I wonder, why SSH is in the Session Layer of Model OSI, but HTTP is in the Application Layer?
as I see it, both are working over TCP/IP communication so why discriminate the two protocols to two different layers?
HTTP does not care what way it is sent, it simly consists of text, which can then be parsed by an application "speaking" HTTP, whereas SSH creates a "virtal connection" (session) over an existing network and allows higher-level protocolls (like HTTP) to pass more securely