TheSSHServerBasics·Chapter7 143 SSH_MSG_USERAUTH_SUCCESS: If the authentication was successful; SSH_MSG_USERAUTH_FAILURE: If the authentication was not successful; SSH_MSG_USERAUTH_PASSWD_CHANGEREQ: If the user password is expired. In this case, the authentication could be rejected. Let's analyze the "host based" authentication request. Some sites could enable an authentication based on the host and the user existing in the remote host. This type of authentication is not suitable for systems where a high security control is required, but could be useful in other operating environments. The implementation of this method is optional and if it is the preferred one, it is necessary to check that the user does not get the private key of the host used. This method requires the client to send a signature generated with the host private key which, in turn, will be checked by the server. The authentication is accepted once the host identity has been validated. When possible, it is useful that the server perform new checks in order to verify the client's identity. For the correct operation of this method, sometimes it is necessary to change the firewall rules. SSH Transport Layer Protocol The transport layer is defined as a secure and low-level protocol. The main operation is to provide services of strong cryptography, data integrity protection, and security within the password authentication method. The authentication method implemented at this level is host-based and does not require any action by the user. The protocol was designed to be easy and flexible and to enable the parameter