The following series of events help protect the integrity of SSH communication between two hosts.
First, a secure transport layer is created so that the client knows it is communicating with the correct server. Then, the communication is encrypted between the client and server using a symmetric cipher.
With a encrypted connection to the server in place, the client safely authenticates itself to the server without sending information in plain text.
Finally, with the client authenticated to the server, several different services can be safely and securely used through the connection, such as an interactive shell session, X11 applications, and tunneled TCP/IP ports.