Bug 515737

Summary: Unable to (increase security) bind krdpserver to specific interfaces / IP addresses (E.G. 'localhost' for SSH required access)
Product: [Applications] systemsettings Reporter: Michael <mjevans1983>
Component: kcm_krdpserverAssignee: Plasma Bugs List <plasma-bugs-null>
Status: REPORTED ---    
Severity: normal CC: ahiemstra, akselmo
Priority: NOR    
Version First Reported In: 6.5.5   
Target Milestone: ---   
Platform: Arch Linux   
OS: Linux   
Latest Commit: Version Fixed/Implemented In:
Sentry Crash Report:

Description Michael 2026-02-08 19:21:22 UTC 
This is a bit of a security bug, since enabling krdpserver via System Settings results in a system with exposed network login.  Greatly reduced security relative to the option of exposing such a service only to users who have already used OTHER mechanisms to reach the computer in a more strongly authenticated fashion.  Examples include SSH keys, TLS certified clients, etc.

Unable to bind krdpserver to specific interfaces / IP addresses (E.G. 'localhost' for SSH required access).

This is a regression compared to the security model of running a vnc server to share an existing X session, but binding that to localhost and utilizing both the strong security tunnel and authentication mechanisms afforded there with an access passpharse.

Operating System: Arch Linux 
KDE Plasma Version: 6.5.5
KDE Frameworks Version: 6.22.0
Qt Version: 6.10.2
Kernel Version: 6.18.7-arch1-1 (64-bit)
Graphics Platform: Wayland

Expected result:

In addition to allow-listing users who can login over RDP:
Allow-list interfaces (default to every IP it has)
Allow-list specific IPs / possibly 'match these IP ranges' (/32 and /128 would be single host -- on a wildcard or specific interface)