I've made some more progress with NSsh recently. Password based authentication is now basically complete. The next hurdle is getting public key authentication working - which is not only extremely useful but required by the SSH specification.
Surprisingly the main hurdle is not the task of validating the key that the user sends over for authentication (there are plenty of open source examples for that). Instead the Windows API is causing problems, specifically creating a process for the user.
To create a process for a user a token is required. This token can easily be created using Windows API calls that take a password. However without a password the alternatives are less attractive. If the machine is on a domain it is possible to perform Kerberos authentication using a constructor on the WindowsIdentity class. But, the only other alternative is to use the CreateToken / NtCreateToken functions. As one person puts it:
"It's possible, although it requires you to do a lot of code."
Hmmm, that doesn't sound good.