Labsco
wbf-solutions logo

Hetzner Cloud MCP Server — (Cloud API + SSH)

from wbf-solutions

Hetzner Cloud MCP Server — two management layers (Cloud API + SSH) with 60 tools. Manage server power, snapshots, firewalls, DNS, plus SSH into servers for service control, log viewing, Nginx management, MySQL queries, and system monitoring. Self-hosted PHP, MIT licensed.

🔥🔥🔥🔥✓ VerifiedAccount requiredAdvanced setup
<p align="center"> <img src="public/icons/hetzner-cloud-mcp-256.png" alt="Hetzner Cloud MCP" width="128" height="128"> </p>

Hetzner Cloud MCP Server

The only Hetzner MCP with SSH server management. API + SSH in one tool.

PHP 8.1+ License: MIT MCP Protocol

Manage your Hetzner Cloud infrastructure from Claude.ai, Claude Desktop, VS Code, Cursor, or any MCP-compatible client. The best part is that you can control and build anything into your servers using your phone with Claude, ChatGPT, or any other AI chat app. Two management layers give you complete control:

  • Layer 1 — Hetzner Cloud API: Server power, metrics, snapshots, backups, firewalls, DNS zones and records, rescue mode, server rebuild and rescale. Works even when the server OS is unresponsive.
  • Layer 2 — SSH: Services, logs, Nginx, MySQL, supervisor, cron, UFW, disk/memory/CPU monitoring. Real sysadmin tools, not just API wrappers.

60 tools. Dynamic multi-server configuration. Self-hosted and open source.


Why This MCP?

Every existing Hetzner MCP only wraps the Cloud API. This one adds a full SSH management layer — the tools you actually need when managing production servers. Two layers, 60 tools, self-hosted.

FeatureIncluded
Cloud API (server power, metrics, snapshots, backups, firewalls, rescue, rebuild)Yes
SSH Management (services, logs, Nginx, MySQL, system health)Yes
DNS Management (zones, records, CRUD)Yes
Multi-Server (1 to N servers from a single instance)Yes
Destructive Guards (confirm required for dangerous ops)Yes
TransportSSE + Streamable HTTP
LanguagePHP 8.1+

Available Tools (60)

Layer 1 — Hetzner Cloud API (25 tools)

ToolDescriptionDestructive
server_infoServer details: status, IP, type, datacenter
server_metricsCPU, disk, or network metrics
server_power_onPower on
server_power_offHard power offConfirm
server_shutdownGraceful ACPI shutdown
server_rebootSoft reboot
server_resetHard resetConfirm
server_reset_passwordReset root passwordConfirm
server_rescue_enableEnable rescue mode
server_rescue_disableDisable rescue mode
server_rebuildRebuild from image (wipes data)Confirm
server_change_typeRescale server planConfirm
snapshot_createCreate snapshot
snapshot_listList snapshots
snapshot_deleteDelete snapshotConfirm
backup_enableEnable backups (+20% cost)
backup_disableDisable backupsConfirm
firewall_listList firewalls
firewall_getGet firewall rules
firewall_set_rulesReplace all firewall rulesConfirm
firewall_apply_to_serverApply firewall to server
firewall_remove_from_serverRemove firewall from server
project_servers_listList all servers
ssh_keys_listList SSH keys
action_statusCheck async action status

DNS (8 tools, requires HETZNER_DNS_TOKEN)

ToolDescriptionDestructive
dns_zones_listList DNS zones
dns_zone_getGet zone details
dns_zone_createCreate DNS zone
dns_zone_deleteDelete DNS zoneConfirm
dns_records_listList records in zone
dns_record_addAdd DNS record
dns_record_updateUpdate DNS record
dns_record_deleteDelete DNS recordConfirm

Layer 2 — SSH (27 tools)

ToolDescription
ssh_service_statusCheck systemd service status
ssh_service_startStart a service
ssh_service_stopStop a service
ssh_service_restartRestart a service
ssh_services_listList running services
ssh_disk_usageDisk space (df -h)
ssh_memory_usageRAM usage (free -h)
ssh_cpu_loadCPU load + top processes
ssh_process_listTop processes by mem/CPU
ssh_uptimeServer uptime
ssh_nginx_testTest Nginx config syntax
ssh_nginx_reloadReload Nginx (tests first)
ssh_nginx_sites_listList enabled sites
ssh_nginx_site_configView site Nginx config
ssh_logs_nginx_errorTail Nginx error log
ssh_logs_nginx_accessTail Nginx access log
ssh_logs_syslogTail system log
ssh_logs_journalView systemd journal
ssh_logs_supervisorView supervisor logs
ssh_mysql_databasesList MySQL databases
ssh_mysql_processlistShow MySQL processes
ssh_mysql_queryRead-only SQL query
ssh_cron_listList crontab entries
ssh_supervisor_statusSupervisor program statuses
ssh_supervisor_restartRestart supervisor program
ssh_ufw_statusCheck UFW firewall
ssh_execRun command (dangerous cmds blocked)

Authentication

Choose the mode that fits your deployment:

ModeConfigBest for
No authMCP_API_KEY= (empty), no OAUTH_*Behind VPN/firewall, local dev
API keyMCP_API_KEY=your-keySelf-hosted, single user/team
API key + OAuthSet MCP_API_KEY + OAUTH_* varsMulti-user, Connectors Directory

API Key (recommended for self-hosting)

Generate a key and set it in .env:

openssl rand -hex 32

Clients pass the key as ?key=XXX or Authorization: Bearer XXX.

OAuth 2.1 (optional)

For advanced deployments or Anthropic Connectors Directory submission, you can add OAuth 2.1 token introspection alongside the static API key. This requires an external OAuth authorization server with an introspection endpoint (RFC 7662). See .env.example for the OAUTH_* variables.


Security

  • Authentication: API key via query param or Authorization: Bearer header. Optional OAuth 2.1 introspection. Timing-safe validation.
  • Destructive guards: All dangerous operations require confirm=true.
  • Tool annotations: All tools include readOnlyHint and destructiveHint per MCP spec.
  • SSH safety: 29 blocked command patterns (rm -rf, dd, mkfs, curl|sh, passwd, fdisk, etc.).
  • Read-only SQL: Only SELECT, SHOW, DESCRIBE, EXPLAIN allowed.
  • Rate limiting: Per-IP with atomic flock().

Contributing

See CONTRIBUTING.md. Security vulnerabilities: labs@wbf.solutions.

Links

License

MIT — WBF Solutions | labs@wbf.solutions