The steps in the authentication process for Secure Shell are as follows:
1. The user runs the ssh, scp, or sftp command.
2. The client and server agree on a shared session key.
In v1, the remote host sends its host (RSA) key and a server
(RSA) key to the client.
Note that the server key is typically generated every hour and stored in memory
only. The client checks that the remote host key is stored in the
$HOME/.ssh/known_hosts file on the local host. The client then generates a 256
bit random number and encrypts it with the remote hostís host key and server key.
The encrypted random number is used as a session key to encrypt all further
communications in the session.
In v2, the remote host uses DSA in its host key and does not generate a server key.
Instead, the shared session key is derived through a Diffie-Hellman agreement.
3. The local and remote hosts authenticate each other.
In v1, the client can use .rhosts, .rhosts with RSA, RSA challenge-response, or
password-based authentication. In v2, only .rhosts, DSA, and password-based
authentication are permitted.