Skip to main content
AI Integrations
macOS only
The AI-first code editor (VS Code fork)

Cursor + SSH through SSHive's MCP server

Let Cursor inspect your running fleet, list containers, read logs, edit configs over SFTP. Local MCP server, no cloud relay.

Download SSHive FreeSee the MCP overview
Cursor is a VS Code fork built around AI-assisted coding, Cmd+K for inline edits, Cmd+L for chat, agent mode for multi-step refactors. Its MCP support lets external tool servers expose capabilities the model can call. SSHive's MCP server gives Cursor seven tools: list active SSH sessions, run SSH commands, browse and read/write files over SFTP, and stream large file uploads without base64 overhead. All scoped to sessions you have actively open in SSHive, all authenticated through the macOS Keychain, all running on `127.0.0.1` only. The pairing is most useful when Cursor is editing code that depends on remote state, a Dockerfile that needs the host's actual `apt list --installed`, an nginx config that has to match the deployed version, a database migration that needs to know what tables actually exist. Instead of guessing or asking you to paste, Cursor asks the SSHive MCP server.

Set up Cursor with SSHive in 4 steps

  1. 1

    Enable the MCP server in SSHive

    Open SSHive on macOS, Settings → MCP, toggle "Enable MCP server". Copy the Bearer token displayed below.

  2. 2

    Open Cursor's MCP settings

    In Cursor: Cmd+Shift+J → Cursor Settings → MCP. Click "Add new MCP server" and paste the JSON snippet from SSHive's MCP settings panel (replace `<your-token>` with the actual Bearer token).

    Copy this
    {
  "mcpServers": {
    "sshive": {
      "type": "http",
      "url": "http://127.0.0.1:49422/mcp",
      "headers": {
        "Authorization": "Bearer <your-token>"
      }
    }
  }
}
  3. 3

    Reload Cursor

    Cmd+Shift+P → "Reload Window". When Cursor restarts, the MCP indicator in the bottom bar should show `sshive` connected with 7 tools. Click it to verify.

  4. 4

    Open SSH sessions to expose

    In SSHive, connect to the servers you want Cursor to see (Cursor only sees connected sessions). Now in Cursor chat, ask: "What containers are running on prod?", Cursor calls `ssh_list_sessions`, picks prod, runs `docker ps`, replies.

What to ask Cursor once connected

You ask

"Refactor this Dockerfile to match the package versions actually installed on prod."

What happens

Cursor pulls `apt list --installed` via `ssh_execute` on the prod session, diffs against your Dockerfile, proposes minimal changes.

You ask

"Generate the docker-compose.yml from the running compose stack on staging."

What happens

Cursor reads the deployed compose file via `sftp_read_file` and `docker compose config` via `ssh_execute`, produces a clean compose file aligned with reality.

You ask

"Tail the api-gateway logs and tell me when the next 500 error happens."

What happens

Cursor calls `ssh_execute` with `docker logs -f api-gateway 2>&1 | head -200`, scans for 500-status entries, summarizes the stack trace.

Why pair Cursor with SSHive

Cursor is at its best when generating code; it is at its weakest when reasoning about deployed state. Your repo and the deployed system drift constantly, and Cursor cannot know about that drift without help. SSHive's MCP server is the bridge: Cursor edits the code, SSHive feeds it ground truth about the running fleet. The result is code changes that align with reality on day one instead of after the second deploy fails. The security tradeoff is favorable: SSHive's sessions are pre-authenticated on the Mac running Cursor, so Cursor never sees credentials. The MCP server is loopback-only and Bearer-token-gated, so even another app on the same Mac cannot piggyback. And because the protocol is open (Anthropic's MCP), you can disable, switch to a different MCP client, or audit the traffic anytime, nothing is proprietary lock-in.

Frequently asked questions

Can Cursor accidentally run a destructive command?+
Cursor asks for confirmation before any tool call by default, including `ssh_execute`. You see the exact command, you click "Approve" or "Deny". You can set Cursor to auto-approve specific tools, but the default is approve-each.
Does this work for Cursor agent mode?+
Yes. The MCP tools are exposed to both chat mode and agent mode. In agent mode, Cursor can chain multiple SSHive tool calls automatically, for instance, `ssh_list_sessions` → `ssh_execute` → `sftp_read_file`, without you confirming each step if you set agent permissions accordingly.
What if I run Cursor remotely (over Cursor SSH Remote)?+
The MCP server runs on the host where Cursor's UI lives, i.e. your local Mac. Cursor SSH Remote runs the language server on the remote machine, but the MCP integration is configured client-side, so it points at your local SSHive. Your Mac talks to SSHive, your Mac talks to the remote dev box, the two are independent.

Try SSHive Free for macOS

Get the all-in-one SSH, SFTP, RDP and VNC client for Mac. Free download, no signup required.

Download SSHive Free