SSH protocol version 2
     When a user connects using protocol version 2, similar authentication
     methods are available.  Using the default values for
     PreferredAuthentications, the client will try to authenticate first using
     the hostbased method; if this method fails, public key authentication is
     attempted, and finally if this method fails, keyboard-interactive and
     password authentication are tried.
 
     The public key method is similar to RSA authentication described in the
     previous section and allows the RSA or DSA algorithm to be used: The
     client uses his private key, $HOME/.ssh/id_dsa or $HOME/.ssh/id_rsa, to
     sign the session identifier and sends the result to the server.  The
     server checks whether the matching public key is listed in
     $HOME/.ssh/authorized_keys and grants access if both the key is found and
     the signature is correct.  The session identifier is derived from a
     shared Diffie-Hellman value and is only known to the client and the
     server.