The following series of events helps protect the integrity of SSH communication between two hosts.
First, a secure transport layer is created so that the client knows that it is communicating with the correct server. Then, the communication is encrypted between the client and server using a symmetric cipher.
With a secure connection to the server in place, the client authenticates itself to the server without worrying that the authentication information may be compromised.
Finally, with the client authenticated to the server, several different services can be safely and securely used through the connection, such as an interactive shell session, X11 applications, and tunneled TCP/IP ports.