OpenSSH, like many programs, uses TCP (Transmission Control Protocol) to connect to a remote host. TCP performs what is known as a three-way handshake to negotiate the connection from a client to a server. This sequence, described below, is usually hidden from the end user and happens automatically, however it is included here as a reference and to help explain what happens at a low level with TCP-aware applications such as OpenSSH:
First, the client creates and sends a SYN (Synchronization) packet to the server (usually on port 22, the default SSH port) to announce its intention to build a data connection.
Next, the server, having seen the SYN packet from the client, will acknowledge it (with an ACK packet) and send this ACK packet, as well a SYN packet initiated by the server, back to the client.
The client will then acknowledge the server's SYN packet with another ACK packet.
At this point, a two-way communication channel is established and further data can flow between the hosts.
The diagram provided below illustrates this process.
