(PECL ssh2 >= 0.9.0)

ssh2_auth_passwordAuthenticate over SSH using a plain password


bool ssh2_auth_password ( resource $session , string $username , string $password )

Authenticate over SSH using a plain password. Since version 0.12 this function also supports keyboard_interactive method.



An SSH connection link identifier, obtained from a call to ssh2_connect().


Remote user name.


Password for username

Return Values

Returns TRUE on success or FALSE on failure.


Example #1 Authenticating with a password


if (
ssh2_auth_password($connection'username''secret')) {
"Authentication Successful!\n";
} else {
'Authentication Failed...');

add a note add a note

User Contributed Notes 3 notes

sgchris at gmail dot com
4 months ago
Please note that the function ssh2_auth_password raises PHP warning(!) on bad authentication. To avoid the warning, use the "silence" ("@") operator.

= ssh2_connect($host);
if (
false === $ssh) {
'connection failed');

$auth = @ssh2_auth_password($ssh, $user, $password);
if (
false === $auth) {
'authentication failed');
wally at soggysoftware dot co dot uk
8 years ago
This function is useful for authenticating website clients against local (or remote) Unix users.

I'd played around with Apache+PAM, various mod_auths and homebrewed shell programs and even NIS, but to authenticate a user against a Unix shadow file fundamentally requires root priviledges, so either your PHP script needs root or an external program needs it's sticky bit set.  Both of these have *serious* security implications.

Using SSH, the overhead is obviously going to be greater but you're trusting a root service that's been (and continues to be) really well tested.  Just try authing with SSH against localhost (or another host if you want).
noels01 at gmx dot net
10 years ago
Do not try to authenticate or log in more than once on a ssh2 connection. It won't work. You'll need a new connection via ssh2_connect() which will result in a poor performance if you're doing several connects to the same server.
To Top