When the server is started, it begins to listen to a port for a socket. The default port is 22, a well-known port for Secure Shell. This can be changed to suit any custom environment—however, make sure that no other process is using the port you are planning to use.
The Secure Shell daemon can also be started from the Internet daemon inetd. For the purpose of this text, it is assumed that sshd2 is not invoked through inetd but started on its own.
When the daemon is listening for a socket, it waits until a client initiates a socket connection. Once connected, the daemon forks a child process, which in turn initiates key exchange with the client. The child process handles the actual connection with the client, including authentication, supported cipher negotiation, encrypted data transfer, and termination of the connection. After the connection has been terminated, the child process terminates as well. The parent process continues listening for other connections until explicitly stopped.