@fangjunjie/ssh-mcp-server

SSH private key access

Detected by automated pattern matching (rule DE-005) with medium confidence. May be a false positive.

    103:         "--port", "22",
    104:         "--username", "root",
>>> 105:         "--privateKey", "~/.ssh/id_rsa"
    106:       ]
    107:     }

SSH directory access

Detected by automated pattern matching (rule DE-001) with medium confidence. May be a false positive.

    123:         "--port", "22",
    124:         "--username", "root",
>>> 125:         "--privateKey", "~/.ssh/id_rsa",
    126:         "--passphrase", "pwd123456"
    127:       ]

SSH private key access

Detected by automated pattern matching (rule DE-005) with medium confidence. May be a false positive.

    123:         "--port", "22",
    124:         "--username", "root",
>>> 125:         "--privateKey", "~/.ssh/id_rsa",
    126:         "--passphrase", "pwd123456"
    127:       ]

SSH directory access

Detected by automated pattern matching (rule DE-001) with medium confidence. May be a false positive.

    103:         "--port", "22",
    104:         "--username", "root",
>>> 105:         "--privateKey", "~/.ssh/id_rsa"
    106:       ]
    107:     }

Decoded base64 content: I!¢y�rب�Ƨj�

Detected by automated pattern matching (rule DO-BAS) with medium confidence. May be a false positive.

Decoded base64 content: I!¢y�rب�Ƨj�

Detected by automated pattern matching (rule DO-BAS) with medium confidence. May be a false positive.

Decoded base64 content: rZ,y�ܕ�,}����!

Detected by automated pattern matching (rule DO-BAS) with medium confidence. May be a false positive.

Decoded base64 content: rZ,y�ܕ�,}����!

Detected by automated pattern matching (rule DO-BAS) with medium confidence. May be a false positive.

Dynamic code execution via exec()

Detected by automated pattern matching (rule SC-003) with medium confidence. May be a false positive.

    235:             };
    236:             // Execute command via SSH exec
>>> 237:             client.exec(cmdString, 
    238:             // allocate a pseudo-tty
    239:             { pty: true }, (err, stream) => {

Decoded base64 content: I!¢y�rب�Ƨj�

Detected by automated pattern matching (rule DO-BAS) with medium confidence. May be a false positive.

Decoded base64 content: I!¢y�rب�Ƨj�

Detected by automated pattern matching (rule DO-BAS) with medium confidence. May be a false positive.

Decoded base64 content: I!¢y�rب�Ƨj�

Detected by automated pattern matching (rule DO-BAS) with medium confidence. May be a false positive.

Dynamic code execution via exec()

Detected by automated pattern matching (rule SC-003) with medium confidence. May be a false positive.

    12:         const execCommand = (command) => {
    13:             return new Promise((resolve, reject) => {
>>> 14:                 client.exec(command, (err, stream) => {
    15:                     if (err) {
    16:                         reject(err);

High-entropy string (4.9 bits/char) — possible encoded payload

Detected by automated pattern matching (rule EN-001) with medium confidence. May be a false positive.

High-entropy string (4.7 bits/char) — possible encoded payload

Detected by automated pattern matching (rule EN-001) with medium confidence. May be a false positive.

High-entropy string (4.5 bits/char) — possible encoded payload

Detected by automated pattern matching (rule EN-001) with medium confidence. May be a false positive.

High-entropy string (4.7 bits/char) — possible encoded payload

Detected by automated pattern matching (rule EN-001) with medium confidence. May be a false positive.

High-entropy string (5.1 bits/char) — possible encoded payload

Detected by automated pattern matching (rule EN-001) with medium confidence. May be a false positive.

High-entropy string (4.8 bits/char) — possible encoded payload

Detected by automated pattern matching (rule EN-001) with medium confidence. May be a false positive.