After a user has logged in successfully, sshd performs the following activities:

1. Depending on whether the user has logged in on a user terminal (tty), sshd proceeds as follows:

   • If the user has logged in on a tty and has not entered a command, sshd outputs the time of the last login and the contents of the /etc/motd file. However, a prerequisite here is that the output was not suppressed by means of an option in the sshd configuration file or by means of $HOME/.hushlogin.

   • If the user has logged in on a tty, sshd logs the time of the login.

2. sshd checks whether the /etc/nologin file exists. If the file exists, sshd prints out its contents. If the user who logs in does not have root authorization, sshd terminates.

3. sshd switches to execution mode with normal user privileges.

4. sshd sets up a basic runtime environment.

5. sshd reads the $HOME/.ssh/environment file if this exists and users are permitted to set their environment variables. For information on this see the PermitUserEnvironment option in the sshd configuration file.

6. sshd switches to the user’s home directory.

7. If the client is operating in an X11 environment and transfers a valid $DISPLAY variable,

   • the user-specific command $HOME/.ssh/rc is called, the X11 authentication parameters being transferred via stdin, or

   • the global xauth program is called. As no X11 environment is available for POSIX, this call fails.

8. sshd executes the user shell or the user command.