Secure Shell (SSH) is a cryptographic network protocol used to securely access and manage devices, servers, and systems over an unsecured network. Originally designed to replace insecure protocols like Telnet and rlogin, SSH provides encrypted communication for command-line access, remote administration, file transfers, and tunneling of other protocols. SSH operates over TCP and uses public-key cryptography to authenticate users and establish secure, encrypted sessions between clients and servers.
SSH is one of the most widely used protocols in both IT and OT environments for remote administration, configuration management, and secure data exchange. Its encryption mechanisms prevent eavesdropping, session hijacking, and credential theft making it a foundational protocol for secure operations.
In critical infrastructure sectors, SSH is often used to interact with industrial control systems (ICS), field devices, or Linux-based servers. However, unmanaged SSH usage can pose serious security risks. Hardcoded credentials, lack of session oversight, or unrestricted access can lead to compliance violations, lateral movement, and system compromise.
SSH access is explicitly addressed in compliance mandates like IEC 62443, NERC CIP, and TSA SD02E, which require strong authentication, encrypted communications, and full session accountability. Without proper governance, SSH can become an invisible backdoor into critical infrastructure.
Xona governs and secures SSH access through its disconnected access architecture, ensuring users never directly connect to OT systems, even when accessing them via SSH. All SSH sessions are proxied through Xona’s hardened gateway, enforcing protocol isolation, credential injection, and real-time session control.
Users connect via a browser-based interface without needing local SSH clients or plugins. Behind the scenes, Xona authenticates the user (via Active Directory, SAML, or LDAP), injects credentials securely, and logs every command and session interaction. This removes the burden of managing SSH keys or exposing credentials to end users.
Additionally, Xona supports role-based and time-based access controls, session recording, and administrator oversight, making SSH access fully auditable and compliant with standards like NERC CIP-003, IEC 62443, and Saudi OTCC-1:2022. Whether used by internal engineers, third-party vendors, or OEM technicians, SSH sessions through Xona are secure, observable, and tightly controlled.