Bug 515737 - Unable to (increase security) bind krdpserver to specific interfaces / IP addresses (E.G. 'localhost' for SSH required access)
Summary: Unable to (increase security) bind krdpserver to specific interfaces / IP add...
Status: REPORTED
Alias: None
Product: systemsettings
Classification: Applications
Component: kcm_krdpserver (other bugs)
Version First Reported In: 6.5.5
Platform: Arch Linux Linux
: NOR normal
Target Milestone: ---
Assignee: Plasma Bugs List
URL:
Keywords:
Depends on:
Blocks:
 
Reported: 2026-02-08 19:21 UTC by Michael
Modified: 2026-02-08 19:21 UTC (History)
2 users (show)

See Also:
Latest Commit:
Version Fixed/Implemented In:
Sentry Crash Report:

Attachments
Add an attachment

Note You need to log in before you can comment on or make changes to this bug.
Description Michael 2026-02-08 19:21:22 UTC 
This is a bit of a security bug, since enabling krdpserver via System Settings results in a system with exposed network login.  Greatly reduced security relative to the option of exposing such a service only to users who have already used OTHER mechanisms to reach the computer in a more strongly authenticated fashion.  Examples include SSH keys, TLS certified clients, etc.

Unable to bind krdpserver to specific interfaces / IP addresses (E.G. 'localhost' for SSH required access).

This is a regression compared to the security model of running a vnc server to share an existing X session, but binding that to localhost and utilizing both the strong security tunnel and authentication mechanisms afforded there with an access passpharse.

Operating System: Arch Linux 
KDE Plasma Version: 6.5.5
KDE Frameworks Version: 6.22.0
Qt Version: 6.10.2
Kernel Version: 6.18.7-arch1-1 (64-bit)
Graphics Platform: Wayland

Expected result:

In addition to allow-listing users who can login over RDP:
Allow-list interfaces (default to every IP it has)
Allow-list specific IPs / possibly 'match these IP ranges' (/32 and /128 would be single host -- on a wildcard or specific interface)