Posted on
Artificial Intelligence

Best MCP Tools for Linux

Author
  • User
    linuxbash
    Posts by this author
    Posts by this author

Best MCP Tools for Linux: Turn Your Terminal Into a Safe, Super‑Powered Assistant

If you’ve ever wished your AI assistant could read and edit files, run tests, or grep logs on your Linux box—without handing it the keys to your entire system—Model Context Protocol (MCP) is the bridge you’ve been waiting for.

MCP is an open protocol that lets AI clients connect to tools (“servers”) in a controlled way: file access is sandboxed, shell commands are whitelisted, secrets stay out of reach, and everything is auditable. This guide shows the best MCP tools to use on Linux, why they matter, and how to get them running from your Bash terminal today.

What you’ll get:

  • A quick primer on why MCP is valuable for Linux users

  • The best MCP clients and servers to start with

  • Step‑by‑step installs on apt, dnf, and zypper systems

  • Real‑world examples and security tips

Note: In this article, MCP refers to Model Context Protocol.


Why MCP belongs on your Linux machine

  • Least‑privilege by default: You decide exactly which directories a model can read/write, or which commands it can execute. No more “assistant with root” horror stories.

  • Reproducible automations: Turn everyday Linux tasks—running tests, formatting code, gathering system info—into safe, auditable tool calls.

  • Composable: Mix and match servers (filesystem, shell, git, web fetch) and plug them into an MCP client of your choice.

  • Developer‑friendly: Tools are plain processes over stdio/WebSocket; configuration is just JSON/TOML/YAML. Perfect for Bash automation and dotfiles.


The best MCP setup on Linux (clients + servers)

Below are the most useful, low‑friction MCP pieces to get productive fast. We’ll focus on things you can run locally and lock down.

  • An MCP client to “host” the tools inside your AI assistant:

    • Cline (VS Code extension) is a practical choice for coding on Linux.
    • Continue (VS Code/JetBrains) is another option with strong local/dev workflows.
    • A CLI “inspector/tester” is handy during setup to verify your servers.
  • Core MCP servers (safe defaults for dev/ops):

    • Filesystem server: Restrict file read/write to specific project directories.
    • Shell server: Allow only specific commands or patterns (e.g., ls, grep, pytest).
    • Git server: Expose common git operations without letting the model trash remotes.
    • Fetch/Web server: Let the model fetch URLs or APIs you whitelist.

Because distributions vary, we’ll install common prerequisites first, then install servers with npm or pip (both work well on Linux).


1) Install prerequisites (Node.js, Python, Git, jq)

These are standard packages, available across popular distros.

  • Debian/Ubuntu (apt):
sudo apt update
sudo apt install -y curl ca-certificates gnupg git python3 python3-pip jq

# Node.js LTS (recommended approach via Nodesource)
curl -fsSL https://deb.nodesource.com/setup_lts.x | sudo -E bash -
sudo apt install -y nodejs
  • Fedora/RHEL (dnf):
sudo dnf install -y curl ca-certificates gnupg2 git python3 python3-pip jq

# Node.js LTS (use distro or Nodesource)
sudo dnf module enable -y nodejs:latest
sudo dnf install -y nodejs
  • openSUSE (zypper):
sudo zypper refresh
sudo zypper install -y curl ca-certificates git python3 python3-pip jq nodejs npm

Verify:

node --version
npm --version
python3 --version
pip3 --version
git --version
jq --version

Tip: If your distro’s Node.js is very old, prefer the Nodesource LTS script or nvm.


2) Install an MCP client

  • Cline (VS Code)

    • Open VS Code, search for “Cline” in Extensions, and install.
    • Cline reads a simple JSON config that lists your MCP servers. We’ll create that next.
  • Continue (VS Code/JetBrains)

    • Install from your editor’s marketplace. Continue supports tool integrations you can map to MCP servers.
  • CLI testing (optional but useful)

    • Use Node to run and test servers from the terminal as you wire things up (most servers provide a “--help” and JSON config). We’ll show examples below.

Note: GUI clients don’t install via apt/dnf/zypper, but we’ll keep everything else terminal‑first.


3) Install core MCP servers

The MCP ecosystem evolves quickly, and the canonical servers are typically published via npm or pip. The common pattern is:

  • Install globally with npm or pip

  • Provide a minimal JSON/TOML config

  • Start the server as a long‑running process (systemd, tmux/screen) or let your client spawn it

Below are practical examples you can adapt.

A) Filesystem server (restrict AI to specific directories)

  • Install (npm global):
sudo npm install -g @modelcontextprotocol/server-filesystem
  • Minimal config (allow reads/writes only inside your project):
mkdir -p ~/.config/mcp/filesystem
cat > ~/.config/mcp/filesystem/config.json <<'EOF'
{
  "roots": [
    {
      "path": "/home/$USER/projects/myapp",
      "writable": true
    }
  ],
  "ignore": [
    "**/.git/**",
    "**/node_modules/**",
    "**/.venv/**"
  ]
}
EOF
  • Run:
mcp-server-filesystem --config ~/.config/mcp/filesystem/config.json

B) Shell server (whitelist safe commands)

  • Install:
sudo npm install -g @modelcontextprotocol/server-shell
  • Config (only allow basic introspection, grep, and tests):
mkdir -p ~/.config/mcp/shell
cat > ~/.config/mcp/shell/config.json <<'EOF'
{
  "allowedCommands": [
    {"cmd": "ls"},
    {"cmd": "grep"},
    {"cmd": "cat"},
    {"cmd": "pytest"},
    {"cmd": "npm", "args": ["test"]},
    {"cmd": "python3", "args": ["-m", "pytest"]}
  ],
  "workingDirectory": "/home/$USER/projects/myapp",
  "timeoutMs": 30000
}
EOF
  • Run:
mcp-server-shell --config ~/.config/mcp/shell/config.json

