Remote MCP Servers
Remote MCP servers connect over HTTP/HTTPS, enabling access to hosted services and shared infrastructure. Bolt is the primary example of a remote MCP server for security tools.
Tip
Looking for security tools? See Bolt for 100+ pre-installed Kali tools via Docker. This page covers general remote MCP configuration.
🎞️ MARP SLIDE: remote-transport.md
HTTP, SSE, and WebSocket transport options
📊 DIAGRAM: remote-mcp-architecture.mmd
Remote MCP server architecture
Architecture
flowchart LR subgraph Client["Cyberstrike"] Agent[AI Agent] MCPClient[MCP Client] end
subgraph Network["Network"] HTTP[HTTP/HTTPS] SSE[SSE Stream] end
subgraph Remote["Remote Server"] Server[MCP Server] Auth[Authentication] Tools[Tools/Resources] end
Agent --> MCPClient MCPClient --> HTTP HTTP --> Auth Auth --> Server Server --> Tools Server -.-> SSE SSE -.-> MCPClient
style Client fill:#3b82f6,color:#fff style Network fill:#8b5cf6,color:#fff style Remote fill:#10b981,color:#fffOverview
Remote MCP servers enable:
- Shared tool infrastructure
- Hosted security services
- Team collaboration
- Cloud-based capabilities
- Enterprise integrations
Adding via TUI
The easiest way to add a remote MCP server is directly from the Cyberstrike TUI using the /mcps command.
Opening the MCP Manager
Type /mcps in the TUI to open the MCP management dialog. It lists all configured servers with their current status:
✓ Enabled— connected and active○ Disabled— configured but inactive
Keyboard shortcuts: space to toggle enable/disable, a to add a new server, Enter to act on the selected server.
Steps to Add a Remote Server
- Press
a(or select “Add MCP Server”) → choose Remote - URL — enter the server URL, e.g.
https://mcp.example.com/sse— an invalid URL will show an error immediately - Server name — auto-derived from the hostname (
.replaced with-); edit if needed - Cyberstrike tests the connection before saving — if the connection fails, the server is not added; if it succeeds, the server is written to config
Config Written by TUI
{ "mcp": { "mcp-example-com": { "type": "remote", "url": "https://mcp.example.com/sse" } }}Connection Types
HTTP/SSE (Server-Sent Events)
Standard remote connection:
{ "mcp": { "servers": { "remote-tools": { "url": "https://mcp.example.com/sse" } } }}WebSocket
For bidirectional communication:
{ "mcp": { "servers": { "ws-tools": { "url": "wss://mcp.example.com/ws" } } }}Authentication
API Key
{ "mcp": { "servers": { "remote-tools": { "url": "https://mcp.example.com/sse", "headers": { "Authorization": "Bearer {env:MCP_API_KEY}" } } } }}OAuth 2.0
{ "mcp": { "servers": { "oauth-tools": { "url": "https://mcp.example.com/sse", "oauth": { "clientId": "{env:OAUTH_CLIENT_ID}", "clientSecret": "{env:OAUTH_CLIENT_SECRET}", "tokenUrl": "https://auth.example.com/token" } } } }}Custom Headers
{ "mcp": { "servers": { "custom-auth": { "url": "https://mcp.example.com/sse", "headers": { "X-API-Key": "{env:API_KEY}", "X-Tenant-ID": "my-tenant" } } } }}Popular Remote Servers
Cloudflare MCP
{ "mcp": { "servers": { "cloudflare": { "url": "https://mcp.cloudflare.com/sse", "headers": { "Authorization": "Bearer {env:CF_API_TOKEN}" } } } }}GitHub MCP
{ "mcp": { "servers": { "github": { "url": "https://mcp.github.com/sse", "oauth": { "clientId": "{env:GH_CLIENT_ID}", "scope": "repo,read:user" } } } }}Custom Enterprise
{ "mcp": { "servers": { "enterprise-tools": { "url": "https://mcp.internal.company.com/sse", "headers": { "Authorization": "Bearer {env:ENTERPRISE_TOKEN}" } } } }}Connection Options
