OpenSSH

State machine with permitted requests.
The monitor terminates if it receives a forbidden request.

Pre-Authentication Phase:
Informational requests for /etc/moduli to get parameters for Diffie-Hellman Group Exchange.
Authenticated Key Exchange: Obtains server signature via informational request.
User Validation:  Determines if user is allowed to login.  Informational request.
Password Authentication: Informational request so that monitor checks password database and returns success or not.
On success, pre-authentication phase ends.
Public Key Authentication: Informational request to monitor for a challenge.  Monitor checks response.
On success, pre-authentication phase ends.