C) Git server (safe VCS operations)

  • Install:
sudo npm install -g @modelcontextprotocol/server-git
  • Config (limit to one repo path, disallow force pushes):
mkdir -p ~/.config/mcp/git
cat > ~/.config/mcp/git/config.json <<'EOF'
{
  "repoPath": "/home/$USER/projects/myapp",
  "allowPush": true,
  "allowForcePush": false,
  "allowedRemotes": ["origin"]
}
EOF
  • Run:
mcp-server-git --config ~/.config/mcp/git/config.json

D) Fetch/Web server (read whitelisted URLs/APIs)

  • Install:
sudo npm install -g @modelcontextprotocol/server-fetch
  • Config (lock to selected domains):
mkdir -p ~/.config/mcp/fetch
cat > ~/.config/mcp/fetch/config.json <<'EOF'
{
  "allow": [
    "https://docs.python.org/**",
    "https://api.github.com/**",
    "https://your.internal.domain/**"
  ],
  "block": [
    "http://**"
  ],
  "timeoutMs": 20000
}
EOF
  • Run:
mcp-server-fetch --config ~/.config/mcp/fetch/config.json

Notes:

  • If you prefer Python, equivalent MCP servers exist in Python as well; install with pip:

    • Debian/Ubuntu (apt) prerequisites for pip are already installed above:
    • pip install --user mcp-server-filesystem mcp-server-shell mcp-server-git mcp-server-fetch
    • Fedora/RHEL (dnf):
    • pip3 install --user mcp-server-filesystem mcp-server-shell mcp-server-git mcp-server-fetch
    • openSUSE (zypper):
    • pip3 install --user mcp-server-filesystem mcp-server-shell mcp-server-git mcp-server-fetch
  • Replace paths with your own. Always start with read‑only or minimal command sets and expand cautiously.


4) Wire servers into your client

Example: Cline (VS Code) reads a JSON config listing servers to spawn. Create or edit the Cline MCP configuration file (check Cline’s docs for the exact path; commonly inside your workspace or user settings).

Example Cline MCP config:

{
  "mcpServers": [
    {
      "name": "fs-myapp",
      "command": "mcp-server-filesystem",
      "args": ["--config", "/home/$USER/.config/mcp/filesystem/config.json"]
    },
    {
      "name": "shell-safe",
      "command": "mcp-server-shell",
      "args": ["--config", "/home/$USER/.config/mcp/shell/config.json"]
    },
    {
      "name": "git-ops",
      "command": "mcp-server-git",
      "args": ["--config", "/home/$USER/.config/mcp/git/config.json"]
    },
    {
      "name": "fetch-docs",
      "command": "mcp-server-fetch",
      "args": ["--config", "/home/$USER/.config/mcp/fetch/config.json"]
    }
  ]
}

Restart the client/extension, open your project, and ask the assistant to:

  • Read a file inside the allowed root

  • Run pytest

  • Show the current git status

  • Fetch a doc from docs.python.org

You should see tool calls and outputs in the client’s UI, with no access beyond what you configured.


5) Real‑world Linux workflow example

Goal: Let the assistant safely fix a failing test in your project.

  • Filesystem root: /home/$USER/projects/myapp (writable)

  • Shell allowed: ls, grep, cat, pytest, black, ruff

  • Git allowed: status, diff, commit, push (no force)

Workflow: 1) “Run the test suite and summarize failures.” - The shell server executes pytest and returns structured output. 2) “Open the failing test file and the target module; propose a fix.” - The filesystem server reads both files. 3) “Apply minimal edits, re‑run tests, and show me the diff.” - Filesystem writes changes; shell re‑runs pytest; git server provides diff. 4) “Commit with a message and push to origin.” - Git server performs commit and push (no force).

At no point did the model access $HOME secrets, ~/.ssh outside the repo, or arbitrary commands. You own the sandbox.


Security and hardening tips

  • Create a dedicated user for MCP:
sudo useradd -m -s /usr/sbin/nologin mcp
sudo usermod -L mcp  # lock password if not needed
  • Run servers as that user with systemd units or sudo -u mcp.

  • Narrow roots and whitelists. Start read‑only, then enable writes when you’re confident.

  • Use pattern allowlists for fetch (domain + path wildcards).

  • Log everything. Most servers accept --verbose or DEBUG env vars:

DEBUG=mcp:* mcp-server-shell --config ~/.config/mcp/shell/config.json
  • Prefer containers when appropriate (Podman/Docker) to further isolate shells or language toolchains.

Troubleshooting

  • The client can’t see the server:

    • Ensure the binary is in PATH: which mcp-server-filesystem
    • Try running the server manually with --help to confirm it starts
  • Permission denied:

    • Check directory ownership/permissions for your MCP user and roots
  • Commands “not found” in the shell server:

    • Install them for that user or ensure PATH is set in the server’s environment:
PATH=/usr/local/bin:/usr/bin:/bin mcp-server-shell --config ~/.config/mcp/shell/config.json
  • Overzealous ignores:
    • Temporarily remove ignore patterns to verify access, then re‑tighten

Conclusion and next steps

MCP gives Linux users a safe, composable way to put AI to work on real systems. Start small: one project root, a handful of shell commands, and read‑only file access. As trust grows, widen the sandbox—never the other way around.

Your next steps: 1) Install Node.js/Python and Git with your package manager. 2) Set up filesystem + shell servers and wire them into your MCP client. 3) Try the “fix a failing test” workflow and iterate on your configuration.

Have a favorite MCP server or a hardening trick that saved you? Share it with the community—your Bash‑fu may become someone else’s guardrail.