I have two Linux servers and one Mac client, and I would like to do SSH port forwarding via local port address on the Mac.
In Terminal 1 on the Mac,
localhost:~ user1$ ssh -L 8022:server2:22 server1
and from Terminal 2 on the same Mac
localhost:~ user1$ scp -P 8022 0.0.0.0:file .
works OK. But if I use another account user2
on the Mac,
localhost:~ user2$ ssh -L 8022:user1@server2:22 user1@server1
I get the following error on Terminal 2.
localhost:~ user1$ scp -P 8022 0.0.0.0:file .
ssh_exchange_identification: Connection closed by remote host
At the same time, another error message appears in Terminal 1.
channel 3: open failed: administratively prohibited: open failed
Either user1
or user2
does not have any special port forwarding settings in /etc/sshd_config
, /etc/ssh_config
, or ~/.ssh/config
. Both users have access for SSH login to the Mac (i.e., in "Remote Login" panel of System Preference, these users are in the white list).
I don't see any message in /var/log/system.log
.
Which configuration should I check? I use OS X Yosemite.
Here is the verbose output of the scp
command.
Executing: program /usr/bin/ssh host 0.0.0.0, user (unspecified), command scp -v -f file
OpenSSH_6.2p2, OSSLShim 0.9.8r 8 Dec 2011
debug1: Reading configuration data /etc/ssh_config
debug1: /etc/ssh_config line 20: Applying options for *
debug1: /etc/ssh_config line 102: Applying options for *
debug1: Connecting to 0.0.0.0 [0.0.0.0] port 8022.
debug1: Connection established.
debug1: identity file /Users/cta/.ssh/id_rsa type -1
debug1: identity file /Users/cta/.ssh/id_rsa-cert type -1
debug1: identity file /Users/cta/.ssh/id_dsa type -1
debug1: identity file /Users/cta/.ssh/id_dsa-cert type -1
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_6.2
ssh_exchange_identification: Connection closed by remote host
Best Answer
When you initiate port forwarding, you don't specify the user.
You need to specify user in the second command:
That should work fine for you