Password Authentication
Password authentication in Traversio and its practical limits.
Public Method
Traversio exposes password authentication through:
.password(String)This is the simplest authentication path in the public API.
End-to-End Example
import Traversio
@available(macOS 26.0, iOS 26.0, *)
func connectWithPassword(secret: String) async throws {
let configuration = SSHClientConfiguration(
host: "example.com",
username: "deploy",
authentication: .password(secret),
hostKeyPolicy: .knownHostsFile("/Users/me/.ssh/known_hosts")
)
try await SSHClient.withConnection(configuration: configuration) { connection in
let result = try await connection.execute("whoami")
print(String(decoding: result.standardOutput, as: UTF8.self))
}
}Request Flow
For the password path, Traversio:
- requests the
ssh-userauthservice - sends the SSH
passwordauth request - collects banners if the server sends them
- returns success or failure through the connection API
If the server asks for a password change, Traversio surfaces SSHClientError.passwordChangeRequired(prompt:).
Other connection-setup failures surface through
SSHClientError.connectionFailed(...), which includes the failing stage plus
transport / negotiation diagnostics when available.
Good Fits
- simple admin or automation environments where password auth is already expected
- first bring-up while host-trust and command execution are the main things you want to validate
- compatibility situations where key-based auth is not available yet
Limits
The password path is public and tested, with a focused scope:
- no built-in secret storage
- no retry helper or interactive prompt UI
- no richer password-change workflow yet beyond surfacing the error
- no claim yet that this path has the final production error model
If you need a challenge-response flow driven by multiple prompts, use Keyboard-Interactive Authentication.