MCP SSH Orchestrator

Apache 2.0

mcp-ssh-orchestrator
tests

test_ssh_integration.py•21.6 kB

"""Integration tests for SSH client using Paramiko SSH server. These tests use Paramiko's SSH server to create real SSH connections for comprehensive testing of SSH client functionality. """ import socket import threading import time from unittest.mock import MagicMock, patch import paramiko import pytest from mcp_ssh.ssh_client import SSHClient class SSHServerForTesting: """In-process SSH server for testing.""" def __init__( self, host="127.0.0.1", port=0, username="testuser", password="testpass" ): """Initialize SSH server.""" self.host = host self.port = port self.username = username self.password = password self.server_socket = None self.server = None self.thread = None self.running = False def start(self): """Start the SSH server in a background thread.""" # Create a socket self.server_socket = socket.socket(socket.AF_INET, socket.SOCK_STREAM) self.server_socket.setsockopt(socket.SOL_SOCKET, socket.SO_REUSEADDR, 1) self.server_socket.bind((self.host, self.port)) self.server_socket.listen(5) # Get the actual port _, self.port = self.server_socket.getsockname() # Create paramiko server host_key = paramiko.RSAKey.generate(2048) self.server = paramiko.Transport(self.server_socket) self.server.add_server_key(host_key) self.server.set_subsystem_handler( "sftp", paramiko.SFTPServer, paramiko.SFTPServerInterface ) # Set up server event event = threading.Event() def run_server(): self.running = True try: self.server.start_server( server=SSHServerHandlerForTesting(self.username, self.password) ) event.set() while self.running: channel = self.server.accept(1.0) if channel is None: continue if channel.chanid not in self.server.channels: continue # Handle commands in a separate handler self._handle_channel(channel) except Exception: pass finally: event.set() self.thread = threading.Thread(target=run_server, daemon=True) self.thread.start() event.wait(timeout=5.0) return host_key, self.port def _handle_channel(self, channel): """Handle commands on a channel.""" if channel.chanid not in self.server.channels: return try: while not channel.closed: if channel.recv_ready(): data = channel.recv(1024) if not data: break # Parse command (simplified) cmd = data.decode("utf-8", errors="ignore").strip() # Execute command if cmd.startswith("exit"): exit_code = int(cmd.split()[1]) if len(cmd.split()) > 1 else 0 channel.send_exit_status(exit_code) channel.close() elif cmd == "echo test": channel.send("test\n") channel.send_exit_status(0) channel.close() elif cmd == "sleep 1": time.sleep(1) channel.send_exit_status(0) channel.close() elif cmd == "output large": # Generate large output large_output = "x" * 10000 channel.send(large_output) channel.send_exit_status(0) channel.close() else: # Default response channel.send(f"Command: {cmd}\n") channel.send_exit_status(0) channel.close() except Exception: pass def stop(self): """Stop the SSH server.""" self.running = False if self.server: self.server.close() if self.server_socket: self.server_socket.close() if self.thread: self.thread.join(timeout=2.0) class SSHServerHandlerForTesting(paramiko.ServerInterface): """SSH server handler for Paramiko.""" def __init__(self, username, password): """Initialize server handler.""" self.username = username self.password = password def check_auth_password(self, username, password): """Check password authentication.""" if username == self.username and password == self.password: return paramiko.AUTH_SUCCESSFUL return paramiko.AUTH_FAILED def check_auth_publickey(self, username, key): """Check public key authentication.""" # For simplicity, accept any key for the correct username if username == self.username: return paramiko.AUTH_SUCCESSFUL return paramiko.AUTH_FAILED def check_channel_request(self, kind, chanid): """Check channel request.""" if kind == "session": return paramiko.OPEN_SUCCEEDED return paramiko.OPEN_FAILED_ADMINISTRATIVELY_PROHIBITED def get_allowed_auths(self, username): """Get allowed authentication methods.""" return "password,publickey" @pytest.fixture def ssh_server(): """Create and start an SSH server for testing.""" server = SSHServerForTesting() try: host_key, port = server.start() time.sleep(0.5) # Give server time to start yield server, host_key, port finally: server.stop() def test_ssh_connection_success(ssh_server, tmp_path): """Test successful