In my experience, a lot of hosts deny shell access via SSH but allow SFTP access. ie. try to connect via ssh2_exec() and all you'll get back is this:

Shell access is not enabled on your account!
If you need shell access please contact support.

And that's even assuming you get output back at all - all to often, ssh2_exec() returns prematurely, as noted here:

http://www.frostjedi.com/phpbb/viewtopic.php?f=46&t=13223

SFTP, in contrast, seems to be something that works much more reliably. That said, the PECL ssh2 extension, itself, isn't often installed, in my experience. I've maintained webpages for a university and a state government agency and, in both cases, the servers could only be connected to via SFTP but the available PHP extensions were rather sparse and the ssh2 PECL extension was not among them. In my experience, actually, those most likely to require the use SFTP are also those least likely to have feature packed servers. For these people, a pure-PHP implementation of SFTP would be nice and phpseclib provides that:

http://phpseclib.sourceforge.net/

phpseclib is GPL compatible, as well, per this:

http://drupal.org/node/609592

As such, including it into Drupal's sources shouldn't be a problem.

Comments

I agree, the support of ssh on hosting orgs is all over the place. This could end up being a huge headache when it fails on hosting org X and Y differently.

I agree as well. The PECL SSH extension doesn't even work on PHP 5.3:

http://core.trac.wordpress.org/ticket/10348#comment:10
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=569119
http://pecl.php.net/bugs/bug.php?id=16727

Even on the versions it does work on it doesn't work very well:

https://bugs.launchpad.net/ubuntu/+source/php-ssh2/+bug/501959

And what if, six months from now, the PECL SSH extension is fixed? Do you really want to use an extension that takes a year to be updated just to /work/ with the latest version of PHP? Of course, that assuming it even does get updated, and I wouldn't count on that.

On top of that, the pure PHP implementation is just plain faster:

http://kevin.vanzonneveld.net/techblog/article/make_ssh_connections_with...

+1. It sounds like support for SSH is going to be so spotty that maybe it would be better to not include it at all. Meanwhile, is it too late to work in SFTP support instead?