Hex SSH

Please install the `hex-ssh-mcp` MCP server into my current AI client (that's you).

Required prerequisites (do these first if not already done):
- **Install Node.js 20.19.0 or newer** — Node.js version 20.19.0 or higher is required to run the MCP server.
- **Install the hex-ssh-mcp package globally** — Install the MCP server package so the `hex-ssh-mcp` executable is available. Run: `npm i -g @levnikolaevich/hex-ssh-mcp` (https://www.npmjs.com/package/@levnikolaevich/hex-ssh-mcp)
- **Set up SSH key authentication and host verification** — This server supports key-only SSH authentication. Ensure your SSH keys are available via `~/.ssh/config`, default key paths, or `SSH_PRIVATE_KEY`. Host keys must also be verifiable via `~/.ssh/known_hosts` or `ALLOWED_HOST_FINGERPRINTS`.

Canonical MCP server config (stdio transport):
- command: `hex-ssh-mcp`
- args: []
- optional environment variables:
  - `ALLOWED_HOSTS`: Comma-separated resolved hostnames or IPs allowed for SSH connections. Recommended for production; when unset, all hosts are permitted. (example: `<host1>,<host2>`)
  - `SSH_CONFIG_PATH`: Override the default `~/.ssh/config` path used for resolving SSH host aliases, usernames, ports, and identity files. (example: `<path-to-ssh-config>`)
  - `ALLOWED_LOCAL_DIRS`: Comma-separated local directory prefixes allowed for `ssh-upload` and `ssh-download`. When unset, any absolute local path is permitted. (example: `<local-dir-1>,<local-dir-2>`)
  - `MAX_TRANSFER_BYTES`: Maximum allowed file size in bytes for SFTP upload and download operations. (example: `<max-bytes>`)
  - `TRANSFER_TIMEOUT_MS`: Maximum inactivity timeout in milliseconds for SFTP upload and download operations. (example: `<timeout-ms>`)
  - `ALLOWED_HOST_FINGERPRINTS`: Comma-separated SSH host key fingerprints used for fail-closed host verification when connecting to remote servers. (example: `SHA256:<fingerprint1>,SHA256:<fingerprint2>`)
  - `KNOWN_HOSTS_PATH`: Override the default `~/.ssh/known_hosts` path used for SSH host key verification. (example: `<path-to-known-hosts>`)
  - `REMOTE_SSH_MODE`: Enables and controls the `remote-ssh` tool. Supported values are `disabled` (default), `safe`, or `open`. (example: `safe`)
  - `ALLOWED_DIRS`: Comma-separated remote directory prefixes allowed for remote file operations. When unset, all remote paths are permitted. (example: `<remote-dir-1>,<remote-dir-2>`)
  - `SSH_PRIVATE_KEY`: SSH private key material or path to a private key file, used when not supplied via tool parameters or SSH config. (example: `<your-private-key-or-path>`)

Note: The README provides a stdio server executable (`hex-ssh-mcp`). SSH host aliases can be resolved from `~/.ssh/config`. The `remote-ssh` tool is disabled by default unless `REMOTE_SSH_MODE` is explicitly set to `safe` or `open`.

Add this MCP server to my current client's config in the correct format for you. If you need secrets or credentials I haven't provided, ASK me — do not invent values or leave raw placeholders. After adding it, tell me how to verify the server is connected.