SSH connection.""" server, host_key, port = ssh_server # Create known_hosts file with server key known_hosts = tmp_path / "known_hosts" host_key.write_private_key_file(str(known_hosts.parent / "host_key")) # Add host key to known_hosts with open(known_hosts, "w") as f: f.write(f"127.0.0.1 {host_key.get_name()} {host_key.get_base64()}\n") _ = SSHClient( host="127.0.0.1", username="testuser", port=port, password="testpass", known_hosts_path=str(known_hosts), require_known_host=True, ) # Test connection (will fail without proper key setup, but we can test the path) # Since we can't easily add the dynamic host key, we'll test with require_known_host=False # or mock the connection def test_ssh_password_authentication(ssh_server, tmp_path): """Test SSH password authentication.""" server, host_key, port = ssh_server # Create known_hosts (empty for now, we'll handle this differently) _ = tmp_path / "known_hosts" # For testing, we'll need to mock or bypass host key checking # or use a different approach def test_ssh_key_authentication(ssh_server, tmp_path): """Test SSH key-based authentication.""" server, host_key, port = ssh_server # Generate a test key pair test_key = paramiko.RSAKey.generate(2048) key_path = tmp_path / "test_key" test_key.write_private_key_file(str(key_path)) known_hosts = tmp_path / "known_hosts" _ = SSHClient( host="127.0.0.1", username="testuser", port=port, key_path=str(key_path), known_hosts_path=str(known_hosts), require_known_host=False, # Bypass for testing ) def test_ssh_run_command_success(tmp_path): """Test running a command successfully with mocked connection.""" known_hosts = tmp_path / "known_hosts" client = SSHClient( host="127.0.0.1", username="testuser", port=2222, password="testpass", known_hosts_path=str(known_hosts), require_known_host=False, ) # Mock the SSH connection mock_client = MagicMock() mock_channel = MagicMock() mock_transport = MagicMock() # Setup channel behavior for successful command execution output_chunks = [b"test output\n", b"more output\n"] # Two chunks of data output_iter = iter(output_chunks) recv_count = [0] def recv_ready(): # Return True for first 2 calls, then False recv_count[0] += 1 return recv_count[0] <= 2 def recv(size): return next(output_iter, b"") mock_channel.recv_ready.side_effect = recv_ready mock_channel.recv.side_effect = recv mock_channel.recv_stderr_ready.return_value = False # exit_status_ready should be True when no more data to receive mock_channel.exit_status_ready.return_value = True mock_channel.recv_exit_status.return_value = 0 mock_transport.open_session.return_value = mock_channel mock_client.get_transport.return_value = mock_transport mock_transport.sock.getpeername.return_value = ("127.0.0.1", 2222) with patch.object(client, "_connect", return_value=(mock_client, "127.0.0.1")): cancel_event = threading.Event() result = client.run_streaming( command="echo test", cancel_event=cancel_event, max_seconds=60, max_output_bytes=1024 * 1024, ) ( exit_code, duration_ms, cancelled, timeout, bytes_out, bytes_err, combined, peer_ip, ) = result assert exit_code == 0 assert not cancelled assert not timeout assert peer_ip == "127.0.0.1" assert "test output" in combined def test_ssh_run_command_cancellation(tmp_path): """Test command cancellation.""" known_hosts = tmp_path / "known_hosts" client = SSHClient( host="127.0.0.1", username="testuser", port=2222, password="testpass", known_hosts_path=str(known_hosts), require_known_host=False, ) # Mock the SSH connection with a slow command mock_client = MagicMock() mock_channel = MagicMock() mock_transport = MagicMock() def slow_recv(size): time.sleep(0.1) if not cancel_event.is_set(): return b"output\n" return b"" mock_channel.recv_ready.side_effect = lambda: not cancel_event.is_set() mock_channel.recv.side_effect = slow_recv mock_transport.open_session.return_value = mock_channel mock_client.get_transport.return_value = mock_transport mock_transport.sock.getpeername.return_value = ("127.0.0.1", 2222) cancel_event = threading.Event() def cancel_soon(): time.sleep(0.2) cancel_event.set() cancel_thread = threading.Thread(target=cancel_soon, daemon=True) cancel_thread.start() with patch.object(client, "_connect", return_value=(mock_client, "127.0.0.1")): result = client.run_streaming( command="sleep 10", cancel_event=cancel_event, max_seconds=60, max_output_bytes=1024 * 