SSH password authentication is a form of shared-secret authentication,
if I understand correctly. This means that the SSH client and server
convince each other that they both know a shared secret--the
password--before allowing the connection to proceed.

Given that UNIX/Linux systems don't store passwords, but
one-way-encrypted password hashes, this means the shared secret is
actually the password hash, not the unencrypted password itself. It
cannot be the unencrypted password, because the server cannot determine
what that is.

This has implications for system security. Imagine if someone were to
steal a copy of your server's shadow and password files. Even if you
chose good passwords which resisted a dictionary attack, they can still
use a suitably hacked SSH client, which lets them directly enter the
password hash rather than the original password, to log into your system.