Timeout
{ "mcp": { "servers": { "remote": { "url": "https://mcp.example.com/sse", "timeout": 60000 } } }}Retry Configuration
{ "mcp": { "servers": { "remote": { "url": "https://mcp.example.com/sse", "retry": { "enabled": true, "maxRetries": 3, "backoff": "exponential" } } } }}Keepalive
{ "mcp": { "servers": { "remote": { "url": "https://mcp.example.com/sse", "keepalive": { "enabled": true, "interval": 30000 } } } }}Proxy Configuration
HTTP Proxy
{ "mcp": { "servers": { "remote": { "url": "https://mcp.example.com/sse", "proxy": "http://proxy.company.com:8080" } } }}SOCKS Proxy
{ "mcp": { "servers": { "remote": { "url": "https://mcp.example.com/sse", "proxy": "socks5://localhost:1080" } } }}No Proxy
{ "mcp": { "servers": { "internal": { "url": "https://mcp.internal.company.com/sse", "noProxy": true } } }}SSL/TLS
Custom CA Certificate
{ "mcp": { "servers": { "remote": { "url": "https://mcp.example.com/sse", "ca": "/path/to/ca-cert.pem" } } }}Client Certificate
{ "mcp": { "servers": { "mtls": { "url": "https://mcp.example.com/sse", "cert": "/path/to/client-cert.pem", "key": "/path/to/client-key.pem" } } }}Skip Verification (Development Only)
{ "mcp": { "servers": { "dev": { "url": "https://localhost:8443/sse", "insecure": true } } }}Danger
Never use insecure connections in production. This bypasses SSL certificate verification.
Load Balancing
Multiple Endpoints
{ "mcp": { "servers": { "ha-tools": { "urls": [ "https://mcp1.example.com/sse", "https://mcp2.example.com/sse", "https://mcp3.example.com/sse" ], "loadBalance": "round-robin" } } }}Failover
{ "mcp": { "servers": { "failover-tools": { "urls": [ "https://mcp-primary.example.com/sse", "https://mcp-secondary.example.com/sse" ], "loadBalance": "failover" } } }}Health Monitoring
Connection Status
> Show MCP server statusOutput:
Remote MCP Servers:- cloudflare: connected (latency: 45ms)- github: connected (latency: 120ms)- enterprise: disconnected (retrying...)Latency Check
> Check latency to remote MCP serversAutomatic Reconnection
Cyberstrike automatically reconnects on connection loss with exponential backoff.
Security Considerations
Token Security
- Store tokens in environment variables
- Use short-lived tokens when possible
- Implement token rotation
- Monitor token usage
Network Security
- Use HTTPS only
- Verify SSL certificates
- Use VPN for internal servers
- Implement IP allowlisting
Data Privacy
- Review data sent to remote servers
- Understand data retention policies
- Use local servers for sensitive data
- Implement data masking if needed
Troubleshooting
Connection Refused
Error: Connection refused: https://mcp.example.comCheck:
- Server is running
- URL is correct
- Firewall allows connection
Authentication Failed
Error: 401 UnauthorizedVerify:
- API key is correct
- Token hasn’t expired
- Headers are properly formatted
Timeout
Error: Connection timeoutSolutions:
- Increase timeout value
- Check network connectivity
- Verify server is responsive
SSL Error
Error: SSL certificate problemCheck:
- Certificate is valid
- CA is trusted
- System time is correct
Tip
Use local servers for latency-sensitive operations and remote servers for shared capabilities.
Related Documentation
- Bolt / MCP Overview - Architecture and concepts
- Bolt - Docker-based Kali tools (recommended)
- Local Servers - Local MCP servers
- OAuth Configuration - OAuth setup