What is SSH?
SSH stands for Secure Shell and is an encrypted network protocol that allows users to log in to systems remotely in a secure way. SSH is widely used for command-line management, file transfer, and tunnels between systems over insecure networks such as the internet.
In OT environments, SSH is mainly used for management of Linux-based devices, Firewalls, Bastion Hosts, or industrial servers.
🧠 How does SSH work?
- Connection initiation
- The client connects to an SSH server on port 22
- Authentication
- Using username + password or a public/private key pair
- Encrypted session
- All communication is secured with asymmetric encryption (e.g. RSA, ECDSA)
Use cases:
- Remote CLI access
- SCP or SFTP for secure file transfer
- Port forwarding / tunnels to internal OT systems
- Session management via Bastion Host or Jump Server
SSH is a core component of secure remote access in a Zero Trust OT architecture.
🏭 SSH in industrial networks
- Management of industrial Linux devices (e.g. edge gateways, firewalls, log servers)
- Remote access to Historian, Engineering Station, or SIEM log servers
- Bastion Host with SSH access as a stepping stone to internal assets
- SSH key management for secure access without passwords
- Logging and session auditing via SIEM or Security Monitoring
Note: some legacy OT devices have insecure or hard-coded SSH implementations — restrict or replace where necessary.
🔍 SSH vs. Telnet vs. RDP
| Protocol | Encrypted | Interface | Use in OT |
|---|---|---|---|
| SSH | ✅ Yes | Command line (CLI) | Management of Linux/firewall-like devices |
| Telnet | ❌ No | Command line (clear text) | Avoid — insecure |
| RDP | ✅ Yes | Graphical (GUI) | Access to Windows-based systems |
🔐 Security aspects
- Always use key-based authentication with a passphrase
- Disable root login via SSH
- Restrict SSH access via Firewall rules and IP whitelisting
- Log all sessions and management activity via SIEM
- Use port knocking or a Bastion Host for access from external networks
- Periodic rotation of SSH keys is required by compliance standards such as IEC 62443, ISO 27001
SSH is powerful but requires good key management and access control to prevent misuse.
📌 In summary
SSH is a secure, flexible protocol for remote management and access to OT and IT systems. In OT, it is a standard component for secure communication with edge devices, Firewalls, and servers — provided it is managed properly.