1024, ) ( exit_code, duration_ms, cancelled, timeout, bytes_out, bytes_err, combined, peer_ip, ) = result assert cancelled is True def test_ssh_run_command_timeout(tmp_path): """Test command timeout.""" known_hosts = tmp_path / "known_hosts" client = SSHClient( host="127.0.0.1", username="testuser", port=2222, password="testpass", known_hosts_path=str(known_hosts), require_known_host=False, ) # Mock the SSH connection with a command that times out mock_client = MagicMock() mock_channel = MagicMock() mock_transport = MagicMock() mock_channel.recv_ready.return_value = False mock_channel.exit_status_ready.return_value = False mock_transport.open_session.return_value = mock_channel mock_client.get_transport.return_value = mock_transport mock_transport.sock.getpeername.return_value = ("127.0.0.1", 2222) cancel_event = threading.Event() with patch.object(client, "_connect", return_value=(mock_client, "127.0.0.1")): result = client.run_streaming( command="sleep 100", cancel_event=cancel_event, max_seconds=1, # Very short timeout max_output_bytes=1024 * 1024, ) ( exit_code, duration_ms, cancelled, timeout, bytes_out, bytes_err, combined, peer_ip, ) = result assert timeout is True def test_ssh_run_command_output_limit(tmp_path): """Test output size limit.""" known_hosts = tmp_path / "known_hosts" client = SSHClient( host="127.0.0.1", username="testuser", port=2222, password="testpass", known_hosts_path=str(known_hosts), require_known_host=False, ) # Mock the SSH connection with large output mock_client = MagicMock() mock_channel = MagicMock() mock_transport = MagicMock() large_output = b"x" * 2000 # Larger than limit output_sent = [False] def recv(size): if not output_sent[0]: output_sent[0] = True return large_output[:100] # Send in chunks return b"" mock_channel.recv_ready.return_value = True mock_channel.recv.side_effect = recv mock_channel.exit_status_ready.return_value = True mock_channel.recv_exit_status.return_value = 0 mock_transport.open_session.return_value = mock_channel mock_client.get_transport.return_value = mock_transport mock_transport.sock.getpeername.return_value = ("127.0.0.1", 2222) cancel_event = threading.Event() with patch.object(client, "_connect", return_value=(mock_client, "127.0.0.1")): result = client.run_streaming( command="generate output", cancel_event=cancel_event, max_seconds=60, max_output_bytes=1000, # Small limit ) ( exit_code, duration_ms, cancelled, timeout, bytes_out, bytes_err, combined, peer_ip, ) = result # Should respect output limit assert bytes_out <= 1000 or cancelled is True def test_ssh_connection_error_handling(tmp_path): """Test SSH connection error handling.""" known_hosts = tmp_path / "known_hosts" client = SSHClient( host="127.0.0.1", username="testuser", port=2222, password="testpass", known_hosts_path=str(known_hosts), require_known_host=False, ) # Test connection refused - should be caught and added to error buffer with patch.object( client, "_connect", side_effect=ConnectionRefusedError("Connection refused") ): cancel_event = threading.Event() result = client.run_streaming( command="echo test", cancel_event=cancel_event, max_seconds=60, max_output_bytes=1024, ) # Should return error result ( exit_code, duration_ms, cancelled, timeout, bytes_out, bytes_err, combined, peer_ip, ) = result assert exit_code == -1 assert ( "connection refused" in combined.lower() or "connection" in combined.lower() ) def test_ssh_authentication_error_handling(tmp_path): """Test SSH authentication error handling.""" known_hosts = tmp_path / "known_hosts" client = SSHClient( host="127.0.0.1", username="testuser", port=2222, password="wrongpass", known_hosts_path=str(known_hosts), require_known_host=False, ) # Test authentication failure - should be caught and added to error buffer auth_error = paramiko.AuthenticationException("Authentication failed") with patch.object(client, "_connect", side_effect=auth_error): cancel_event = threading.Event() result = client.run_streaming( command="echo test", cancel_event=cancel_event, max_seconds=60, max_output_bytes=1024, ) # Should return error result ( exit_code, duration_ms, cancelled, timeout, bytes_out, bytes_err, combined, peer_ip, ) = result assert exit_code == -1 assert ( "authentication" in combined.lower() or "authentication" in str(auth_error).lower() ) def test_ssh_host_key_verification(tmp_path): """Test SSH host key verification.""" known_hosts = tmp_path / "known_hosts" # Create