424201 – Support interactive logins (2-step validation) for SFTP

Bug 424201 - Support interactive logins (2-step validation) for SFTP

Summary: Support interactive logins (2-step validation) for SFTP

Status:	REPORTED

Alias:	None

Product:	kio-extras
Classification:	Frameworks and Libraries
Component:	SFTP (show other bugs)
Version:	unspecified
Platform:	Other Linux

Importance:	NOR wishlist
Target Milestone:	---
Assignee:	Plasma Bugs List

URL:
Keywords:

Depends on:
Blocks:

Reported:	2020-07-14 17:03 UTC by Vladimir
Modified:	2020-09-06 16:15 UTC (History)
CC List:	2 users (show)

See Also:
Latest Commit:
Version Fixed In:
Sentry Crash Report:

Attachments
Add an attachment

Note You need to log in before you can comment on or make changes to this bug.

Description Vladimir 2020-07-14 17:03:39 UTC

SUMMARY
Nowadays opening a sftp://url may require Duo or Google Auth to proceed, however Dolphin will not provide a way to complete the interactive login challenge

STEPS TO REPRODUCE
1. Open a sftp://url that requires DUO

OBSERVED RESULT
Receive "Authentication failed." message in Dolphin

EXPECTED RESULT
Prompt with interactive message and an input box to provide the answer

SOFTWARE/OS VERSIONS
Operating System: Kubuntu 20.04
KDE Plasma Version: 5.18.5
KDE Frameworks Version: 5.68.0
Qt Version: 5.12.8
Kernel Version: 5.7.7-050707-generic
OS Type: 64-bit
Processors: 4 × Intel® Core™ i5-3210M CPU @ 2.50GHz
Memory: 15.5 GiB of RAM

Comment 1 Harald Sitter 2020-07-24 13:01:30 UTC

Please provide instructions for how to set up an sftp server for this.

Comment 2 Vladimir 2020-07-24 13:43:53 UTC

Thank you for reading this bug.

The full setup instructions can be consulted here: https://duo.com/docs/duounix

A simpler way to test this may be with a passphrase protected key I believe? as it's kind of the same issue (interactive login)

Comment 3 Harald Sitter 2020-07-24 14:12:03 UTC

I'm not sure how that can be viably implemented. One dolphin tab may be backed by more than one connection. Connections are closed and opened as required. For password auth that's not a problem because the password gets cached and so long as it doesn't change server-side there's no new auth request until the user logs out. Second factor auth tokens do change though so one would get flooded by auth requests every time a connection is opened or re-opened.

Comment 4 Vladimir 2020-07-24 16:08:00 UTC

I'm not sure about the internals of Dolphin but maybe a flag can be implemented to identify connections that must be kept open/alive until the tab dies?

Comment 5 Harald Sitter 2020-07-27 10:05:08 UTC

Alas, that'd would not help with multiple connections causing multiple auth requests and we need multiple connections as otherwise a file copy would prevent you from browsing the remote.

Not to mention that keeping multiple connections open forever is questionable from a resource POV as there is a cost associated with each connection.

Comment 6 Vladimir 2020-09-06 16:15:08 UTC

I think your concerns are valid.

For now, in the absence of a better solution from my side I'll leave this workaround for those who come around this thread:

https://help.duo.com/s/article/4038?language=en_US

Basically, it's to disable DUO for sftp-only connections.

Thank you for your time on reviewing this report!