Ssh port forwarding error

I have two Linux servers and one Mac client, and I would like to do SSH port forwarding via local port address on the Mac.

In Terminal 1 on the Mac,

localhost:~ user1$ ssh -L 8022:server2:22 server1

and from Terminal 2 on the same Mac

localhost:~ user1$ scp -P 8022 0.0.0.0:file .

works OK. But if I use another account user2 on the Mac,

localhost:~ user2$ ssh -L 8022:user1@server2:22 user1@server1

I get the following error on Terminal 2.

localhost:~ user1$ scp -P 8022 0.0.0.0:file .
ssh_exchange_identification: Connection closed by remote host

At the same time, another error message appears in Terminal 1.

channel 3: open failed: administratively prohibited: open failed

Either user1 or user2 does not have any special port forwarding settings in /etc/sshd_config, /etc/ssh_config, or ~/.ssh/config. Both users have access for SSH login to the Mac (i.e., in "Remote Login" panel of System Preference, these users are in the white list).

I don't see any message in /var/log/system.log.

Which configuration should I check? I use OS X Yosemite.

Here is the verbose output of the scp command.

Executing: program /usr/bin/ssh host 0.0.0.0, user (unspecified), command scp -v -f file
OpenSSH_6.2p2, OSSLShim 0.9.8r 8 Dec 2011
debug1: Reading configuration data /etc/ssh_config
debug1: /etc/ssh_config line 20: Applying options for *
debug1: /etc/ssh_config line 102: Applying options for *
debug1: Connecting to 0.0.0.0 [0.0.0.0] port 8022.
debug1: Connection established.
debug1: identity file /Users/cta/.ssh/id_rsa type -1
debug1: identity file /Users/cta/.ssh/id_rsa-cert type -1
debug1: identity file /Users/cta/.ssh/id_dsa type -1
debug1: identity file /Users/cta/.ssh/id_dsa-cert type -1
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_6.2
ssh_exchange_identification: Connection closed by remote host