SSH provides authentication methods for both the server (host) and the client (user). It should be obvious why the server must authenticate the client. The server wants to only provide access to authorized users. Otherwise, anyone could take over the server.
However, the client also needs to authenticate the server. If the client fails to authenticate the server properly, then the client could be tricked into sending its password to an impostor!
In SSH, servers are authenticated using public key encryption. Conceptually, this is very similar to how HTTPS provides server authentication. However, SSH doesn't typically rely on certificate authorities. Instead, when using SSH, most clients simply keep a list of the public keys (or hashes of the public keys) that they trust. How the clients obtain this list in the first place varies. Generally, if a client connects to a server under trusted circumstances, then it can trust that public key in the future too.
libssh implements features to remember trusted servers' public keys. In this way, once a server has been connected to and trusted once, libssh remembers that it's trusted in the future.
Some SSH deployments also use other methods to validate SSH hosts' public keys. For example, a Secure Shell fingerprint (SSHFP) record is a type of DNS record used to validate SSH public keys. Its use requires secure DNS access.
Regardless of how you decide to trust (or not trust) a server's public key, you'll need to obtain the server's public key in the first place. Let's look at how libssh provides access to the server authentication functionality.