SSH Exploitation Theory
Two effects of SSH is terminal access and SFTP access, which can be used to send and recieve data. When you connect into either SSH/SFTP its going to be a direct established connection; so what if you're connecting an infected SSH server it just happens to have some kind of script that opens an SFTP connection to you using the current connection, checks system info such as Operating System and Client being used. From there with the SFTP connection being masked you wouldn't be able to tell if it pushes files onto your computer, so if it did this it could place them into wherever the system startup files are located so that they are booted aswell on boot. But what if it could get more complicated than that and somehow exploit your system using a current ssh session to send reverse commands; err to make more sense of that to instead run the malicious files on your computer.
I try to get a little more in depth at the above link, so maybe you can understand a bit better.