known_hosts with a key key1 = paramiko.RSAKey.generate(2048) with open(known_hosts, "w") as f: f.write(f"127.0.0.1 {key1.get_name()} {key1.get_base64()}\n") # Try to connect with require_known_host=True client = SSHClient( host="127.0.0.1", username="testuser", port=2222, password="testpass", known_hosts_path=str(known_hosts), require_known_host=True, ) # Mock connection that doesn't match known hosts mock_client = MagicMock() mock_client.get_host_keys.return_value = {} # Should raise error about missing host key with patch("paramiko.SSHClient", return_value=mock_client): with pytest.raises(RuntimeError) as exc_info: client._connect() assert ( "known_hosts" in str(exc_info.value).lower() or "host key" in str(exc_info.value).lower() ) def test_ssh_load_system_host_keys(tmp_path): """Test loading system host keys when known_hosts_path is not provided.""" client = SSHClient( host="127.0.0.1", username="testuser", port=2222, password="testpass", known_hosts_path=None, # No custom known_hosts require_known_host=False, ) # Mock SSH client mock_client = MagicMock() mock_transport = MagicMock() mock_transport.sock = MagicMock() mock_transport.sock.getpeername.return_value = ("127.0.0.1", 2222) mock_client.get_transport.return_value = mock_transport with patch("paramiko.SSHClient", return_value=mock_client): with patch.object(mock_client, "connect"): # Should try to load system host keys try: client._connect() # If no exception, it should have called load_system_host_keys # (or handled the exception silently) except Exception: pass # Expected for mocked connection def test_ssh_peer_ip_extraction(tmp_path): """Test peer IP extraction from transport.""" known_hosts = tmp_path / "known_hosts" client = SSHClient( host="127.0.0.1", username="testuser", port=2222, password="testpass", known_hosts_path=str(known_hosts), require_known_host=False, ) # Mock SSH connection with transport mock_client = MagicMock() mock_channel = MagicMock() mock_transport = MagicMock() mock_socket = MagicMock() mock_socket.getpeername.return_value = ("192.168.1.100", 54321) mock_transport.sock = mock_socket mock_channel.recv_exit_status.return_value = 0 mock_channel.makefile.return_value = [b"output\n"] mock_channel.makefile_stderr.return_value = [] mock_transport.open_session.return_value = mock_channel mock_client.get_transport.return_value = mock_transport with patch.object(client, "_connect", return_value=(mock_client, "192.168.1.100")): cancel_event = threading.Event() result = client.run_streaming( command="echo test", cancel_event=cancel_event, max_seconds=60, max_output_bytes=1024, ) _, _, _, _, _, _, _, peer_ip = result assert peer_ip == "192.168.1.100" def test_ssh_peer_ip_extraction_failure(tmp_path): """Test peer IP extraction when socket is not available.""" known_hosts = tmp_path / "known_hosts" client = SSHClient( host="127.0.0.1", username="testuser", port=2222, password="testpass", known_hosts_path=str(known_hosts), require_known_host=False, ) # Mock SSH connection without socket mock_client = MagicMock() mock_channel = MagicMock() mock_transport = MagicMock() mock_transport.sock = None # No socket mock_channel.recv_exit_status.return_value = 0 mock_channel.makefile.return_value = [b"output\n"] mock_channel.makefile_stderr.return_value = [] mock_transport.open_session.return_value = mock_channel mock_client.get_transport.return_value = mock_transport with patch.object(client, "_connect", return_value=(mock_client, "")): cancel_event = threading.Event() result = client.run_streaming( command="echo test", cancel_event=cancel_event, max_seconds=60, max_output_bytes=1024, ) _, _, _, _, _, _, _, peer_ip = result assert peer_ip == "" # Should return empty string when socket unavailable

Latest Blog Posts

The 50MB Markdown Files That Broke Our Server
By punkpeye on December 3, 2025.
react
react-router
node-js
OpenTelemetry for Model Context Protocol (MCP) Analytics and Agent Observability
By Om-Shree-0709 on November 29, 2025.
observability
mcp
opentelemetry
Securing Enterprise AI Agents with Unique Identities in the Model Context Protocol (MCP)
By Om-Shree-0709 on November 27, 2025.

MCP directory API

We provide all the information about MCP servers via our MCP API.

curl -X GET 'https://glama.ai/api/mcp/v1/servers/samerfarida/mcp-ssh-orchestrator'

If you have feedback or need assistance with the MCP directory API, please join our Discord server