MCP SFTP Resource Handler
| Feature Name | Model Context Protocol (MCP) SFTP Resource |
| Feature ID | CrestApps.OrchardCore.AI.Mcp.Resources.Sftp |
Provides SFTP resource support for the MCP Server, allowing remote files to be exposed as MCP resources using sftp:// URIs.
Overview
This module implements the IMcpResourceTypeHandler interface to handle sftp:// URIs. It uses the SSH.NET library to connect to SFTP servers and retrieve file content.
Features
- SFTP Support: Connect to SFTP servers using SSH
- Multiple Authentication: Support for password and private key authentication
- Credentials Protection: Passwords and private keys are encrypted using
IDataProtectorwhen stored - Export Safety: Sensitive credentials are automatically cleared during deployment export
- MIME Type Detection: Automatic MIME type detection based on file extension
URI Pattern
sftp://{itemId}/{path}
{itemId}: The unique identifier of the MCP resource{path}: The path to the file on the SFTP server
Configuration
When creating an SFTP resource in the admin UI, you can configure:
| Field | Description |
|---|---|
| Host | The SFTP server hostname or IP address |
| Port | The SSH port (default: 22) |
| Username | SSH authentication username |
| Password | SSH authentication password (encrypted in storage) |
| Private Key | SSH private key for key-based authentication (encrypted in storage) |
Usage
Creating an SFTP Resource via Admin UI
- Navigate to Artificial Intelligence → MCP Resources
- Click Add Resource
- Select SFTP as the resource type
- Fill in the connection details:
- Display Text: A friendly name for the resource
- URI:
sftp://auto-generated-id/path/to/file.txt - Name: The MCP resource name
- Host, Port, Username, Password or Private Key
- Save the resource
Creating an SFTP Resource via Recipe
{
"steps": [
{
"name": "McpResource",
"Resources": [
{
"Source": "sftp",
"DisplayText": "Remote Log File",
"Resource": {
"Uri": "sftp://resource-id/var/log/app.log",
"Name": "remote-log",
"Description": "Application log from SFTP server",
"MimeType": "text/plain"
},
"Properties": {
"SftpConnectionMetadata": {
"Host": "ssh.example.com",
"Port": 22,
"Username": "user",
"Password": "",
"PrivateKey": ""
}
}
}
]
}
]
}
Note: Passwords and private keys are not exported for security reasons. You must manually set them after importing.
Authentication Methods
Password Authentication
Provide a username and password to authenticate with the SFTP server.
Private Key Authentication
Provide a username and the contents of your private key file. The private key can be:
- RSA key
- DSA key
- ECDSA key
- Ed25519 key
For keys with a passphrase, include the passphrase in the password field.
Security Considerations
- Credential Encryption: Passwords and private keys are encrypted at rest using ASP.NET Core Data Protection
- Export Safety: Sensitive credentials are automatically removed during deployment/recipe export
- Key-Based Auth: Prefer private key authentication over passwords when possible
- Key Protection: Keep private keys secure and consider using passphrase-protected keys
- Firewall: Ensure your server can reach the SFTP host on the configured port (typically 22)
Extending
To create a custom SFTP resource handler, you can implement IMcpResourceHandler to handle additional events:
public class CustomSftpMcpResourceHandler : IMcpResourceHandler
{
public void Exporting(ExportingMcpResourceContext context)
{
// Handle export customization
}
}
Related Modules
- MCP Server - Core MCP Server functionality
- MCP FTP Resource - FTP/FTPS support