[dolphin] [Bug 503936] New: Premature SFTP connections during username/address entry

Brendon Higgins bugzilla_noreply at kde.org
Thu May 8 18:52:57 BST 2025 

https://bugs.kde.org/show_bug.cgi?id=503936

            Bug ID: 503936
           Summary: Premature SFTP connections during username/address
                    entry
    Classification: Applications
           Product: dolphin
           Version: 25.04.0
          Platform: Debian testing
                OS: Linux
            Status: REPORTED
          Severity: normal
          Priority: NOR
         Component: bars: location
          Assignee: dolphin-bugs-null at kde.org
          Reporter: brendon at quantumfurball.net
                CC: kfm-devel at kde.org
  Target Milestone: ---

SUMMARY

Dolphin prematurely attempts to connect to SFTP server for each value of the
address field while the user is in the process of editing it. For example (and
how I noticed), I had an SFTP address loaded but realized I wanted to log in
under a different user, so I selected the username (preceding "@" in the URL),
typed the new username, and pressed enter.

By then the server had blocked my IP address because of too many failed login
attempts (it's using fail2ban). I was able to check the auth.log file
afterwards, and it had this sort of thing logged from the sshd process:
Invalid user s from XX.XX.XX.XX port 53XXX
Invalid user sh from XX.XX.XX.XX port 53XXX
error: maximum authentication attempts exceeded for invalid user s from
XX.XX.XX.XX port 53XXX ssh2 [preauth]
Invalid user sha from XX.XX.XX.XX port 53XXX
Invalid user shar from XX.XX.XX.XX port 53XXX
...

Is this maybe triggered by a path completion feature being too eager?

STEPS TO REPRODUCE
1. Connect to SFTP server.
2. Edit user name in address bar.

OBSERVED RESULT

Observe logs of each keypress causing a login attempt on the server. Or a
temporary ban, depending on how the server is configured.

EXPECTED RESULT

No such spurious attempts in the server log, no temp ban. I would think Dolphin
should wait until the URL (or at least the username+domain part?) is
complete/ENTER is pressed before attempting to log in.

SOFTWARE/OS VERSIONS
Operating System: Debian GNU/Linux 
KDE Plasma Version: 6.3.4
KDE Frameworks Version: 6.13.0
Qt Version: 6.8.2
Kernel Version: 6.12.25-amd64 (64-bit)
Graphics Platform: X11
Processors: 16 × AMD Ryzen 7 3700X 8-Core Processor
Memory: 31.3 GiB of RAM
Graphics Processor: AMD Radeon RX 570 Series

-- 
You are receiving this mail because:
You are on the CC list for the bug.

More information about the kfm-devel mailing list