Trying to use Putty as a service in 2.7 fails with error "X11 forwarding services are not permitted"

book

Article ID: 4444

calendar_today

Updated On:

Products

CA Privileged Access Manager - Cloakware Password Authority (PA) PAM SAFENET LUNA HSM CA Privileged Access Manager (PAM)

Issue/Introduction

We have defined putty as a TCP/UDP service and we are trying to connect in our appliance

However, this is not possible, as every time we are getting: X11 forwarding services are not permitted

This was not the case in version 2.6.X Why is that and how can this be solved ?

Cause

When establishing an ssh connection to a remote machine it is possible to specify that this is done with X11 forwarding, which will enable X11 traffic to be passed back to the local server acting as an X11 server.

In version 2.7 a couple of checkboxes to this effect have been added to the appllication, in the access method section under the Device screen

<Please see attached file for image>

Putty_config [3].jpg

 And also in the Service Definition under the TCP/UDP service screen

<Please see attached file for image>

Putty_config [2].jpg

To be able to successfully log in to the remote PAM appliance, the actual choice in the service definition needs to be in agreement with the setting for the default configuration of the Putty (or whatever ssh client application) you are using to connect to the remote machine as a service. That is, for instance, in the case of Putty, if X11 is checked for the TCP/UDP service, you would have to have as the "Enable X11 forwarding" checked or unchecked for Default Settings 

 

<Please see attached file for image>

Putty_config.jpg

In case the "Enable X11 forwarding" checkbox is not configured for the Default Settings in Putty, the choice in the TCP/UDP service under PAM does not cause the error to appear 

 

Environment

CA PAM 2.7

Resolution

Make sure that there is no conflict between the X11 setting enabled in the default Putty/SSH client configuration and that in the TCP/UDP PAM service

Attachments

1558715664361000004444_sktwi1f5rjvs16twg.jpeg get_app
1558715662457000004444_sktwi1f5rjvs16twf.jpeg get_app
1558715660436000004444_sktwi1f5rjvs16twe.jpeg get_app