7

v0.1.6

v0.1.5

v0.1.4

v0.1.3

v0.1.2

v0.1.1

v0.1.0

Labels

Clear labels   

pull-request

Mirrored from GitHub Pull Request

No labels

pull-request

Milestone

Clear milestone

No items

No milestone

Projects

Clear projects

No items

No project

Assignees

Clear assignees

No assignees

1 participant

Notifications

Subscribe

Due date

The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference

starred/mcp-ssh-session#2

No description provided.