All, How bad (or good) an idea would it be to utilize SSH tunnels from my sensor gathering remote computers (imagine an "industrial" Raspberry Pi-like device w/ Linux) to my centralized server (also Linux) that ingests the sensor data?
SSL certificate management can be a real pain and SSH is already required for our remote maintenance operations. Therefore it seems that extending SSH to provide tunnels to secure our two-way sensor to server comms would be a reasonable approach... or not?
We could have hundreds to potentially 'low' thousands of these machines connecting across our corporate LAN which will consist of a VPN segment to a telecom provider's private APN for the cellular connectivity leg. I'd expect resource utilization could be the biggest challenge at some point for the server, as there are probably a number of proxy solutions for managing SSL/TLS connections while SSH... probably not. What else should I be considering?
I'd be interested in hearing the experts opinions on the pros/cons of utilizing SSH tunnels for securing the comms between many remote "field" devices and a centralized server.
The data would be submitted every few minutes (let's use 5 minutes as an example) so it likely makes sense to keep the tunnels persistently open to avoid constant key exchanges and the associated processing costs and bandwidth overhead.