The Secure Shell daemon (sshd) is normally started at boot time when network services are started. The daemon listens for connections from clients. A Secure Shell session begins when the user runs an ssh, scp, or sftp command. A new sshd daemon is forked for each incoming connection. The forked daemons handle key exchange, encryption, authentication, command execution, and data exchange with the client. These session characteristics are determined by client-side configuration files and server-side configuration files. Command-line arguments can override the settings in the configuration files.
The client and server must authenticate themselves to each other. After successful authentication, the user can execute commands remotely and copy data between hosts.