Trying to use Putty as a service in 2.7 fails with error "X11 forwarding services are not permitted"

Document ID : KB000004444
Last Modified Date : 14/02/2018
Show Technical Document Details
Issue:

We have defined putty as a TCP/UDP service and we are trying to connect in our appliance

However, this is not possible, as every time we are getting: X11 forwarding services are not permitted

This was not the case in version 2.6.X Why is that and how can this be solved ?

Environment:
CA PAM 2.7
Cause:

When establishing an ssh connection to a remote machine it is possible to specify that this is done with X11 forwarding, which will enable X11 traffic to be passed back to the local server acting as an X11 server.

In version 2.7 a couple of checkboxes to this effect have been added to the appllication, in the access method section under the Device screen

Putty_config [3].jpg

 And also in the Service Definition under the TCP/UDP service screen

Putty_config [2].jpg

To be able to successfully log in to the remote PAM appliance, the actual choice in the service definition needs to be in agreement with the setting for the default configuration of the Putty (or whatever ssh client application) you are using to connect to the remote machine as a service. That is, for instance, in the case of Putty, if X11 is checked for the TCP/UDP service, you would have to have as the "Enable X11 forwarding" checked or unchecked for Default Settings 

 

Putty_config.jpg

In case the "Enable X11 forwarding" checkbox is not configured for the Default Settings in Putty, the choice in the TCP/UDP service under PAM does not cause the error to appear 

 

Resolution:

Make sure that there is no conflict between the X11 setting enabled in the default Putty/SSH client configuration and that in the TCP/UDP PAM service