As soon as the OpenSSH server has accepted the user’s identity, the server either executes the current command on the remote computer or it makes the remote computer’s normal shell available to the user. Here all communication with the remotely executed command or the remote shell is automatically encrypted.
A distinction must be made between the following cases:
If no pseudo-terminal (pseudo-tty) was assigned, the session is transparent and can be used for the secure transfer of binary data.
If a pseudo-terminal (pseudo-tty) was assigned (normal login), the user can use escape characters (see the next section “Escape characters”).
On most systems disabling the escape characters leads to a transparent session even if a pseudo-tty is used. (Use of escape characters is controlled using the EscapeChar option in the client configuration file ssh_config (see "Configuring the OpenSSH client ssh").)
The session is terminated when command execution or the shell on the remote computer is terminated and all TCP/IP connections have been terminated. The exit status of the program executed remotely is returned as the exit status of ssh.