Kerberos over RDP through ssh tunnel
Hi,
is it possible to authentificate RDP connections via Kerberos through SSH Tunnel.
We are using a lot of SSH Tunnels with RDP, HTTPS and SSH itself for Sites and secure Networks.
Therefore we made a Hardend Linux VM Template for VMware and Hyper-V to easly deploy a lightweight VM for SSH tunneling.
This works fine, but as we want to raise the Security on Windows Systems, NTLM isn´t possbile (Protected Users group).
Is there a way to configure Kerberos Authentification in RDM or make a Feature Request to solve this issue?
I already saw some configuration options for KDC for Devolutions Gateway, but it isn´t usable with SSH Tunnels.
thx Benjamin
All Comments (1)
Hi,
Unfortunately, there is no easy way to tunnel Kerberos alongside RDP when using an SSH tunnel. KDC proxying requires an HTTPS service with certificate validation. Since Devolutions Gateway exposes HTTPS externally, it wasn't too much trouble to implement the KDC proxying protocol, but with an SSH tunnel, you can only do simple port forwarding and SOCKS proxying. We don't really have a good solution to make Kerberos work for RDP connections made through an SSH tunnel because of this, so the best I could recommend is replacing your SSH tunnel solution with Devolutions Gateway. They're functional equivalents, except with much better built-in integration in Remote Desktop Manager.
Best regards,
Marc-André Moreau