MCP server for running sudo commands with encrypted password storage. Part of likezara™ MCP suite.
Project description
mcp-sudo
MCP server for running sudo commands with encrypted password storage.
Exposes 4 tools to persist a sudo password (encrypted with a machine-bound key) and invoke privileged commands without re-entering credentials. Designed for single-user Linux workstations.
Tools
| Tool | Purpose |
|---|---|
store_password |
Store sudo password (encrypted, one-time) |
sudo_exec |
Run shell command with sudo |
has_password |
Check if password is stored |
clear_password |
Remove stored password |
Security model
- Password is encrypted with Fernet (AES-128-CBC + HMAC-SHA256).
- Encryption key is derived from
machine-id+USER— never stored on disk. - Decryption only succeeds on the same machine with the same user.
- Encrypted blob lives at
~/.config/claude-sudo-mcp/credential.enc(chmod 600).
This is not a secrets manager. Treat this as "remember my sudo password for this session on this box." If your machine-id is copied to another box or another user reads the MCP process, the password can be recovered.
Install
cd /path/to/mcp-sudo
uv venv --python 3.12 .venv
uv pip install --python .venv/bin/python mcp cryptography
claude mcp add sudo -s user -- \
/path/to/mcp-sudo/.venv/bin/python /path/to/mcp-sudo/server.py
On first use, call store_password once to cache credentials.
Support the project ❤
- Ko-fi: https://ko-fi.com/kamaru
Contact
- Portfolio / general: k.kamarux@gmail.com
- Commercial / licensing: contact@likezara.com
Copyright © 2026 likezara™. All rights reserved. Developed by Kamaru (pen name).
Release history Release notifications | RSS feed
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
Built Distribution
Filter files by name, interpreter, ABI, and platform.
If you're not sure about the file name format, learn more about wheel file names.
Copy a direct link to the current filters
File details
Details for the file mcp_sudo-1.0.1.tar.gz.
File metadata
- Download URL: mcp_sudo-1.0.1.tar.gz
- Upload date:
- Size: 4.8 kB
- Tags: Source
- Uploaded using Trusted Publishing? No
- Uploaded via: uv/0.11.7 {"installer":{"name":"uv","version":"0.11.7","subcommand":["publish"]},"python":null,"implementation":{"name":null,"version":null},"distro":{"name":"Arch Linux","version":null,"id":null,"libc":null},"system":{"name":null,"release":null},"cpu":null,"openssl_version":null,"setuptools_version":null,"rustc_version":null,"ci":null}
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
02ab7d4459d3fed98aefd814c96aedf8fe76dbc4d652611ef83f9a8010aca35c
|
|
| MD5 |
c1567f56e6eac2f39cbb426af633e6b1
|
|
| BLAKE2b-256 |
aa1809958a30b3965f648ec0da298544a60d8efe5bacc1f07e4f296036b59dd4
|
File details
Details for the file mcp_sudo-1.0.1-py3-none-any.whl.
File metadata
- Download URL: mcp_sudo-1.0.1-py3-none-any.whl
- Upload date:
- Size: 5.2 kB
- Tags: Python 3
- Uploaded using Trusted Publishing? No
- Uploaded via: uv/0.11.7 {"installer":{"name":"uv","version":"0.11.7","subcommand":["publish"]},"python":null,"implementation":{"name":null,"version":null},"distro":{"name":"Arch Linux","version":null,"id":null,"libc":null},"system":{"name":null,"release":null},"cpu":null,"openssl_version":null,"setuptools_version":null,"rustc_version":null,"ci":null}
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
6a797c1323250824de32bce45308be242b9a271526e757e3f7e6dddfced51132
|
|
| MD5 |
782b958361921a1f8bed812d973c7342
|
|
| BLAKE2b-256 |
bdcbb042b263bd19895a608e4543e14f33482a0b9794a66b734dcb3ebe14eb2b
|
