The part of "running a SSH server that you wrote in PHP in production" that is scary is not the "in PHP" part.
It's the "that you wrote" part.
No matter what language you write it in, you are going to mess something up. The OpenSSH guys have messed up working a lot smarter and more diligently and with more time than you have.
This is so very true, OpenSSH is probably one of the most secure pieces of software around. It has extremely high value to attackers, yet has had extremely few remote security holes in its lifetime.
They've invested years and many talented people in developing such a piece of software.
If you want to write your own ssh server in php, you should probably consider your motivation and how you can re-use their code or operate through it instead if your purpose if anything other than experimentation.
You shouldn't be using OpenSSL unless you are an expert in crypto and software development. It's not easy to use and it shouldn't be.
I can't say those difficulties he had in using the library were put there on purpose to keep people like him out, but it seems to be a good effect here.
It's the "that you wrote" part.
No matter what language you write it in, you are going to mess something up. The OpenSSH guys have messed up working a lot smarter and more diligently and with more time than you have.