Demo bytes: SSH for Azure Arc | Storage Replica

it's not actually a Win32-OpenSSH feature request, but a minor fix in mstsc.exe that I've been trying to get the RDP team to do for several years. Putting aside the need for KDC proxying if the new IAKerb feature is available to provide the KDC line-of-sight, any kind of TCP tunnel like SSH tunneling will break Kerberos because of the usage of "localhost" instead of the proper target FQDN. There's an internal option to explicitly provide a destination server name different from the connection hostname (your localhost SSH tunnel), but it is currently only used for RD Gateway connections. I have exposed the required "UserSpecifiedServerName" option through API hooking in MsRdpEx: https://github.com/Devolutions/MsRdpEx TL;DR: I know exactly how to make this work, it's actually really simple and I'd be happy to help you do it. There's a minor fix Microsoft could do in mstsc, but since I've been unable to get any movement on that front for years, we're using API hooking to expose what's needed to make Kerberos work for our customers through a solution similar to SSH tunneling. In our case, we don't use IAKerb but a KDC proxy which we also inject dynamically into mstsc using our API hooking, as there are a couple of other limitations that would be trivial to fix in the source we needed to work around.