In this work, a set of best practices are investigated for the identification of encrypted traffic where SSH is taken as the example application for a case study. Different feature sets are evaluated to assess the generalization of machine learning based traffic identification. Traffic identification is performed without using payload information, IP addresses, and source/destination ports.